Change it so that failed logins don't update last activity date
Right now in the Polaris SIP environment, if you attempt to get patron information using a 63 message, but you put in the WRONG password, the patron accounts LAST ACTIVITY DATE will STILL be updated.
We recently had a vendor that for some crazy reason, went through and was attempting a 63 message for all patron barcodes they had on file. This updated the last activity date for tens of thousands of patron accounts.
Although I suppose there could be some arguments for this behavior, it should not be the default. By default if an account login FAILS, for any reason, but especially because of a bad password, the patron's account should NOT be updated.
This is especially bad behavior because you can't easily bulk revert this date, which means it might literally take year's for these accounts to fall out of the system and number of patron accounts is one of the factors in our consortium billing formula.
Wes Osborn
shared this idea
-
Susan Millwater
commented
It was our patrons that were updated and now we have misleading stats for this year and comparisons to prior years and the coming years. Unfortunately, these were cards that are part of a community partnership so now we're going to have figure out the best way to weed out this false activity. Hopefully this is something that can get fixed quickly.