LG-7305 Make sure ThreatMetrix failure results in disabled account#6817
Merged
LG-7305 Make sure ThreatMetrix failure results in disabled account#6817
Conversation
…Metrix failure results in disabled account
jskinne3
approved these changes
Aug 25, 2022
| :in_person_verification_pending | ||
| elsif threatmetrix_failed_and_needs_review? | ||
| :threatmetrix_review_pending | ||
| end |
Contributor
There was a problem hiding this comment.
I'd like to register my vague discomfort at relying on this function to implicitly return nil. It works of course, and if it's a common pattern in the codebase I don't think it needs to be changed. Just a note that I consider it somewhat nonobvious.
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why: To prevent fraudulent verified profiles by using the lexisnexis threatmetrix API saving those profiles that have not passed threatmetrix in a pending state
threatmetrix_review_pendingso they can be reviewed and potentially enabled by the fraud team.How: Threatmetrix review_status must be 'pass' if threatmetrix is enabled and required via new feature flag
lexisnexis_threatmetrix_required_to_verify. Otherwise the profile will be created in a pending state. If threatmetrix is enabled but not required the threatmetrix backend calls will run and store the results but it will NOT disable the verified profile. Follows from these prs: #6806