You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We have added access control to the Direct Deposit Management API to block dependent access to deposit accounts. This additional account security ensures that only Veterans can manage direct deposit details.
* The Veteran identifier in the API request is checked against VA records to determine Veteran or Dependent status.
* If the identifier is for a non-Veteran or Dependent, an error message is returned in the API response and access to the deposit account is denied.
We have added additional logging for potential fraud alerts from our backend system. When the response we receive contains a fraud alert flag, our API logs the potential fraud alert; access is not blocked. Our API then sends an alert as an HTTP response with Fraud Alert Flag = True to our downstream service. This new functionality will allow our backend system to provide the calling front-end system with an alert so that any changes or research actions can be taken for that account.
