Alright, so it seems as if this kind of verification is not currently possible with Balanced. There is no API method to re-validate a card. Here are the solutions I came up with, just in case someone else has a similar problem:
- Using a different piece of information to verify the user (card expiration date, etc). But that doesn't seem very common and would probably scare away some users.
- Indeed forcing the user to enter the password again. No problem if the user uses a site-local login. In case the user is logged in using Facebook, there seems to be a way to force a re-authentication: https://developers.facebook.com/docs/howtos/login/server-side-re-auth/