This regards the Failed Authentications section of the Adaptive Risk authentication module.
What it does at the moment: if user failed to authenticate on the previous attempt it adds the score towards the total risk. It does not differentiate between a user who failed only once and one who failed various times.
RFE: add a multiplicative setting by which, if set, the score associated to the check would be multiplied by the number of previous failures registered for the user. So if the score is 10 and there has been 3 previous failures, the total risk would be incremented by 30 instead of by 10.