georgioajency
commented
4 years ago For this the proposed solution we decided was not to allow user access to the app until they enter their PAN number. So the flow will be
Login -> Enter phone -> Confirm OTP -> Looks like its been a while since you visited Finaegis. Could you please confirm your identity by entering your PAN number. Enter PAN -> Verify and Enter OTP (OTP sent to registered email id) -> Verified
If correct, user is confirmed. If incorrect 10 times then the user cannot input PAN anymore and will be locked out and a full page to contact support will appear.
sharangsamonkar
This is the situation that the phone number may be refreshed by the service provider if not used in 3 months. Hence someone else may get the phone number and may try to log in.