Contact salesSign inSign up
AuthsignalAuthsignal
Product
Passwordless / multi-factor authentication (MFA)
Drop-in authentication
Risk-based authentication
Passkeys
Biometric authentication
WhatsApp OTP
Authenticator apps (TOTP)
Push authentication
SMS OTP
Email OTP
Magic links
See all authenticators
See less authenticators
Palm biometrics
Contactless payments & identity verification
Flexible integration modes
Pre-built UI
Low code
UI components
Customizable
Custom UI
Flexible
Digital credentials API Beta
Authenticate customers instantly using digital credentials
Session management
Keep users signed in across web and mobile after authentication
Fraud Controls
Rules and policies engine
Step-up authentication
No-code rule creation
Risk alerts
User observability
Audit trails
Dynamic linking
Why Authsignal?
Complete authentication infrastructure from enrollment to step-up auth, modular by design
Solutions
By USE CASE
View All
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
QR code payments
Step-up MFA
Palm biometrics payments
By INDUSTRY
View All
Financial services
Marketplace
e-Commerce
FinTech
Crypto
Healthcare
By Integration (identity provider)
Amazon Cognito
Azure AD B2C
Duende IdentityServer
Keycloak
Auth0
NextAuth.js
Custom identity provider
By ROLe
Engineers
Product
Passwordless / Multi-factor Authentication (MFA)
Flexible Integration Modes
Pre-built UI · Low code
UI Components · Customizable
Custom UI · Flexible
Digital credentials API Beta
Authenticate customers instantly using digital credentials
Session management
Issue JWT access and refresh tokens
Why Authsignal?
Plug in Authsignal to elevate your IDP — effortless integration with any architecture.
Drop-in Authentication
Risk-based authentication
Passkeys
Biometric authentication
WhatsApp OTP
SMS OTP
Email OTP
Magic links
Authenticator apps (TOTP)
Push notifications
Palm Biometrics
Contactless payments & identity verification
Fraud Controls
Rules and Policies Engine
Step-up Authentication
No Code Rule Creation
Risk Alerts
User Observability
Audit Trails
Use Cases
Financial services
Account takeovers (ATO)
Marketplace
Go passwordless
e-Commerce
Solutions
By Use Case
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
QR code payments
Step-up MFA
Palm Biometric Payments
View all Use Cases
By Industry
Financial services
Marketplace
e-Commerce
FinTech
Crypto
Healthcare
View all Industries
By Integration (identity provider)
Amazon Cognito
Azure AD B2C
Duende IdentityServer
Keycloak
Auth0
NextAuth.js
Custom identity provider
By Role
Engineers
PricingAboutDocsBlog
Schedule a call
Try Authsignal
AUS Flag

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

AUS Flag

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Right icon
Blog
/
Current article
Passwordless authentication
Customer journey

Optimize Your Customer Journey: Key Places for Passwordless Authentication

Justin Soong
⬤
March 3, 2025
Share

It is common practice to place The best Multi-factor Authentication /2FA flows at Sign In, but just because something is common doesn’t mean it’s the most sensible and secure. Here are some reasons why:

  • Sign In friction is one of the biggest causes of customer frustration and a common reason for consumers not to opt-in to a simple multi-factor Authentication.
  • Cybercriminals are now able to bypass step-up 2FA and MFA on Sign in, depending solely on your Customer Identity and Access Management (CIAM) provider is now at risk. This is often called cookie stealing.
  • Friendly fraud tactics blame unauthorized use while the app was “Signed In”
  • Creation of manual workload for customer service and operations teams when there's a lack of assurance at other places in the customer journey

How do we mitigate the above challenges? The answer is simply placing challenge flows in other parts of your customer journey, with step-up risk parameters and rules at Sign In.

Authsignal allows you to build rules to flag high-risk signals on Sign in, like "New Device", and "Impossible Travel", so that you can let most of your good customers through without stepping up authentication on Sign In.

Using a consumer FinTech or Crypto On-Ramp as an example, these are the four important places you should consider placing step-up authentication immediately:

Withdrawal flows

Fraud risk at withdrawal is the highest in many FinTech apps, with customer expectations and satisfaction also at their most heightened. Getting this customer journey wrong could mean losing good customers if the experience is too painful and letting in massive fraud losses if controls are too relaxed. In 2022, this risk is further exaggerated with modern instant payment infrastructure making transactions irreversible when they get processed.

Placing step-up authentication with rules around the dollar value of the amount and behaviour through velocity data gives strong assurance that your customer has authorized the withdrawal. This is commonly known as transaction signing and provides the most balanced way to manage risk.

Buy/Sell/Pay

Similar to withdrawals, Buy/Sell/Pay flows are next on the list for important customer journeys where you should consider placing step-up authentication. This is especially important if your app saves credit/debit card information and saves it on file to charge on behalf of your customer. This is typically called Card Not Present (CNP).

In these flows, it is common to have customer raise disputes or challenge payments through payment schemes, and with the rise in friendly fraud, more and more disputes are coming through, claiming that "it wasn't me".

By placing controls like rules-based challenges and having an audit trail of your customer's activity and device information, operations teams can quickly investigate and validate the claims of your customers.

Change of personal/contact information

An often overlooked part of your customer journey is where personal and contact information can be changed. Places where customers can change address information,  email, and contact information, if not fully secure, can lead to cyber criminals exploiting gaps to launch phishing campaigns and re-route sensitive information.

Chatbots and Customer Support queries

Finally, one of the weakest places where cybercriminals can exploit your platform is your manual customer support channels. Cybercriminals know that good customers use these channels when they get "locked" out of their accounts and exploit weak customer authentication approaches like verification questions (e.g. tell me your date of birth or your address)

By automating this crucial part of your customer journey with step-up challenges, customer support can get straight to assisting your customers without the antiquated approach of messaging back and forth, only to get a weak form of verification a couple of hours later.

How Authsignal Helps?

Authsignal makes it really easy to bring beautiful challenge flows using our pre-built UI, balanced with our easy-to-use no-code fraud rules engine, all housed within our admin portal, which gives you access to rich analytics and an audit trail of your customer activity.

Authsignal's SDKs and APIs mean that engineers can drop in challenge flows anywhere you choose in your customer journey within hours, regardless of platform, web or mobile.

‍

<blog-button>Learn more about Authsignal and flexible MFA<blog-button>

‍

Question icon
Have a question?
Talk to an expert
NewsletterDemo PasskeysView docs
Passwordless authentication
Customer journey

You might also like

How to add push authentication to your app with Authsignal and React Native
Push authentication
React native
Node.js
Multi-factor authentication
Guides

How to add push authentication to your app with Authsignal and React Native

March 27, 2026
BSP Circular 1213: Philippine banks must replace SMS OTPs by June 2026
BSP Circular 1213
Philippine banking
SMS OTP
Risk based authentication

BSP Circular 1213: Philippine banks must replace SMS OTPs by June 2026

March 18, 2026
How to add adaptive MFA and passkeys to any web app with Authsignal and Lambda@Edge
AWS
Authentication
Security

How to add adaptive MFA and passkeys to any web app with Authsignal and Lambda@Edge

March 10, 2026

Secure your customers’ accounts today with Authsignal

Passkey demoCreate free account

Authsignal delivers passwordless and multi-factor authentication as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOCFido Certified
LinkedInTwitter
Passwordless / multi-factor authentication (MFA)
Pre-built UI (low code)UI components (customizable)Custom UI (flexible)
Why Authsignal?
Drop-in authentication
Risk-based authentication PasskeysBiometric authenticationWhatsApp OTPSMS OTPEmail OTPMagic linksAuthenticator apps (TOTP)Push authenticationPalm biometricsDigital Credential Verification API
Rules and policies engine
User observability
Industries
Financial services
Marketplace
e-Commerce
FinTech
Crypto
View all industries
Teams
Engineers
Use cases
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
View all use cases
Identity providers (IDPs)
Amazon Cognito
Auth0
Azure AD B2C
Custom identity provider
Duende IdentityServer
Keycloak
NextAuth.js
Integrations
ASP.NET
C#
Java
Node.js
Open ID Connect (OIDC)
PHP
Python
React
Ruby
Ruby on Rails
Compare
Twilio Verify vs AuthsignalAuth0 vs AuthsignalAWS Cognito vs Authsignal + AWS Cognito
Resources
BlogDeveloper docsFree Figma mobile passkeys templateFree Figma desktop passkeys templateFree Figma webapp passkeys template
Company
About usWhy AuthsignalCareersPress releasesPartnersContact us
What is
SMS OTP
Risk Based Authentication
IP Spoofing
Passwordless authentication
Multi-Factor Authentication (MFA)
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2026 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies