What challenges do banks face when implementing passkeys?

Vincent Delitz

Vincent

Created: January 31, 2025

Updated: February 2, 2025

Do you want to learn more?

Read full blog post

What Challenges Might Banks Face When Implementing Passkeys?#

Passkeys offer phishing-resistant, passwordless authentication and are a major security upgrade for banks. However, transitioning from traditional authentication methods to passkeys presents several challenges. These must be addressed to ensure a smooth rollout and user adoption.

challenges banks passkeys

1. Regulatory Compliance and PSD2#

Banks operating in the European Economic Area (EEA) must comply with PSD2’s Strong Customer Authentication (SCA) regulations. While passkeys satisfy SCA requirements by leveraging:

  • Something the user has (device-bound cryptographic keys).
  • Something the user is (biometrics or a device PIN).

Regulators have yet to explicitly approve passkeys as a standalone SCA-compliant method. Banks must closely monitor evolving regulations and proactively work with financial authorities.

2. User Adoption and Education#

Banks must ensure that customers understand how to use and trust passkeys. Challenges include:

  • User hesitancy – Customers may be unfamiliar with passkeys and reluctant to change from passwords and SMS OTPs.
  • Device dependency – Passkeys are linked to devices, which may cause confusion during device loss or migration.
  • Education efforts – Banks need clear, simple onboarding guides to help users transition.

3. Integration with Existing Banking Infrastructure#

Banks must seamlessly integrate passkeys into web banking portals, mobile apps, and ATM authentication. Key challenges include:

  • Legacy system compatibility – Older banking platforms may not support WebAuthn and FIDO2.
  • Cross-platform synchronization – Ensuring passkeys work across mobile, desktop, and alternative devices.
  • Fallback mechanisms – Providing secure backup authentication methods for users without passkey-supported devices.
Enterprise Icon

Get free passkey whitepaper for enterprises.

Get for free

4. Security and Fraud Considerations#

Although passkeys eliminate phishing risks, banks must:

  • Secure cloud-synced passkeys – Some regulators may be concerned about the security of passkeys stored in iCloud Keychain or Google Password Manager.
  • Prevent unauthorized access – Implement risk-based authentication for high-value transactions.
  • Monitor fraud attempts – While passkeys reduce phishing risks, fraudsters may still attempt device-based attacks.

5. Transitioning From Legacy Authentication Methods#

Banks cannot immediately phase out passwords and SMS OTPs. Instead, a gradual transition is required:

  • Offer passkeys alongside existing methods as an opt-in feature.
  • Encourage early adopters and gather feedback.
  • Measure adoption rates before enforcing passkey-only logins.

Conclusion: A Worthwhile Transition Despite Challenges#

Despite these challenges, passkeys provide a long-term solution to phishing, improve user experience, and ensure compliance with modern authentication standards. Banks that plan strategically, educate users, and integrate passkeys carefully will benefit from a more secure and seamless authentication system.

Do you want to learn more?

Read full blog post

Share this article


LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.


We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free