receiving a request from a web browser executed on a customer electronic device for a webpage for an online entity;

returning, by a validation computer program executed by a trusted entity backend for a trusted entity, a webpage including a hidden iframe comprising code;

receiving, based on execution by the browser of the code included in the hidden iframe, a call to a trusted entity comprising an online entity identifier for the online entity, a session identifier, and a hash value derived from the online entity identifier;

generating, by the validation computer program, a generated hash value based on a shared secret for the online entity;

confirming, by the validation computer program, that the generated hash value matches the hash value;

confirming, by the validation computer program, that a cookie for the trusted entity is stored on the customer electronic device;

determining, by the validation computer program and based on confirmation that the cookie for the trusted entity is stored on the customer electronic device, that the customer electronic device is known by the validation computer program; and

returning, by the validation computer program and to the iframe of the web browser, a device verification value indicating that the customer electronic device is known to the trusted entity.