Passkeys for Payments

In payments, passkeys can supplement existing payment authentication methods and strengthen the security of e-commerce transactions.

Passkeys are generally considered a password replacement at the point of sign-in, but they can also be implemented for additional use cases where security, speed and convenience are necessary – such as payments.

Payment Scenarios Ideal for Passkeys

When use cases require payments to maintain a secure environment for transaction authorization, Payment Providers can implement passkeys to facilitate a seamless user experience to manage security risks while authorizing the flow of transactions between users and organizations. Ideal scenarios where passkeys for payments are appropriate include the following use cases.

Transaction Authorization

Card Issuers

Card issuers can leverage passkeys for their customers to authorize transactions in 3-D secure authentication flows however they unlock their device – including biometrics, local PIN, etc.:

  • Faster and easier for users than sending a code via SMS or email
  • More secure than alternatives – based on FIDO protocols, passkeys are always unique and phishing-resistant
  • Builds security resilience and compliance readiness

At Checkout

Merchants, PSPs, and
digital wallets

Merchants, digital wallets, and Payment Service Providers (PSPs) can leverage passkeys to authenticate transactions at the point of checkout for delegated authentication:

  • Improve the UX of the checkout experience 
  • Reduce fraud – with FIDO protocols, passkeys provide cryptographic proof of authentication
  • Help to comply with regulations


Mastercard: Enable passkeys to seamlessly authenticate remote commerce transactions

NIST cites phishing resistance of synced passkeys in Digital Identity Guidelines update

VISA: New payment services using passkeys