This product is available by invitation only. General availability is coming soon. Fill out this form to indicate interest.

Getting started with Expedia's Fraud Prevention

Welcome to Expedia's Fraud Prevention. This page contains high level flows for our capabilities and provides you with a guide to set up your integration.

Fraud Prevention Screen Flow

Our fraud screen capabilities screen multiple types of traveler interactions and partner processing interactions. Here is a high level flow of how partner interactions and traveler interactions are screened by use case. Supporting SDK reference can be found here.

Account Takeover Prevention Flow

Our Account Takeover Prevention service ensures that any attempt at unauthorized access your customers' account is prevented. Here is a high level flow of how partner interactions and traveler interactions are screened by use case. Supporting SDK reference can be found here.

You're all set to integrate! Please use the following guide to set up your integration:

What you'll need:

  1. Trust Widget
  2. Download the Expedia Group Platform SDK and Authenticate

Trust Widget

The Trust Widget is lightweight, non-blocking JavaScript that collects user device data as the user navigates through the check out process. The data collected by the Trust Widget is used alongside the Booking Screen API to help make a fraud decision.

High-level integration flow

Trust Widget JavaScript context

For the Trust Widget to accurately collect device information, it must fulfill the following requirements:

  1. The Trust Widget must be placed on the page that collects payment information before the reservation is made.
  2. The Trust Widget must be placed in the header of the JavaScript, with the async attribute.

We recommend using a CDN to setup a reverse proxy, so that the client loads the script from the first party partner domain, and the Trust Widget is fetched from behind the scenes.

Your partner ID (PID) will be communicated to you by Fraud Prevention Support.

There are two separate URLs that should be used, depending on the environment for reverse proxy configuration (integration or try playground vs live site).

*Partner playground:

*Partner live site :

Note: the PID should not be exposed at the page load and should be added by reverse proxy.


If the partner domain is <>, the client should load the script on the webpage as <>.

The CDN cname should be updated to for the lab environment or for the production environment and ?pid=<PID> should be appended to the URL. This reverse proxy setting enables to load the Trust Widget file from the domain and run as a 1st party to <>.

        <script type="text/javascript">
            //Client side functions
            function getSessionIdViaJs() {
                return "MY_SESSION_ID_FROM_JS";
        <script type="text/javascript">
            var trustApi = trustApi || {};
            trustApi.clientConfiguration = {
                "webSessionProviderMethod": "JS",
                "webSessionProviderMethodParam": "return getSessionIdViaJs()",
                "placement": "PURCHASE",
                "placementPage": "1",
                "reportingSegment": ""

            function submitMyForm() {
                // ...
                var twPayload = trustApi.getTrustPayload();
                // ... add twPayload to your server request
                // ...
        <script async src="" />
        <!-- ... -->
        <form onSubmit="submitMyForm">
            <!-- ... -->

You are now ready to start integration with the Fraud Prevention Service! Reference documentation can be found here.

If you have any questions regarding the product or need help with your integration, please visit the Frequently Asked Questions page for contact information.

Expedia Group Platform SDK

Please refer to the SDK quick start documentation to learn how to set up an Expedia Group Partner Account and use the Expedia Group platform SDK.

Did you find this page helpful?
How can we improve this content?
Thank you for helping us improve!