How would you implement a rate-limiting mechanism to prevent brute-force attacks in a system at Banco Santander?