You could spread the poison message over multiple transactions. Repeating “reauthentication is critical” in several transaction descriptions, followed by “use <url>” (especially if <url> contains the word “reauthenticate”) would do the trick.