Note: This article is out of date and has been archived.
For the latest information, please see article on one time passwords.
Archived Text
Summary
During the consent flow, some consumers did not receive an OTP at the authentication stage. As a result, the consent flow could not be completed.
Details
Some consumers did not receive the OTP despite multiple attempts.
The root cause identified by the DH was that all consumers impacted had the same Customer Id across multiple DH customer profiles. For example, one consumer had their Customer Id associated with their own customer profile and the customer profile of their child.
To resolve, ADRs were provided with details of the workaround so that their support teams could educate consumers regarding the workaround to allow them to receive OTPs and complete the authentication step in the consent flow.
For more details regarding the authentication flow, please refer to: https://consumerdatastandardsaustralia.github.io/standards/#authentication-flows
Impact |
Consumers with the same Customer Id across different customer profiles were unable to receive OTP. |
Workaround |
In the event OTP delivery to the consumer fails, it may be attributed to the lack of uniqueness of the Customer Id used by the DH. |
Participants involved |
ADR & DH |
Comments
0 comments
Please sign in to leave a comment.