**Last updated**: 22 April 2025 | [**Change log**](/access/products/3ds/changelog/)

# Web

Verify your customer's identity simply and seamlessly to minimize fraud. Use our strong customer authentication to benefit from liability shift.

1. [Get started](/access/products/3ds/web/get-started) with our 3DS API by setting your headers and querying the 3DS root resource.
2. Collect [Device data](/access/products/3ds/web/device-data) to be sent to the issuer for risk assessment.
3. Submit order and risk data for [authentication](/access/products/3ds/web/authentication). The 3DS flow ends here if no challenge is required (frictionless).
4. Show the issuer [challenge display](/access/products/3ds/web/challenge-verification) and retrieve the authentication details to form part of the payment authorize request.
5. [Test](/access/products/3ds/testing) the integration on our Try environment using specific values.


## Flows

Web - Card - 3DS challenge
The issuer requires the customer to prove their identity due to the fraud assessment outcome. Providing more data related to the order/customer reduces challenges.


```mermaid

sequenceDiagram
    participant Browser
    participant Merchant Frontend
    participant Merchant Backend
    participant 3DS API
    participant Issuers
    Browser->>Merchant Frontend: Click Pay
    Merchant Frontend->>Merchant Backend: Pay 
    Merchant Backend->>3DS API: deviceDataInitialization request
    3DS API->>Merchant Backend: deviceDataInitialization response
    Merchant Backend->>Merchant Frontend: DeviceData - BIN/JWT/URL
    Merchant Frontend->>Browser: 3DS Device Data form
    Browser-->>Issuers: Form post
    Issuers-->>Browser: PostMessage: dfReferenceId
    Merchant Backend->>3DS API: Authentication request
    Note right of Merchant Backend: If no `dfReferenceId` (collectionReference) is<br> provided or the issuer doesn't support 3DS2, the<br> flow uses 3DS1 from here (always challenge)
    3DS API->>Merchant Backend: Authentication response
    Merchant Backend->>Merchant Frontend: Challenge JWT/URL
    Merchant Frontend->>Browser: 3DS challenge form
    Browser-->>Issuers: Form post
    Issuers-->>Merchant Backend: `returnUrl` specified in authentication request
    Note right of Merchant Frontend: Update or close challenge window on website
    Note right of Merchant Backend: Once the challenge has been completed you<br> can submit the `challenge.reference` from the<br> authentication response to the verification request
    Merchant Backend->>3DS API: Verification request
    3DS API->>Merchant Backend: Verification response
    Note right of Merchant Frontend: Apply authentication details in payment<br> E.g. eci, authenticationValue etc
```

Web - 3DS frictionless
The order is considered low risk by the issuer. A challenge is not required.


```mermaid

sequenceDiagram
    participant Browser
    participant Merchant Frontend
    participant Merchant Backend
    participant 3DS API
    participant Issuers
    Browser->>Merchant Frontend: Click Pay
    Merchant Frontend->>Merchant Backend: Pay 
    Merchant Backend->>3DS API: deviceDataInitialization request
    3DS API->>Merchant Backend: deviceDataInitialization response
    Merchant Backend->>Merchant Frontend: DeviceData - BIN/JWT/URL
    Merchant Frontend->>Browser: 3DS Device Data form
    Browser-->>Issuers: Form post
    Issuers-->>Browser: PostMessage: dfReferenceId
    Merchant Backend->>3DS API: Authentication request
    Note right of Merchant Backend: If no `dfReferenceId` (collectionReference) is<br> provided or the issuer doesn't support 3DS2, the<br> flow uses 3DS1 from here (always challenge)
    3DS API->>Merchant Backend: Authentication response
    Note right of Merchant Frontend: Apply authentication details in payment<br> E.g. eci, authenticationValue etc
```

**Next steps**

[Get started](/access/products/3ds/web/get-started)