This document is intended to provide a non-technical audience with an understanding of the Login, Account Access Block
and Inactivity Timer elements in the end-user journey.
Note: For illustrative purposes the Canvas app has been used to demonstrate the end user functionality of the SDK.
About the Login, Account Access Block and Inactivity Timer end-user journeys
The Login to a payment account requires 2 Factor (2FA) Strong Customer Authentication (SCA).
Account Access must be blocked if a customer exceeds a maximum number of failed authentications.
If a customer is inactive in their account for a certain period of time, they will be required to log in again.
Note: The Contis SDK can perform the 2nd factor of SCA for login in a client app, with the 1st factor being performed by the client’s own app and provided to Contis via the API.
Login, Account Access Block and Inactivity Timer workflow
The Login end-user journey
Step 1 – Customer opens the app
Customer opens the Canvas app.
Step 2 – SCA required
2FA SCA is required for the customer to log in. The example shown is Password with Biometrics.
Step 3 – Customer recognised/Not recognised
After the customer performs the SCA, there are two outcomes:
- Success (Recognised) – continue to Step 6 – Login successfully completed.
- Fail (Not recognised) – continue to Step 4 – Retry SCA factor.
Step 4 – Retry SCA factor
If the first attempt at the SCA fails, there are two possible outcomes
- Try again – return to Step 2 – SCA required.
- Fail (maximum attempts exceeded will result in an Account Access Block) – continue to Step
5 – Account Access blocked.
Step 5 – Account Access blocked
After exceeding the maximum number of SCA attempts, the customer is directed to the Account Access
Blocked error screen – instructing them to ring customer services.
Note: Account access block means restricted access to the app – all other functionality, for
example, ATM card and POS transactions are still available.
Step 6 – Login successfully completed
A customer is logged out of their account after a period of inactivity. For clients, an API method lets Contis know when
a customer remains active within the app. Once inactivate after a period of time, the customer will be logged out and
returned to Step 2 – SCA required (in the Login end-user journey).
Account Access blocked
Contis have an API method that allows the client to unblock a customer’s account access for reasons such as exceeding
the maximum authentication attempts e.g. OTP re-entry. The customer will be notified in the app and instructed to call