**Last updated**: 22 April 2025 | [**Change log**](/products/3ds/changelog/) # Authentication `POST` your authentication request to the `3ds:authenticate` action link. Your authentication request sends order and risk data used to decide if a [challenge](/products/3ds/web/challenge-verification) is required. ## Authentication example request Card Token Network Token Minimum Recommended key:values ## How much data to provide [Device data](/products/3ds/web/device-data) and values in the `authentication` request are used by the issuer to decide if the transaction is likely to be fraudulent. How this data is interpreted varies by issuer. Supplying more data increases the chances of the outcome being frictionless (without a [challenge](/products/3ds/web/challenge-verification)). Some issuers may fail the authentication entirely without the recommended fields. ### EMVco required values - `instruction.paymentInstrument.cardHolderName` - `riskData.account.email` 1 - `riskData.transaction.phoneNumber` 1 - `transaction.firstName` 2 - `transaction.lastName` 2 1 Either `riskData.account.email` or `riskData.transaction.phoneNumber` are required. 2 Only required if `instruction.paymentInstrument.cardHolderName` is not provided br The following are considered mandatory by EMVco and are already part of Device Data Collection. We recommend providing these in the API request along with other device values to maximize authentication rates if [Device Data Collection fails](#device-data-collection-failure). - `deviceData.browserScreenWidth` 1 - `deviceData.browserScreenHeight` 1 - `deviceData.ipAddress` 1 Provide for web/browser integration only #### EMVco recommended values - `instruction.paymentInstrument.billingAddress.city` - `instruction.paymentInstrument.billingAddress.country` - `instruction.paymentInstrument.billingAddress.address1` - `instruction.paymentInstrument.billingAddress.postalCode` - `instruction.paymentInstrument.billingAddress.state` 1 Provide for web/browser integration only ### Device Data Collection failure In the event the device data collection fails to run (browser/native), additionally provide the following, to maintain healthy authentication rates and reduce issuer challenges: - `deviceData.ipAddress` 1 - `deviceData.browserLanguage` - `deviceData.browserScreenHeight` - `deviceData.browserScreenWidth` - `deviceData.browserJavaEnabled` - `deviceData.browserColorDepth` - `deviceData.timeZone` - `deviceData.browserJavascriptEnabled` 1 Only this value applies to (iOS/Android), the others are not applicable ### Full authentication request schema You can either see the full schema in the [API Reference](/products/3ds/openapi) section or expand the sections below. The riskData object in particular contains additional data that, while not mandatory or specifically recommended by EMVco, may be used by some issuers as part of their risk analysis. ```json { "$ref": "#/components/schemas/3DS_authenticate", "components": { "schemas": { "transactionReference": { "maxLength": 64, "minLength": 1, "pattern": "^[-A-Za-z0-9_!@#$%()*=.:;?\\[\\]{}~`/+]*$", "type": "string", "description": "A unique reference for authentication. For example, e-commerce order code. Use the same transactionReference across all 3 potential request types (deviceDataInitialization, authentication, verification)." }, "cardHolderName": { "maxLength": 255, "minLength": 1, "type": "string", "description": "The name on your customer's card. This is not a mandatory field, however we recommend that you supply this to improve authentication rates." }, "billingAddress": { "required": [ "address1", "city", "postalCode", "countryCode" ], "type": "object", "description": "An object containing the billing address information.", "properties": { "city": { "maxLength": 15, "minLength": 1, "type": "string", "description": "Billing address city" }, "address1": { "maxLength": 80, "minLength": 1, "type": "string", "description": "Billing address line 1" }, "postalCode": { "maxLength": 15, "minLength": 1, "type": "string", "description": "Billing address postal code, [See country codes with optional postalCode](/products/reference/supported-countries-currencies#postalcode-optional)" }, "countryCode": { "maxLength": 2, "minLength": 2, "pattern": "^[A-Z]{2}$", "type": "string", "description": "Billing address country code" }, "state": { "maxLength": 30, "minLength": 1, "type": "string", "description": "Billing address state. Should only be provided following the `ISO-3611-2` two-character sub division (e.g.“CA” for California). We recommend you provide this for US and China addresses." }, "address2": { "maxLength": 80, "type": "string", "description": "Billing address line 2" }, "address3": { "maxLength": 80, "type": "string", "description": "Billing address line 3" } } }, "card_front": { "required": [ "type", "cardNumber", "cardExpiryDate" ], "type": "object", "properties": { "type": { "type": "string", "format": "card/front", "description": "An identifier for the `paymentInstrument` being used." }, "cardHolderName": { "$ref": "#/components/schemas/cardHolderName" }, "cardExpiryDate": { "required": [ "month", "year" ], "type": "object", "description": "Object containing card expiry information", "properties": { "month": { "maximum": 12, "minimum": 1, "type": "integer", "description": "Card expiry month" }, "year": { "maximum": 9999, "minimum": 1, "type": "integer", "description": "Card expiry year" } } }, "cardNumber": { "maxLength": 19, "minLength": 10, "pattern": "^[0-9]*$", "type": "string", "description": "Clear card number (PAN)" }, "billingAddress": { "$ref": "#/components/schemas/billingAddress" } } }, "card_tokenized": { "required": [ "type", "href" ], "type": "object", "properties": { "type": { "type": "string", "format": "card/tokenized", "description": "An identifier for the `paymentInstrument` being used." }, "href": { "minLength": 1, "type": "string", "description": "An `http` address that contains your link to an Access Token" } } }, "card_networktoken": { "required": [ "type", "tokenNumber", "cardExpiryDate" ], "type": "object", "properties": { "type": { "type": "string", "format": "card/networkToken", "description": "An identifier for the `paymentInstrument` being used." }, "cardExpiryDate": { "required": [ "month", "year" ], "type": "object", "description": "Object containing card expiry information", "properties": { "month": { "maximum": 12, "minimum": 1, "type": "integer", "description": "Card expiry month" }, "year": { "maximum": 9999, "minimum": 1, "type": "integer", "description": "Card expiry year" } } }, "tokenNumber": { "maxLength": 19, "minLength": 10, "pattern": "^[0-9]*$", "type": "string", "description": "The network token number" }, "cardHolderName": { "$ref": "#/components/schemas/cardHolderName" }, "billingAddress": { "$ref": "#/components/schemas/billingAddress" } } }, "3DS_authenticate": { "required": [ "transactionReference", "merchant", "instruction", "deviceData", "challenge" ], "type": "object", "properties": { "transactionReference": { "$ref": "#/components/schemas/transactionReference" }, "merchant": { "required": [ "entity" ], "type": "object", "description": "An object that contains information about the merchant and API level configuration.", "properties": { "entity": { "maxLength": 64, "minLength": 1, "pattern": "^[A-Za-z0-9 ]*$", "type": "string", "description": "Used to route the request in Access Worldpay, created as part of on-boarding." }, "overrideName": { "type": "string", "maxLength": 25, "minLength": 1, "pattern": "^[^><&'\\\"]*", "description": "Used to override the merchant name that's both submitted to issuers as well as displayed to the customer in the authentication process. PayFac merchants should submit the name of their submerchant." }, "acquirerId": { "type": "string", "maxLength": 20, "minLength": 1, "example": "01234567", "pattern": "^[0-9]*$", "description": "Instructs the issuer that the following authorization will be completed with an external acquirer" } } }, "instruction": { "required": [ "value", "paymentInstrument" ], "type": "object", "description": "The object that contains all the payment information related to the authentication request.", "properties": { "value": { "required": [ "amount", "currency" ], "type": "object", "description": "An object that contains information about the value of the authentication.", "properties": { "amount": { "maximum": 99999999999, "minimum": 0, "type": "integer", "description": "The authentication amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our [currency table](/products/reference/supported-countries-currencies#iso-currency-codes). The authentication amount should be equal to the authorization amount. We recommend you delay authentication until the amount is known, or ensure it's greater than the total transaction amount." }, "currency": { "maxLength": 3, "minLength": 3, "pattern": "^[A-Z]{3}$", "type": "string", "description": "The three digit currency code. See list of [supported currencies](/products/reference/supported-countries-currencies#iso-currency-codes)" } } }, "paymentInstrument": { "oneOf": [ { "$ref": "#/components/schemas/card_front" }, { "$ref": "#/components/schemas/card_tokenized" }, { "$ref": "#/components/schemas/card_networktoken" } ], "description": "An object that contains the card details or token location.", "discriminator": { "mapping": { "card/front": "#/components/schemas/card_front", "card/tokenized": "#/components/schemas/card_tokenized", "card/networkToken": "#/components/schemas/card_networktoken" }, "propertyName": "type" } } } }, "deviceData": { "required": [ "acceptHeader", "userAgentHeader" ], "type": "object", "description": "Object containing device data information.", "properties": { "acceptHeader": { "maxLength": 2048, "minLength": 1, "type": "string", "description": "Used by the issuer to check if the customer's browser is compatible with the issuer challenge display." }, "userAgentHeader": { "maxLength": 2048, "minLength": 1, "type": "string", "description": "Used by issuers as part of risk analysis and correctly displaying the challenge. Must conform to RFC 7321 E.g. `Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0)`." }, "collectionReference": { "maxLength": 200, "type": "string", "description": "For web this is the `sessionId` in the post message response from the Device Data Collection form. For iOS/Android SDK this is the `consumerSessionId` returned as part of SDK initialization. It is __highly recommended__ you provide this, not doing so will increase issuer challenges." }, "browserLanguage": { "maxLength": 8, "minLength": 1, "type": "string", "description": " Your customer's browser language that can be used by the issuer in risk analysis. Must conform to the language tags defined by IETF. E.g. en-GB, fr-FR. " }, "ipAddress": { "type": "string", "description": " A unique identifier for your customer's physical location that\n can be used by the issuer in risk analysis. Must be in IPv4 or IPv6 format.\nE.g. 192.0.0.0. " }, "browserJavaEnabled": { "type": "boolean", "description": "Defines whether Java is enabled on your customers browser." }, "browserColorDepth": { "type": "string", "description": "The color depth of your customers browser", "enum": [ "1", "4", "8", "15", "16", "24", "32", "48" ] }, "browserScreenHeight": { "type": "integer", "pattern": "^[0-9]{1,6}$", "description": "Defines the pixel height of the customers browser." }, "browserScreenWidth": { "type": "integer", "pattern": "^[0-9]{1,6}$", "description": "Defines the pixel width of the customers browser." }, "timeZone": { "pattern": "^[+-]?\\d{1,4}$", "type": "string", "description": " Time zone offset in minutes between UTC and your customer's browser local time. \nExample time zone offset values in minutes: \nIf UTC -5 hours: \n`300` \n`+300` \nIf UTC +5 hours: \n`-300` \n " }, "browserJavascriptEnabled": { "type": "boolean", "description": "Defines whether Javascript is enabled on your customers browser." } } }, "challenge": { "required": [ "returnUrl" ], "type": "object", "description": "An object that contains challenge related information.", "properties": { "returnUrl": { "minLength": 1, "type": "string", "format": "uri", "description": "URL the issuer will use to notify the challenge has been completed." }, "preference": { "enum": [ "noPreference", "noChallengeRequested", "challengeRequested", "challengeMandated", "noChallengeRequestedTRAPerformed" ], "type": "string", "description": "Preference regarding issuer displaying challenge to the customer. The interpretation of this field varies from issuer to issuer, so we cannot guarantee any particular behavior on their part as a result of you setting this field.", "x-enumDescriptions": { "noPreference": "Default (decision to challenge owned by issuer)", "noChallengeRequested": "Prefer no challenge performed", "challengeRequested": "Prefer challenge is performed", "challengeMandated": "Local or regional mandates meaning a challenge must be performed. For SCA mandated countries you should use `challengeMandated` in the authentication request as part of the first CIT payment in an MIT series", "noChallengeRequestedTRAPerformed": "Prefer no challenge performed due to an exemption to SCA. Only use this when Transaction Risk Analysis (TRA) has been performed using an approved third party vendor and an SCA exemption has been recommended for the authentication." } }, "windowSize": { "default": "390x400", "enum": [ "390x400", "250x400", "500x600", "600x400", "fullPage" ], "type": "string", "description": "Specify the challenge window size (width x height) that the issuer should use." } } }, "riskData": { "type": "object", "description": "Object containing additional risk data.", "properties": { "account": { "type": "object", "description": "Object containing all customer account related risk data.", "properties": { "previousSuspiciousActivity": { "type": "boolean", "description": "Whether there is a record of previous suspicious activity." }, "type": { "enum": [ "guestUser", "registeredUser", "federatedAccount", "issuerCredentials", "thirdPartyAuthentication", "fidoAuthenticator" ], "type": "string", "description": "Type of account the current customer has.", "x-enumDescriptions": { "guestUser": "Order placed without full merchant account registration (no password)", "registeredUser": "Order placed with full merchant account registration (password entered)", "federatedAccount": "Using a Federated ID", "issuerCredentials": "Using issuer credentials", "thirdPartyAuthentication": "Using third party authentication", "fidoAuthenticator": "FIDO authentication standard" } }, "email": { "maxLength": 128, "minLength": 3, "pattern": "^.+@.+$", "type": "string", "description": "The customer's email address. We recommend you provide at least one of either `transaction.phoneNumber` or `account.email`" }, "history": { "type": "object", "description": "Object containing customer's account history.", "properties": { "createdAt": { "type": "string", "format": "date", "description": "When the account was created. Provide in ISO 8601 format.", "example": "2019-11-18" }, "modifiedAt": { "type": "string", "format": "date", "description": "When the account was last modified. Provide in ISO 8601 format.", "example": "2020-05-12" }, "passwordModifiedAt": { "type": "string", "format": "date", "description": "When the account password was last changed. Provide in ISO 8601 format.", "example": "2021-03-15" }, "paymentAccountEnrolledAt": { "type": "string", "format": "date", "description": "Date the payment account was added to the cardholder account. Provide in ISO 8601 format.", "example": "2021-06-20" } } } } }, "transaction": { "type": "object", "description": "Object containing all customer transaction related risk data.", "properties": { "reorder": { "type": "boolean", "description": "If this is a repeat of a previous order." }, "preOrderDate": { "type": "string", "format": "date", "description": "Expected date that a pre-ordered purchase will be available. Provide in ISO 8601 format.", "example": "2021-12-25" }, "firstName": { "maxLength": 22, "minLength": 1, "type": "string", "description": "Customer's first name." }, "lastName": { "maxLength": 22, "minLength": 1, "type": "string", "description": "Customer's last name." }, "phoneNumber": { "maxLength": 20, "minLength": 4, "pattern": "^[0-9]*$", "type": "string", "description": "Customer's phone number." }, "history": { "type": "object", "description": "Object containing details of the last transaction.", "properties": { "attemptsLastDay": { "maximum": 999, "minimum": 0, "type": "integer", "description": "Number of transactions (successful or abandoned) for this cardholder account within the last 24 hours." }, "attemptsLastYear": { "maximum": 999, "minimum": 0, "type": "integer", "description": "Number of transactions (successful or abandoned) for this cardholder account within the last year." }, "completedLastSixMonths": { "maximum": 9999, "minimum": 0, "type": "integer", "description": "Number of purchases with this customer account during the previous six months." }, "addCardsLastDay": { "maximum": 999, "minimum": 0, "type": "integer", "description": "Number of attempts to add a card in the last 24hrs." }, "shippingAddressFirstUsedAt": { "type": "string", "format": "date", "description": "When the shipping address used for the transaction was first used. Provide in ISO 8601 format.", "example": "2021-06-20" } } }, "giftCardsPurchase": { "type": "object", "description": "Object containing information on whether the order is being used to purchase a gift card.", "properties": { "totalValue": { "required": [ "amount", "currency" ], "type": "object", "description": "Object containing information on value of the gift cards being purchase.", "properties": { "amount": { "maximum": 99999999999, "minimum": 0, "type": "integer", "description": "The amount being placed on the gift card. If provided, must include `totalValue.currency`." }, "currency": { "maxLength": 3, "minLength": 3, "pattern": "^[A-Z]{3}$", "type": "string", "description": "The three digit currency code. If provided must include `totalValue.amount`." } } }, "quantity": { "maximum": 99, "minimum": 0, "type": "integer", "description": "The number of gift cards being purchased." } } } } }, "shipping": { "type": "object", "description": "Object containing all data related to how the order will be shipped.", "properties": { "nameMatchesAccountName": { "type": "boolean", "description": "If customer name on account is identical to the shipping name." }, "method": { "enum": [ "billingAddress", "verifiedAddress", "otherAddress", "store", "digital", "unshippedTickets", "other" ], "type": "string", "description": "Field containing information on shipping method chosen by customer.", "x-enumDescriptions": { "billingAddress": "Ship to customer's billing address", "verifiedAddress": "Ship to another verified address on file with merchant", "otherAddress": "Ship to address that is different than billing address", "store": "Ship to store (store address should be populated on request)", "digital": "Digital goods", "unshippedTickets": "Travel and event tickets, not shipped", "other": "Other" } }, "timeFrame": { "enum": [ "electronic", "twoDaysPlus", "nextDay", "sameDay" ], "type": "string", "description": "Timeframe chosen by customer for delivery." }, "email": { "maxLength": 128, "minLength": 3, "pattern": "^.+@.+$", "type": "string", "description": "The email address used for an electronic delivery." }, "address": { "type": "object", "required": [ "address1", "city", "postalCode", "countryCode", "stateCode" ], "description": "An object containing the shipping address information.", "properties": { "address1": { "type": "string", "maxLength": 80, "minLength": 1, "description": "Shipping address line 1" }, "address2": { "type": "string", "maxLength": 80, "minLength": 1, "description": "Shipping address line 2" }, "address3": { "type": "string", "maxLength": 80, "minLength": 1, "description": "Shipping address line 3" }, "postalCode": { "type": "string", "maxLength": 15, "minLength": 1, "description": "Postcode of shipping address" }, "city": { "maxLength": 15, "type": "string", "description": "Shipping address city" }, "countryCode": { "type": "string", "maxLength": 2, "minLength": 2, "description": "Shipping address country code" }, "stateCode": { "type": "string", "maxLength": 2, "minLength": 1, "description": "Shipping address state. Should only be provided following the `ISO-3611-2` two-character sub division (e.g.“CA” for California)." }, "phoneNumber": { "type": "string", "maxLength": 20, "minLength": 4, "pattern": "^[0-9]*$", "description": "Shipping recipient's phone number." } } } } } } } } } } } } ``` ## Authentication responses Best practice Access Worldpay returns a `WP-CorrelationId` in the headers of service responses. We **highly recommend** you log this. The `WP-CorrelationId` is used by us to examine individual service requests. The response contains the outcome of your authentication request. To understand more about the `outcomes` and how to reproduce them, see [3DS testing](/products/3ds/testing). You can see the full response schema in the [API Reference](/products/3ds/openapi/other/authenticate#other/authenticate/response&c=200). Authenticated Successful frictionless authentication authenticated ```json authenticated { "outcome": "authenticated", "transactionReference": "Memory265-13/08/1876", "acsTransactionId": "fe007a6e-315f-4cdf-98ca-28a9e40e3581", "status": "Y", "enrolled": "Y", "authentication": { "version": "2.1.0", "authenticationValue": "MAAAAAAAAAAAAAAAAAAAAAAAAAA=", "eci": "05", "transactionId": "c5b808e7-1de1-4069-a17b-f70d3b3b1645" } } ``` authenticated - Cartes Bancaires ```json authenticated - Cartes Bancaires { "outcome": "authenticated", "transactionReference": "Memory265-13/08/1876", "acsTransactionId": "fe007a6e-315f-4cdf-98ca-28a9e40e3581", "status": "Y", "enrolled": "Y", "authentication": { "version": "2.1.0", "authenticationValue": "AJkBBkhgQQAAAE4gSEJydQAAAAA=", "eci": "05", "transactionId": "be122acf-0ba7-4eff-aa5b-fb53e9ad2f87", "cryptogramAlgorithm": "1", "challengePreference": "challengeMandated", "authenticationFlow": "frictionless", "brand": "cartesBancaires" } } ``` Authentication failed Issuer failed the authentication without providing the option for a challenge authenticationFailed ```json authenticationFailed { "outcome": "authenticationFailed", "transactionReference": "Memory265-13/08/1876", "acsTransactionId": "fe007a6e-315f-4cdf-98ca-28a9e40e3581", "status": "N", "enrolled": "Y", "authentication": { "version": "2.1.0", "eci": "07", "transactionId": "c5b808e7-1de1-4069-a17b-f70d3b3b1645" }, "_links": { "3ds:authenticate": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/customers/3ds/authentication" }, "curies": [ { "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/customers/3ds/{rel}", "templated": true, "name": "3ds" } ] } } ``` authenticationFailed - Cartes Bancaires ```json authenticationFailed - Cartes Bancaires "transactionReference": "Memory265-13/08/1876", "acsTransactionId": "fe007a6e-315f-4cdf-98ca-28a9e40e3581", "status": "N", "enrolled": "Y", "authentication": { "version": "2.1.0", "eci": "07", "transactionId": "424c464d-3b04-4101-950a-8a71cd1f9dc6", "challengePreference": "challengeMandated", "authenticationFlow": "frictionless", "statusReason": "01", "brand": "cartesBancaires" }, "_links": { "3ds:authenticate": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/customers/3ds/authentication" }, "curies": [ { "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/customers/3ds/{rel}", "name": "3ds", "templated": true } ] } } ``` Challenged Issuer challenge required based on a risk assessment they have performed. challenged ```json challenged { "outcome": "challenged", "transactionReference": "Memory265-13/08/1876", "authentication": { "version": "2.1.0" }, "challenge": { "reference": "123456789", "url": "https://ChallengePageUrl.example.com", "jwt": "VGhpcyBpcyBhIGJhc2UgNjQgZW5jb2RlZCBleGFtcGxlIG9mIGEgM0RTICJwYXlsb2FkIg==", "payload": "eyJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIiwidGhyZWVE" }, "_links": { "3ds:verify": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/customers/3ds/verification" }, "curies": [ { "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/customers/3ds/{rel}", "templated": true, "name": "3ds" } ] } } ``` Unavailable Error/timeout whilst attempting authentication. Not a recognized outage. unavailable ```json unavailable { "outcome": "unavailable", "transactionReference": "Memory265-13/08/1876", "status": "U", "enrolled": "U", "_links": { "3ds:authenticate": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/customers/3ds/authentication" }, "curies": [ { "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/customers/3ds/{rel}", "templated": true, "name": "3ds" } ] } } ``` Authentication outage Recognized downstream 3DS outage. [See below](#authentication-outage) authenticationOutage ```json authenticationOutage { "outcome": "authenticationOutage", "transactionReference": "Memory265-13/08/1876", "_links": { "3ds:authenticate": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/customers/3ds/authentication" }, "curies": [{ "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/customers/3ds/{rel}", "templated": true, "name": "3ds" }] } } ``` Bypassed Bypass the authentication flow using Cardinal rules engine configuration. Part of 3DS premium. bypassed ```json bypassed { "outcome": "bypassed", "transactionReference": "Memory265-13/08/1876", "acsTransactionId": "fe007a6e-315f-4cdf-98ca-28a9e40e3581", "status": "Y", "enrolled": "B", "authentication": { "version": "2.1.0", "eci": "07", "transactionId": "c5b808e7-1de1-4069-a17b-f70d3b3b1645" } } ``` Warning You cannot re-use the `authenticationValue` in multiple authorization requests. Re-using the `authenticationValue` in this way will result in issuer declines and may incur fees. ### Authentication outage If the outcome is `authenticationOutage` due to a recognized downstream issue (e.g. Visa/Mastercard/ACS provider), you can attempt authorization using the authentication outage exemption in the authorization request. This will increase the likelihood of receiving a successful authorization but will not be eligible for liability shift. This is not currently enabled by default, speak to your Worldpay Implementation Manager to be set up for `authenticationOutage` responses. Apply the details (such as `eci`, `version`, `authenticationValue`, `transactionId`) required by [Card Payments](/products/card-payments/) in the [authorization request](/products/card-payments/authorize-a-payment#3ds). If the outcome is `challenged`, proceed with [challenge display & verification](/products/3ds/web/challenge-verification). See [Testing](/products/3ds/testing) for details. **Next steps** [Challenge](/products/3ds/web/challenge-verification)[Take a payment](/products/card-payments/authorize-a-payment#3ds) [Testing](/products/3ds/testing)