Rate limiting

Rate limiting occurs if an IP address appears to be suspicious. IPs that have high failure rates and a high percentage of failures are blocked until such a time as they quit attempting to login for some time. As a standard security practice, the exact specifics of this criteria are not shared publicly and are adjusted over time. Institutions can monitor their current overall rate limiting on the dashboard of Banno Reports.

Surprisingly, rate limiting is commonly triggered by employees entering invalid credentials, especially at financial institutions that have recently converted to Banno. To address this, internal network IPs of your institution are requested by Banno implementation coordinators so that they can be whitelisted.