How does biometric auth with passkeys fit into PSD3/PSR?

Vincent Delitz

Vincent

Created: January 31, 2025

Updated: February 2, 2025

Do you want to learn more?

Read full blog post

How Does Biometric Authentication with Passkeys Fit Into PSD3/PSR?#

The Payment Services Regulation (PSR) under PSD3 aims to enhance Strong Customer Authentication (SCA) by embracing modern, phishing-resistant authentication methods. Passkeys, which utilize biometric authentication, align perfectly with these new regulatory goals.

biometric authentication passkeys psd3 psr

1. Biometric Authentication Meets SCA Requirements#

  • Under PSD2, biometric authentication was permitted but required additional authentication factors to comply with SCA.
  • PSD3 strengthens biometric security by:
    • Allowing biometric factors (e.g., fingerprint, facial recognition) to be used in combination with cryptographic passkeys.
    • Reducing reliance on phishable authentication methods like passwords and OTPs.

2. Passkeys Improve Security and Compliance#

  • Passkeys leverage biometric authentication built into the user's device (e.g., Face ID, Windows Hello), ensuring:
    • Phishing resistance – Unlike passwords, passkeys cannot be stolen via phishing attacks.
    • Better fraud prevention – They rely on hardware-based security keys rather than knowledge-based credentials.
    • Seamless user experience – Users authenticate instantly without needing additional security steps.
Enterprise Icon

Get free passkey whitepaper for enterprises.

Get for free

3. PSD3’s Stance on Biometric Authentication#

  • The European Banking Authority (EBA) has clarified that biometric authentication can be used for SCA compliance, provided:
    • It meets high security standards for encryption and fraud detection.
    • It is securely integrated within the payment provider's ecosystem.
  • PSD3 is expected to provide clearer guidelines on biometric authentication, making it easier for banks, fintechs, and enterprises to implement passkeys securely.

4. How Passkeys Fit Into PSD3/PSR’s Security Goals#

  • PSD3 aims to make SCA more effective and user-friendly while minimizing authentication friction.
  • Passkeys with biometrics simplify compliance, since:
    • They eliminate password-related security risks.
    • They enable seamless authentication while maintaining high security standards.
    • They are device-bound and cannot be reused outside their registered environment.

Conclusion#

PSD3/PSR acknowledges biometric authentication as a key component of SCA. The adoption of passkeys aligns perfectly with PSD3's goals, making authentication more secure, convenient, and phishing-resistant. As passkeys gain broader regulatory support, organizations implementing them will benefit from enhanced security and compliance.

Do you want to learn more?

Read full blog post

Share this article


LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.


We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free