This FAQ has been updated as a result of monitoring the impact of the MAPS lockout. Please review the customer impact section for more details.
Q. What is the Malicious Activity Prevention System (MAPS)?
A. The Department of Home Affairs has introduced a Malicious Activity Prevention System (MAPS) that will monitor for repeated verification attempts against the same identity document by a single user Originating Agency Code (OAC). MAPS is an added security measure aimed to improve the detection of fraudulent activity.
Q. When does MAPS take effect?
A. MAPS was turned on by DVS at 8:00am on 1 June 2022.
Q. How does MAPS work?
A. MAPS will use the unique document number to monitor for repeated verification attempts against that document number from the same user Originating Agency Code (OAC).
If the number of verification attempts within 30 minutes reaches a set threshold, the OAC will be locked out of further identity matches on the specific document for the next 20 minutes.
Q. What are the threshold limits set by DVS as part of MAPS?
A. The threshold limits are listed below:
| Document Type | Lockout Threshold |
| Driver Licence | 4 |
| AU Passport | 4 |
| Medicare | 8 |
| AU Visa | 5 |
| Citizenship Certificate | 5 |
| Centrelink Concession Card | 4 |
| ImmiCard | 4 |
| Registration by Descent | 5 |
| Birth Certificate | 5 |
| Marriage Certificate | 10 |
| Change of Name Certificate | 8 |
| Death Certificate | 4 |
| ASIC/MSIC | 5 |
| Commonwealth Electoral Roll | 10 |
Q. How is DVS MAPS different from the greenID lockout?
A. The threshold rules of the greenID lockout apply to a registration in greenID and will take effect when a user has reached the configured lockout limit.
Standard greenID lockout threshold rules are: 1 source attempted 3 times, or 5 sources overall. There is no time limit associated with the greenID lockouts.
The key differences between the DVS MAPS lockout and the greenID lockout are listed below:
| DVS MAPS lockout | greenID lockout | |
| Application | Multiple attempts on a particular identity document from an OAC (or DVS user).
The timeframe for the attempts to trigger the lockout is 30 minutes from the last recorded attempt. This is a rolling window. |
Multiple attempts within a specific greenID registration. |
| Conditions | MAPS applies to document identification attempts whether they are failed or successful. | greenID lockout applies to failed data source attempts. |
| Time period of lockout | DVS will prevent further identity matches for a 20-minute period.
The lockout rule applies to that particular document and does not prevent other identification documents being attempted. |
Once a user is locked out, an administrator must unlock the verification. |
| Customer Impact | DVS will send an ‘N’ response to greenID which translates to ‘no match’. | greenID will display appropriate messaging depending on customer implementation. |
| Threshold limits | The threshold limits set by DVS are specified in the previous table above. | Standard thresholds are:
· 3 attempts per source · 5 attempts overall Customers may set their own customised configuration for the lockout rules. |
Customer impact
For the majority of greenID customers, there is no impact because the greenID standard lockout rules will stop a suspicious verification from proceeding before it can hit the DVS MAPS lockout threshold.
However, we have seen that some API customers have implemented greenID in such a way that bypasses the standard greenID lockout rules. The good news for these customers is that DVS MAPS is likely stopping suspicious verifications which were previously going undetected.
Q. What happens if my account has been impacted?
A. If your implementation of greenID is resulting in transactions bypassing the greenID lockout rules, then on reaching the DVS MAPS threshold limit, the expected result will be no match. Ideally, customers will want to stop making additional DVS calls after hitting the MAPS threshold.
However, we understand that technical integration changes can take a lot of time and resources. Therefore, GBG has lobbied the Department of Home Affairs to not charge for DVS requests that result in a no match after hitting the MAPS lockout. The Department of Home Affairs has agreed to this.
Credits for any transactions that hit the MAPS lockout will be processed a month in arrears (e.g. transactions that hit the MAPS lockout in June will be credited in the July invoice).
A new feature will also be developed in greenID to pass back an ‘expanded response’ from the DVS to provide a reason why a transaction resulted in a no match – this will include DVS MAPS as a reason. In the future, this could be used to improve user experience. We look forward to announcing more details about this feature soon.
Summary
DVS MAPS is an initiative by the DHA to reduce fraud. In most cases, customers are already protected by the standard greenID lockout rules. However, there are a few customers who are hitting the MAPS lockout rules.
After lobbying by GBG, the Department of Home Affairs has agreed not to charge for transactions blocked by MAPS. If you have been impacted, illion will notify you and process credits in monthly arrears.
Further information
Please refer to the greenID wiki page for further information. If you have any questions, please contact your account director or our support team at customersupport@illion.com.au.