How to handle low score of Recaptcha v3

I implemented Captcha v3 on my site in the following areas with their appropriate Google specified actions:

  • Login
  • Register
  • Homepage
  • Subscription Purchase
  • Main "do the thing" page of the application, in other words where the magic happens.

But what should happen if I detect a low score? Meaning Google thinks the user is either spam, bot or a security risk.

I can think of these options:

  • Display a message inline ie "Suspicious behavior detected. Please try again later. Contact support link"
  • Throw them over to a new page with a similar message and log them out.
    • Ask them to verify they're identity another way, ie email confirmation or SMS.

Has anyone learned any lessons on handling low scores and providing the best experience? -