How does biometric auth with passkeys fit into PSD3/PSR?

Vincent Delitz

Vincent

Created: January 31, 2025

Updated: April 26, 2025

Blogpost Title Image

Read the full article

Explore the impact of PSD3/PSR on SCA, focusing on passkey authentication and regulatory changes. Learn how PSD3 will enhance digital payments and security.

Read the full article

Already read by 5,000+ enterprise security leaders.


How Does Biometric Authentication with Passkeys Fit Into PSD3/PSR?#

The Payment Services Regulation (PSR) under PSD3 aims to enhance Strong Customer Authentication (SCA) by embracing modern, phishing-resistant authentication methods. Passkeys, which utilize biometric authentication, align perfectly with these new regulatory goals.

biometric authentication passkeys psd3 psr

1. Biometric Authentication Meets SCA Requirements#

  • Under PSD2, biometric authentication was permitted but required additional authentication factors to comply with SCA.
  • PSD3 strengthens biometric security by:
    • Allowing biometric factors (e.g., fingerprint, facial recognition) to be used in combination with cryptographic passkeys.
    • Reducing reliance on phishable authentication methods like passwords and OTPs.

2. Passkeys Improve Security and Compliance#

  • Passkeys leverage biometric authentication built into the user's device (e.g., Face ID, Windows Hello), ensuring:
    • Phishing resistance – Unlike passwords, passkeys cannot be stolen via phishing attacks.
    • Better fraud prevention – They rely on hardware-based security keys rather than knowledge-based credentials.
    • Seamless user experience – Users authenticate instantly without needing additional security steps.
Enterprise Icon

Get free passkey whitepaper for enterprises.

Get for free

3. PSD3’s Stance on Biometric Authentication#

  • The European Banking Authority (EBA) has clarified that biometric authentication can be used for SCA compliance, provided:
    • It meets high security standards for encryption and fraud detection.
    • It is securely integrated within the payment provider's ecosystem.
  • PSD3 is expected to provide clearer guidelines on biometric authentication, making it easier for banks, fintechs, and enterprises to implement passkeys securely.

4. How Passkeys Fit Into PSD3/PSR’s Security Goals#

  • PSD3 aims to make SCA more effective and user-friendly while minimizing authentication friction.
  • Passkeys with biometrics simplify compliance, since:
    • They eliminate password-related security risks.
    • They enable seamless authentication while maintaining high security standards.
    • They are device-bound and cannot be reused outside their registered environment.

Conclusion#

PSD3/PSR acknowledges biometric authentication as a key component of SCA. The adoption of passkeys aligns perfectly with PSD3's goals, making authentication more secure, convenient, and phishing-resistant. As passkeys gain broader regulatory support, organizations implementing them will benefit from enhanced security and compliance.

Read the full article#

Blogpost Title Image

Read the full article

Explore the impact of PSD3/PSR on SCA, focusing on passkey authentication and regulatory changes. Learn how PSD3 will enhance digital payments and security.

Read the full article

Already read by 5,000+ enterprise security leaders.

Add passkeys to your app in <1 hour with our UI components, SDKs & guides.

Start for free

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.

Share this article


LinkedInTwitterFacebook