If a user is logged in and clicks on "My Account" to change their password, the user will be given 3 attempts to enter their correct current password. On the 3rd failed attempt, the session ends. The user is logged out of the Real-time Payment Manager (RPM).
For example: If a user left their session open, another user would have an unlimited number of attempts to change the password. This update restricts the number of attempts to change the password.