During a VIP Validation when an end-user manually enters a VIP security code from their VIP credential, the encrypted VIP username+VIP security code is sent to the VIP Cloud.

When an end-user is assigned one VIP credential ID:

• The transaction is successful if the security code matches the user's credential ID.
• The transaction fails if an invalid code is used. The credential ID is locked after 10* consecutive attempts to use an invalid security code.
• The credential invalid security code counter resets back to 0 when a valid code is used before the credential is locked.

When an end-user is assigned more than one VIP credential ID:

• The VIP Cloud attempts to match the security code to one of their assigned credentials.
• If a match is found, the transaction is successful.
• If a match is not found, the invalid security code counter for each assigned credential increments by one and the transaction fails. (A credential ID is locked when the invalid security code counter reaches 10*.)
• If a match is found during a subsequent login, the invalid security code counter for the matching credential ID is reset to 0. However, the invalid security code counter for the remaining credentials will remain unchanged until a matching security code is passed.
• In this scenario, non-matching security codes can eventually cause the invalid security code counter for unused credentials to reach 10. 

*This value can be adjusted by a VIP Administrator in the VIP Manager portal. 

Note: A locked credential affects VIP authentications only when it is used during a login attempt.