Important
We have released a new version. Documentation for our latest version can be found [here](/access/products/3ds/).
**Last updated**: 22 April 2025 | [**Change log**](/access/products/3ds/changelog/)
# Web
Verify your customer's identity simply and seamlessly to minimize fraud. Use our strong customer authentication to benefit from liability shift.
1. [Get started](/access/products/3ds/v2/web/get-started) with our 3DS API by setting your headers and querying the 3DS root resource.
2. Collect [Device data](/access/products/3ds/v2/web/device-data) to be sent to the issuer for risk assessment.
3. Submit order and risk data for [authentication](/access/products/3ds/v2/web/authentication). The 3DS flow ends here if no challenge is required (frictionless).
4. Show the issuer [challenge display](/access/products/3ds/v2/web/challenge-verification) and retrieve the authentication details to form part of the payment authorize request.
5. [Test](/access/products/3ds/v2/testing) the integration on our Try environment using specific values.
## Flows
Web - Card - 3DS challenge
The issuer requires the customer to prove their identity due to its fraud assessment. Providing more data related to the order/customer will be reduce challenges.
```mermaid
sequenceDiagram
participant Browser
participant Merchant Frontend
participant Merchant Backend
participant Access 3DS
participant Issuers
Browser->>Merchant Frontend: Click Pay
Merchant Frontend->>Merchant Backend: Pay
Merchant Backend->>Access 3DS: deviceDataInitialization request
Access 3DS->>Merchant Backend: deviceDataInitialization response
Merchant Backend->>Merchant Frontend: DeviceData - BIN/JWT/URL
Merchant Frontend->>Browser: 3DS Device Data form
Browser-->>Issuers: Form post
Issuers-->>Browser: PostMessage: dfReferenceId
Merchant Backend->>Access 3DS: authentication request
Note right of Merchant Backend: If no `dfReferenceId` (collectionReference) is
provided or the issuer doesn't support 3DS2, the
flow will use 3DS1 from here (always challenge)
Access 3DS->>Merchant Backend: authentication response
Merchant Backend->>Merchant Frontend: Challenge JWT/URL
Merchant Frontend->>Browser: 3DS challenge form
Browser-->>Issuers: Form post
Issuers-->>Merchant Backend: `returnUrl` specified in authentication request
Note right of Merchant Frontend: Update or close challenge window on website
Note right of Merchant Backend: Once the challenge has been completed you
can submit the `challenge.reference` from the
authentication response to the verification request
Merchant Backend->>Access 3DS: verification request
Access 3DS->>Merchant Backend: verification response
Note right of Merchant Frontend: Apply authentication details in payment
E.g. eci, authenticationValue etc
```
Web - 3DS frictionless
The order is considered low risk by the issuer a challenge is not required.
```mermaid
sequenceDiagram
participant Browser
participant Merchant Frontend
participant Merchant Backend
participant Access 3DS
participant Issuers
Browser->>Merchant Frontend: Click Pay
Merchant Frontend->>Merchant Backend: Pay
Merchant Backend->>Access 3DS: deviceDataInitialization request
Access 3DS->>Merchant Backend: deviceDataInitialization response
Merchant Backend->>Merchant Frontend: DeviceData - BIN/JWT/URL
Merchant Frontend->>Browser: 3DS Device Data form
Browser-->>Issuers: Form post
Issuers-->>Browser: PostMessage: dfReferenceId
Merchant Backend->>Access 3DS: authentication request
Note right of Merchant Backend: If no `dfReferenceId` (collectionReference) is
provided or the issuer doesn't support 3DS2, the
flow will use 3DS1 from here (always challenge)
Access 3DS->>Merchant Backend: authentication response
Note right of Merchant Frontend: Apply authentication details in payment
E.g. eci, authenticationValue etc
```
**Next steps**
[Get started](/access/products/3ds/v2/web/get-started)