Handling Requests for Additional Information to Fulfill Orders

[andresuribe87]

In fraud prevention scenarios, an order may be be flagged as risky. In such scenarios, it's common to ask a user for additional information to decrease the associated risk. Some examples of such design include: asking the user to do an additional multi-factor authentication (like verifying a link through a email); asking for a selfie at the moment of transaction. What would be the recommended approach to ask for such additional information after an Order message has been received?

A possibly related issue is described in #319