Step up authentication is a dynamic approach to verification requirements, where multiple factors can, in real-time, trigger a "step up" to require two-factor authentication (2FA), re-entering a password, or another heightened verification requirement. Instead of applying the same authentication process to all interactions, step-up authentication instead is triggered based on factors like transaction value, whether a new device is used, if multiple settings are being changed, or other sensitive behavior. It is a balanced approach to security by only introducing additional friction into the user experience when heightened scrutiny is required.
Use case/ examples for step up authentication
High-risk transaction protection: Triggering additional biometric or one-time password verification when customers engage in higher-risk activity like attempting large transfers, international transactions, or payments to new recipients that aren’t consistent with their normal patterns.
Device change verification: Requiring additional authentication when users access their accounts from a new or unrecognized device, confirming identity before granting access.
Sensitive action confirmation: Applying step-up verification before processing sensitive, high-risk account changes such as password resets, contact information updates, or the addition of new payees or beneficiaries.