NEW

Get your instant personalised eID & AML-R readiness report for EU financial businesses

Step-up Authentication

Re-authenticate users for high-risk actions without drop-off

Re-authenticate users for high-risk actions without
drop-off

Watch Demo

The challenge

Step-up authentication killing your conversion?

Internal risk policies require re-authenticating users before high-risk actions. But existing methods are too friction-heavy to keep users in the flow.

Identity is no longer tied to paper or plastic. With global standards like mDL, eIDAS 2.0 and digital wallets, trust now moves at internet speed.

Identity verification enters a new era
— instant, trusted, reliable.

Risk policy pressure

Platforms must re-authenticate users during high-risk actions within an active session to satisfy internal risk policies and compliance requirements.

rolling out or modernizing
national digital ID programs

— EU Commission

Vulnerable step-up methods

Existing step-up mechanisms such as SMS OTPs remain vulnerable to phishing, SIM-swap attacks, and session hijacking, leaving users exposed.

Mid-session drop-off

Existing step-up mechanisms such as SMS OTPs and hardware tokens create significant friction, causing users to abandon high-risk actions mid-session.

How it works

Users can re-authenticate themselves mid-session in 4 steps.

STEP 1

User attempts an action flagged as high risk by the platform.

STEP 2

Platform prompts the user to re-authenticate.

STEP 3

User verifies their identity using their national eID via their trusted wallet.

STEP 4

User’s identity is confirmed. The platform approves the high-risk action.

Why Hopae

Step-up authentication
that protects users,
and prevents drop-off.

Satisfy internal risk policies
Meet your internal risk policy requirements for high-risk actions without building custom LoA enforcement logic.

Replace SMS & OTPs
Use national eIDs to protect high-risk actions against phishing, SIM-swap attacks, and session hijacking.

Keep users in the flow
Reduce drop-off during re-authentication with a step-up flow that’s finished in seconds.

Compliance without complexity  
Accept 60+ national eIDs through Hopae-managed local registration. No local entities, country-specific integrations, or compliance overhead.

Reduce document-based fraud  
Replace or supplement document uploads and selfies with national eIDs verified against official metadata to prevent synthetic and deepfake fraud.

One integration, embedded in your workflow  
Connect once via a single API and embed a white-label eID verification flow into onboarding with support for custom rules and workflows.
eIDAS 2.0 has introduced and defined the intermediary role to solve this, enabling private companies to unify EUDI Wallet access through a single orchestrated platform.

Build on trusted identity infrastructure

Explore Hopae Connect

Use Hopae Connect to verify users' eIDs globally. Get standardised identity data without managing multiple provider integrations or regulatory complexity.

Learn more about Connect

Empowering across industries

Support your most
critical identity needs

From trusted service providers to financial services, gambling, mobility, hospitality, and beyond, successful businesses across industries grow and scale with Hopae.

IDV Providers

eSignature Providers

Financial Services

Gambling

Telecoms

Retail & E-commerce

Travel & Hospitality

Mobility

Case study

Re-authenticate users with their EUDI Wallet or national eID for high-risk in-session actions

Replacing SMS OTPs and hardware tokens that phishing and SIM-swap routinely defeat. One integration enforces the right Level of Assurance automatically under PSD2, SCA, and eIDAS 2.0 ,without the drop-off legacy methods cause.