Define the risk signal triggers that require step-up: for example, login from a new device, high-value transaction, address change, or fraud model score above a configured threshold
On detection of a risk signal, create a new IDV session with your chosen vendor using the user's existing record and a step-up verification mode
Send the user a notification (in-app, email, or SMS) explaining why additional verification is required and providing a link or deep link to the step-up flow
Require the user to complete the step-up verification (which may include liveness check, document re-scan, or knowledge-based authentication) before allowing the triggering action to proceed
On successful step-up completion, record the event in the user's verification history with the risk signal that triggered it and the outcome
On failure, apply your risk policy: block the action, lock the account pending manual review, or escalate to fraud operations
Known gotchas
Step-up flows add friction; calibrate risk signal thresholds carefully to avoid excessive false positives that degrade the user experience for legitimate users
Do not allow the step-up session to be bypassed by opening a parallel session or a different device path; enforce server-side that the pending action is gated on the step-up outcome
Storing the step-up event with a precise timestamp and risk signal context is essential for fraud investigations and regulatory audits
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp