In order to avoid locking Credential Sharing end-user accounts by making multiple unsuccessful login attempts, each unique set of wrong credentials enter the Cooldown System for 24 hours.
TrueLayer uses a Cooldown System that is enabled for a particular user when the user attempts to log in with wrong password or memorable information once and the bank returns wrong_credentials.
If user Smith tries to authenticate on Barclays using the following information:
- Membership Number: 1234567890 (correct)
- Last name: Smith (correct)
- Pass code: 12345 (incorrect)
- Memorable word: London (correct)
We will then create a hash of those credentials and put it in the Cooldown System. This means that, if they keep trying with the same wrong credentials, TrueLayer will return wrong_credentials straight away without hitting the bank - and risking locking the account.
If the user Smith above retries with a different pass code we will hit the bank with the new combination again. If that’s correct, then the authentication will be successful.
Keep in mind that any incorrect field in the Auth Dialog could cause wrong_credentials error to happen.
Still having problems?
Contact our Client Care team using the “Submit a request” button for edge cases.