Important
We have released a new version. Documentation for our latest version can be found [here](/access/products/3ds/).
**Last updated**: 22 April 2025 | [**Change log**](/access/products/3ds/changelog/)
# Challenge Display and Verification
If the authentication response `outcome` is `challenged` and the `authentication.version` is `2.x.x` (3DS2) you can use the SDK to provide the improved [3DS2 Challenge display](#3ds2-challenge-display) for mobile devices.
If the `authentication.version` is `1.x.x` (3DS1) you must follow the [3DS1 Challenge display](#3ds1-challenge-display). The integration more closely follows the steps for web.
## 3DS2 Challenge display
If the `authentication.version` is `2.x.x` you will need the following values from the authentication response to use in the SDK.
| Access Name | Value from | Cardinal SDK Name |
| --- | --- | --- |
| `challenge.reference` | authentication response | `transactionId` |
| `challenge.payload` | authentication response | `payload` |
The Access 3DS API will be periodically tested against the latest version of the Cardinal SDK. Current tested Cardinal SDK version: `v2.2.5`
### SDK challenge display:
- [Android](https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/1998914544/Handle+the+Centinel+Lookup+Response+and+SDK+Handle+the+Challenge+UI+-+Android+-+V+2.2.5)
- [iOS](https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/2005696790/Handle+the+Centinel+Lookup+Response+and+SDK+handle+the+Challenge+UI+-+iOS+-+V+2.2.5)
### Customize Challenge Interface
As part of SDK setup you can customize the challenge user interface
- [Android](https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/1998914483/Challenge+User+InterfaceCustomization+Android-+V+2.2.5)
- [iOS](https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/2005696657/Challenge+User+Interface+Customization+iOS+V+2.2.5)
## 3DS1 Challenge display
If the `authentication.version` is `1.x.x` use the following steps to display the challenge screen.
Note
3DS version 1 was implemented by issuers long before smartphones existed so offers a degraded experience compared to version 2. We expect version 1 traffic from issuers to drop during 2021.
#### Challenge form (webView)
POST the request to the `challenge.url` with the `challenge.jwt` and optional `MD`.
The `MD` field allows you to pass url parameters (max 1024 characters) in the challenge form that is included/echoed in the response url (`challenge.returnUrl`).
details
summary
iOS
Add a WKWebView to your Storyboard and UIViewController and enable JavaScript
```
@IBOutlet var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
webView.configuration.preferences.javaScriptEnabled = true
}
```
Implement a method similar to the code snippet below in your UIViewController
```
let iframeSrcDoc = """
"""
// A viewport meta tag is used to scale the content nicely to the device's screen size
let html = """
"""
webView.loadHTMLString(html, baseURL: URL(string: "about:srcdoc")!)
```
details
summary
Android
Add a WebView to your fragment and enable JavaScript
Kotlin
```
override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
super.onViewCreated(view, savedInstanceState)
val webView = view.findViewById(...)
webView.settings.javaScriptEnabled = true
}
```
Java
```
@Override
public void onViewCreated(View view, Bundle savedInstanceState) {
super.onViewCreated(view, savedInstanceState);
WebView webView = view.findViewById(...);
webView.getSettings().setJavaScriptEnabled(true);
}
```
Implement a method similar to the code snippet below in your Fragment
Kotlin
```
val iframeSrcDoc = """
"""
// A viewport meta tag is used to scale the content nicely to the device's screen size
val html = """
"""
webView.loadData(html, "text/html; charset=utf-8", "UTF-8")
```
Java
```
String challengeUrl = "add challengeUrl here";
String iframeSrcDoc = "" +
"" +
"" +
"" +
"";
// A viewport meta tag is used to scale the content nicely to the device's screen size
String html = "" +
"" +
"" +
"" +
"" +
"" +
"