Limiting Attempts to Add Payment Method in the BriteCore Policyholder Portal
Overview
To enhance security and combat fraud attempts, administrators now have the capability to limit the number of daily attempts to add Payment Method via the BriteCore policyholder portal. This feature allows carriers to set a configurable limit for the number of successful payment method additions per day, with a default limit of 5 attempts. Importantly, only successful payment method additions contribute to the attempt count, ensuring that rejections due to typographical errors do not impact the limit.
Details
The daily attempt limit for adding a payment method is configurable, with a default value of 5 attempts per day. Carriers should contact BriteCore support for assistance with this change, providing the details in the How to setup Payment Method Addition Attempts section below.
Once the attempt limit is reached, the policyholder portal user's account is automatically disabled for security reasons. Manual re-enablement by the carrier's administrator is required to restore the policyholder’s access to their account.
Alert notifications are sent to the carrier when a policyholder portal user's account is disabled. These notifications include details such as the disabled account(s), timestamp, reason for the block, and a direct link to re-enable the user's account.
Actions
Carriers can define actions to take when the quota limit is exceeded. Options include taking no action, blocking add-payment-method actions, or blocking the user entirely from the policyholder portal.
- The duration for which a user's account is blocked is adjustable, with a default duration of 24 hours.
- Email notifications are sent to agents, agencies, or custom email lists configured by the carrier when a user's account is blocked due to exceeding the quota.
- A new carrier-level log is available to track "account-blocked" events, providing visibility into user account blocks.
- Carriers have the ability to manually unblock users directly from the carrier portal.
How to setup Payment Method Addition Attempts:
Submit a Zendesk ticket
- Provide the following details for each setting:
-
payments.add_payment_method_action_duration
-
Duration of applied action (user block, or add-payment-method block) in hours. Note that ‘0’ indicates a permanent block. The default value is 24 hours.
-
-
Add-Payment-Method ALL limit
-
Payments.add_payment_method_all_limit
- Quota for all add-payment-method actions (both successful and unsuccessful). If the user reached that limit, then block action applied. Attempts count resets at US midnight. Note that ‘0’ indicates no limit. The default value is 0.
-
Payments.add_payment_method_all_limit
-
Add-Payment-Method ALL limit
-
Payments.add_payment_method_failure_limit
-
- Quota for failed add-payment-method actions. If the user reached that limit, then block action applied. Attempts count resets at US midnight. Note that ‘0’ indicates no limit. The default value is 0.
-
-
Payments.add_payment_method_success_limit
-
- Quota for successful add-payment-method actions. If the user reached that limit, then block action applied. Attempts count resets at US midnight. Note that ‘0’ indicates no limit. The default value is 0.
-
-
Payments.add_payment_method_limit_action
-
-
Block action that is applied once one of the limits is reached. Lasts for payments.add_payment_method_action_duration hours. Values:
- 'No action' - no block actions on reaching any limit. Note that default value is 'No action'.
- 'Block Add Payment Method' - block add-payment-method ability.
- 'Block Account' - blocks the user (happens immediately on reaching one of limits).
-
Block action that is applied once one of the limits is reached. Lasts for payments.add_payment_method_action_duration hours. Values:
-
-
-
Duration of applied action (user block, or add-payment-method block) in hours. Note that ‘0’ indicates a permanent block. The default value is 24 hours.
- BriteCore will access the BriteCore administrator dashboard.
- Navigate to the payment setting screen
- Configure the daily attempt limit, quota exceed actions, and block duration according to client preferences.
How to manage blocked user accounts:
- Client BriteApps Administrator access BriteApps
- Go to User Action page
- Within the table, search for the ‘User block’ Action.
- Go to Enrolled user page
- The blocked user is highlighted in red
-
Manually re-enable blocked user accounts when necessary by the action button.
- Utilize the email notification log to stay informed about account blocks and take appropriate action.
Note: Enabling this feature enhances the security of the policyholder portal and helps protect against fraudulent activities related to payment method additions.