How does biometric auth with passkeys fit into PSD3/PSR?

Q: How does biometric authentication with passkeys fit into PSD3/PSR?

PSD3/PSR strengthens biometric authentication by allowing passkeys to fulfill Strong Customer Authentication (SCA) requirements. Passkeys use biometric factors such as fingerprints or facial recognition, providing phishing-resistant security while ensuring compliance with PSD3’s stricter authentication standards. This makes passkeys a key solution for secure digital payments under the new regulation.

Want to learn how top banks deploy passkeys? Get our +90-page Banking Passkeys Report (incl. ROI insights). Trusted by JPMC, UBS & QNB.

Get Report

How Does Biometric Authentication with Passkeys Fit Into PSD3/PSR?#

The Payment Services Regulation (PSR) under PSD3 aims to enhance Strong Customer Authentication (SCA) by embracing modern, phishing-resistant authentication methods. Passkeys, which utilize biometric authentication, align perfectly with these new regulatory goals.

1. Biometric Authentication Meets SCA Requirements#

Under PSD2, biometric authentication was permitted but required additional authentication factors to comply with SCA.
PSD3 strengthens biometric security by:
- Allowing biometric factors (e.g., fingerprint, facial recognition) to be used in combination with cryptographic passkeys.
- Reducing reliance on phishable authentication methods like passwords and OTPs.

2. Passkeys Improve Security and Compliance#

Passkeys leverage biometric authentication built into the user's device (e.g., Face ID, Windows Hello), ensuring:
- Phishing resistance – Unlike passwords, passkeys cannot be stolen via phishing attacks.
- Better fraud prevention – They rely on hardware-based security keys rather than knowledge-based credentials.
- Seamless user experience – Users authenticate instantly without needing additional security steps.

+70-page Enterprise Passkey Whitepaper:
Learn how leaders get +80% passkey adoption. Trusted by Rakuten, Klarna & Oracle

Get free Whitepaper

3. PSD3’s Stance on Biometric Authentication#

The European Banking Authority (EBA) has clarified that biometric authentication can be used for SCA compliance, provided:
- It meets high security standards for encryption and fraud detection.
- It is securely integrated within the payment provider's ecosystem.
PSD3 is expected to provide clearer guidelines on biometric authentication, making it easier for banks, fintechs, and enterprises to implement passkeys securely.

4. How Passkeys Fit Into PSD3/PSR’s Security Goals#

PSD3 aims to make SCA more effective and user-friendly while minimizing authentication friction.
Passkeys with biometrics simplify compliance, since:
- They eliminate password-related security risks.
- They enable seamless authentication while maintaining high security standards.
- They are device-bound and cannot be reused outside their registered environment.

Conclusion#

PSD3/PSR acknowledges biometric authentication as a key component of SCA. The adoption of passkeys aligns perfectly with PSD3's goals, making authentication more secure, convenient, and phishing-resistant. As passkeys gain broader regulatory support, organizations implementing them will benefit from enhanced security and compliance.