FIDO Alliance Launches Payments Working Group (PWG)

The FIDO Alliance has announced a new Payments Working Group (PWG) dedicated to adapting passwordless FIDO authentication solutions for payment use cases. Launched on April 29, 2025, this working group will serve as a forum of experts to define best practices and advise on issues affecting payment authentication with FIDO technologies. By establishing the PWG, the Alliance is acknowledging the unique security, user experience, and regulatory requirements of the payments industry and aiming to accelerate the adoption of passkeys in payment scenarios.

The PWG is led by major payment network representatives, signaling strong industry support. Henna Kapur of Visa and Jonathan Grossar of Mastercard are serving as co-chairs of the group. They are joined by a broad range of FIDO Alliance member organizations from across the payments ecosystem, including American Express, Cartes Bancaires (France’s national card scheme), Futurae (authentication provider), Infineon (security hardware), OneSpan (digital identity security), PayPal, Royal Bank of Canada and Thales. This diverse participation - spanning card networks, payment processors, banks and security tech companies - underscores a collective commitment to making online payments more secure and user-friendly through FIDO standards.

Notably, FIDO Alliance leadership has emphasized the significance of this move. According to Andrew Shikiar, Executive Director of the FIDO Alliance, the organization rarely creates new working groups, doing so only after much research and deliberation. The formation of the PWG therefore reflects an urgent, high-priority effort. Shikiar expressed excitement for the PWG as a “powerful forum” for payment industry stakeholders to develop best practices for modern payment authentication – including the growing use of passkeys in payments. In other words, the top minds in digital payments and identity verification are coming together under the PWG to tackle the challenges of passwordless payment security.

The Payments Working Group has outlined three primary focus areas for its initial work, aligning with the needs of payment service providers and merchants in deploying FIDO authentication:

The PWG will identify and assess the specific requirements for authentication in payment contexts (covering aspects like user experience, security needs, and regulatory compliance that are unique to payments). This involves understanding industry mandates (for example, strong customer authentication regulations) and the usability considerations in checkout or banking flows.

The group will survey existing and emerging authentication solutions that could meet those payment requirements. In practice, this means examining how FIDO passkeys and related technologies can address payment authentication challenges, as well as reviewing any other methods in the market. By comparing solutions, the PWG aims to pinpoint what works best for fraud prevention and frictionless customer experience in payments.

Another key task is to develop guidelines for using passkeys or other FIDO-based authentication alongside existing payment industry technologies. In particular, the PWG will create recommendations for integrating FIDO authentication with systems like EMV® 3-D Secure (the protocol commonly used for bank card verification during online purchases) and EMV® Secure Remote Commerce (SRC) (the “Click to Pay” one-touch checkout standard). These guidelines will help ensure that passkeys can be smoothly implemented without disrupting current payment flows, bridging the gap between new passwordless methods and established payment infrastructure.

Beyond these three core objectives, the PWG is also tasked with supporting projects to document real-world deployments, identify challenges, and work with partner organizations on education and adoption efforts. For example, the group may publish case studies of passkey implementations in payments and collaborate with standards bodies like EMVCo or W3C to harmonize approaches. All of these efforts serve the PWG’s ultimate goal: making FIDO authentication an effective, widely-accepted standard for securing payments.

The launch of the PWG has been met with optimism in the payments and security community, coming at a critical time when the industry is seeking stronger yet simpler authentication. Payment providers face rising pressure to combat fraud (especially phishing and account takeover attacks) while minimizing checkout friction that leads to cart abandonment. The FIDO Alliance’s initiative directly addresses this need by bringing stakeholders together to design passwordless authentication solutions tailored for payments. Visa’s Henna Kapur noted in a recent industry event that there is tremendous potential for FIDO passkey adoption in financial services, indicating why Visa and others are investing resources in this area.

Crucially, the involvement of leading card networks and banks in the PWG suggests that its recommendations could carry significant weight. When organizations like Visa, Mastercard, Amex and major banks align on technical guidelines, it paves the way for broad adoption across the ecosystem. This could mean that in the near future, online merchants and issuing banks will have clearer standards for incorporating passkey authentication into payment flows – for instance, using a passkey as a verification step instead of one-time passwords or security questions. Industry observers predict that this collaboration will accelerate the timeline for passkeys becoming a mainstream option for payment verification, improving security for transactions while making the user experience more seamless.

The PWG’s formation also aligns with global trends in passkey adoption and payment security. In the past two years, the tech world at large has made a decisive push toward passwordless authentication. Major tech companies like Microsoft, Google, and Apple have all introduced support for FIDO passkeys and even started making them the default sign-in option for users (e.g. Microsoft announced that new user accounts will be “passwordless by default,” encouraging passkey or similar login methods). Thanks to such efforts, an estimated 15+ billion user accounts globally were capable of using passkeys by the end of 2024. Meanwhile, recent surveys show that around** 69% of consumers have enabled passkeys on at least one account**, with over half finding passkeys more convenient and secure than passwords. This widespread momentum indicates that users are increasingly ready to embrace passkeys for everyday logins.

Within the payments sector specifically, we are seeing parallel moves to leverage FIDO standards. Financial institutions and payment platforms are going “all-in” on passkeys, rolling out support to replace passwords and legacy authentication. Banks and fintechs such as Revolut and PayPal have begun offering passkey login to customers, and in 2024 Mastercard launched a Passkeys Payment service incorporating FIDO credentials. Visa too announced its Visa Payment Passkey service in 2024 to enable passwordless checkout for cardholders. According to industry reports, Mastercard is aiming to scale up passkey usage significantly by 2030 as part of its fraud reduction strategy, integrating passkeys with tokenization and the EMV 3-D Secure process. This shows that the largest payment networks are treating FIDO authentication as a cornerstone of future payment security. The FIDO Alliance PWG will complement these efforts by ensuring that there is a coherent framework and guidelines to implement passkeys across different payment platforms and standards.

Early reactions to the PWG’s launch highlight its potential impact. Cybersecurity experts note that by eliminating passwords and OTPs in favor of passkeys, payment providers can dramatically reduce phishing and credential theft risks. At the same time, a well-designed passkey experience can streamline checkout, since users can authenticate with a fingerprint or face scan in lieu of remembering passwords or retrieving codes. This can lead to higher checkout success rates and lower abandonment – a win-win for security and user convenience. The presence of regulatory and user-experience experts in the working group also means that outcomes might satisfy both compliance requirements (e.g. PSD2 SCA in Europe) and practical usability needs. All told, the PWG’s work is seen as an important step toward modernizing online payments, bringing them in line with the broader move toward a passwordless, phishing-resistant future.

With the Payments Working Group, the FIDO Alliance is laying the groundwork for a new era of secure and frictionless payment authentication. By uniting stakeholders from across the payment ecosystem, the PWG is poised to create standards and guidelines that could soon make passkeys an integral part of online purchases and banking transactions. Its launch reflects both the industry’s urgency in fighting online fraud and its recognition that user-friendly security (like biometrics and passkeys) is essential for the future of digital commerce. Corbado is likewise supporting passkey adoption among payment providers, echoing the PWG’s mission of accelerating the shift to passwordless authentication in payments. As the PWG advances its initiatives, payment providers around the world can look forward to clearer guidance and improved tools for implementing FIDO’s technologies - ultimately benefiting businesses and consumers alike through safer and smoother payment experiences.