Step-up authentication: how to design policies that reduce fraud and friction
Deepak Raj
VP Tech
Summarize this article with
Step-up is not “add friction everywhere.” It is a targeted policy applied to high-risk sessions. Device context is the difference between smart step-up and blanket friction.
Tiered enforcement
Tier 1: trusted devices. Tier 2: new devices or mild risk. Tier 3: high-risk signals (automation, integrity failures, SIM anomalies).
Where to apply step-up
Login, password reset, OTP delivery, beneficiary changes, and high-value payouts.
Start with: Account takeover and SMS fraud.
All article tags
Related Articles
What Is Credential Stuffing? How It Works & How to Prevent It?
April 2, 2026
What Is Credential Stuffing? How It Works & How to Prevent It?
Anti-Frida Detection: How to Protect Your Mobile App from Hooking Attacks
March 14, 2026
Anti-Frida Detection: How to Protect Your Mobile App from Hooking Attacks
Mobile App Hardening: A Complete Guide for 2026
March 13, 2026
Mobile App Hardening: A Complete Guide for 2026
RASP vs App Shielding: What's the Difference and What Do You Need?
March 12, 2026
RASP vs App Shielding: What's the Difference and What Do You Need?
Identify your web and
mobile traffic in minutes
Collect visitor IDs and signals instantly for free,
or reach out to our team for a demo.
250+
countries and territories where we identified devices_
4 Billion +
unique browsers and mobile devices identified_
50 Million +
real-time device intelligence API events per day processed_