I’ve seen it is possible to extend the policies via scripting. Is it possible to use such extensions to check fields in the original request e.g. check the amount field and have rule saying if amount < £1000 auth level must be at least 50 else auth level must be higher than 50?
One way is to use authentication trees and set auth level based on your request parameter i.e the amount field. You can read params via Scripting Decision node. Your policy can then act on this authentication level whether to allow access or issue an advice e.g transactional authentication.