Click2Gov PIN Maintenance

Click2Gov for CX PIN Maintenance

Audience	Applications
Project Administrators, Webmasters and Support personnel.	Click2Gov for CX only.
Restrictions
This specification is for use and communication to Sungard Public Sector licensees only. It is covered under the existing Sungard Public Sector license agreement as confidential material and is therefore, not to be communicated to any third party in accord with the covenants of the Sungard Public Sector license agreement. Copyright 2000 - 2008 by Sungard Public Sector, Inc. Confidential. All Rights Reserved

DB2, SecureWay, and AS400 are ® Registered Trademarks of IBM Corporation.

Windows, Windows NT, Windows 2000 and IIS (Internet Information Server) are ® Registered Trademarks of Microsoft Corporation.

Click2Gov must store PINs (Personal Identification Numbers) to ensure privacy in individual account access and provide security for the online payment process. This document discusses the Click2Gov Console PIN Maintenance Utility and its use. A working knowledge of the PIN registration process is assumed. For more information on this, please read the on-line support document Click2Gov for CX User Registration Process.

Click2Gov for CX PIN Maintenance Utility

The Click2Gov for CX PIN Maintenance Utility section of the Click2Gov Core Module Console has two primary functions:

Creating and and updating PINs as needed (PIN Generation).
Reviewing and maintaining customers and their PINs (PIN Maintenance).

PIN Generation

When Click2Gov in first installed, a utility from the Click2Gov Console is run that generates Initial PINs (Personal Identification Numbers) for ALL accounts in the clients CX database.

More specifically, this process compares each account entry in the clients CX database to a new table in Click2Gov. For each entry that exists in CX but doesn't exist in Click2Gov it creates one in Click2Gov and generates a randomized Initial PIN. Two flags are also set on the account:

1)	Has this PIN been changed by the user?	[ Initialized ]	No
2)	Is this account enabled?	[ Enabled ]	No

Note: "ALL accounts" is emphasized in the first sentence above, since at first glance this may not seem necessary. "Why generate PINs for accounts that are historic only," has been a common question. To understand this, you must remember that one of Sungard Public Sector software's strengths is that it is very flexible and user configurable. Many clients use the activity and status settings for utility accounts in different ways. While in one environment an "inactive account" may mean that the account is closed and will never be reopened, to other clients it may simply mean that the end user has their utilities shut off while on an extended vacation. This file uses a very small number of bytes per record and does not impede system performance. Since it is located on the AS400 (as are all files containing customer data) their is no security risk.

PIN Maintenance

A utility is provided in the Click2Gov Console to examine and maintain the status of accounts, PINs and their associated flags. When the PIN Maintenance Button is selected from the Click2Gov Console main screen a page is displayed that asks for the account number that is to be viewed.

Once an account number is entered and the "Get PIN" button is pressed, the data screen for this account is displayed.

This page has several uses as described below.

Reminding Customers of their PINs

If the user has called or emailed that they do not know their PIN, the PIN hint can be given to them to "jog" their memory.
Note: the "Forgot PIN?" feature on the Click2Gov Customer Login page works somewhat differently. Since the email address of the user has been verified prior to account access, selecting "Forgot PIN?" simply emails the PIN, not the PIN Hint, to the customer.

Resetting Accounts

It is not recommended that the PIN itself be given out over the phone or in emails other than the automated ones to the validated email address. Therefore, if the user after receiving the PIN Hint, still cannot remember their PIN, a new Initial PIN can be typed into the PIN field on this page. The "Reset PIN" is then pressed and the account flags will be reset to:

1)	Has this PIN been changed by the user?	[ Initialized ]	No
2)	Is this account enabled?	[ Enabled ]	No

This action forces the user to go through the Account Registration process again letting them assign a new PIN and PIN Hint and provides the security that neither of these piece of information as passed in email or over the telephone..

Changing a Customer's Email Address

For users that want to change their email address, the same "Reset PIN" feature is used. This forces the Login Registration process which in turn, requires that the new account number be validated, thereby eliminating a loophole where the email address is changed to an inaccessible account.

Evaluation of Flag Status

The PIN flags can be used to evaluate some customer account access problems. Flag combinations have the following meaning:

Initialized:	No
Enabled:	No
Situation: This account is in its initial state. As far as Click2Gov can tell, the customer has not attempted signing in at the Click2Gov home page with their initial PIN or they have failed during this initial login process. Another situation that could cause this condition is that the account has been reset at the Click2Gov console and the customer has not attempted a login since that point or has attempted to login with a PIN from before the reset. The most obvious cause is that the customer previously forgot there PIN, requested their account be reset and is now remembering the previous PIN instead of the new Initial PIN or has forgotten the new Initial PIN.
Recommendations: Set the PIN in the account maintenance screen to something the customer can remember and reset the account. Remind the customer that they will need to change the PIN the next time they log in and suggest that they make the PIN and PIN Hint combination something like: PIN Hint: My Dog PIN: Spot This not only helps if they forget their PIN again, but also reinforces memory of the PIN when they create it.

Initialized:	Yes
Enabled:	No
Situation: This customer has gone through the process of changing their initial PIN, but has not enabled their account by responding to the email. This can happen for at least three reasons: The customer lost or deleted the email containing the link to the account enabling page. The customer ignored the link in the email and has gone directly to the Click2Gov account login page. The customer mistyped their email address while changing their Initial PIN and has not received the email.
Recommendations: Give the customer a new Initial PIN, reset their PIN and remind them that a valid working email address is required for Click2Gov access. Also point out that they must respond to the email message they receive by clicking on the link it contains (or by copying it exactly into the address [URL] line of their browser) for their account to be enabled. If this is suddenly happening to a great number of accounts their could be a problem with connectivity between the Click2Gov server and your in-house SMTP email host. In this case, contact your webmaster or system administrator for assistance.

Initialized:	Yes
Enabled:	Yes
Situation: This customer has successfully completed Registering their account and the account is enabled. They should have no problem logging in unless they have forgotten their account.
Recommendations: Give the customer their PIN Hint. Make sure the customer is aware that the PIN is case sensitive and that they have not accidentally pressed the Caps Lock key. If all else fails, give the customer a new PIN and reset their account.

Initialized:	No
Enabled:	Yes
Situation: This situation should not occur.
Recommendation: Give the customer a new PIN and reset their account. If this situation appears on more than one of two accounts, contact Sungard Public Sector Click2Gov Technical Support for assistance.

Changing Accounts

As on the initial PIN Maintenance screen (when no data is present) the console user may enter a different account number and click "Get PIN" to have a different account's information displayed.

This specification is for use and communication to Sungard Public Sector licensees only. It is covered under the existing Sungard Public Sector license agreement as confidential material and is therefore, not to be communicated to any third party in accord with the covenants of the Sungard Public Sector license agreement.