Handles wrong credential input (update counter, black-list customer, ...) based on the settings in the security policy.
Mainly used internally.
true if the number of wrong entries was exceeded and the customer was either black-listed or the credential is temporarily blocked. Returns false otherwise.