---
url: 'https://www.corbado.com/faq/biometric-authentication-passkeys-psd3-psr'
title: 'How does biometric auth with passkeys fit into PSD3/PSR?'
description: 'PSD3/PSR enhances biometric authentication with passkeys by standardizing security requirements and enabling phishing-resistant authentication.'
lang: 'en'
---

# How does biometric auth with passkeys fit into PSD3/PSR?

## How Does Biometric Authentication with Passkeys Fit Into PSD3/PSR?

The **Payment Services Regulation (PSR) under PSD3** aims to **enhance Strong Customer
Authentication (SCA)** by embracing modern, [phishing](https://www.corbado.com/glossary/phishing)-resistant
authentication methods. **Passkeys, which utilize biometric authentication**, align
perfectly with these new regulatory goals.

### 1. Biometric Authentication Meets SCA Requirements

- Under **PSD2**, [biometric authentication](https://www.corbado.com/blog/passkeys-biometric-authentication) was
  permitted but required **additional authentication factors** to comply with SCA.
- **PSD3 strengthens biometric security** by:
    - Allowing **biometric factors (e.g., fingerprint, facial recognition) to be used in
      combination with cryptographic passkeys**.
    - Reducing reliance on **phishable authentication methods** like passwords and OTPs.

### 2. Passkeys Improve Security and Compliance

- **Passkeys leverage biometric authentication built into the user's device (e.g., Face
  ID, Windows Hello)**, ensuring:
    - **Phishing resistance** – Unlike passwords, passkeys cannot be stolen via
      [phishing](https://www.corbado.com/glossary/phishing) attacks.
    - **Better fraud prevention** – They rely on **hardware-based security keys** rather
      than knowledge-based credentials.
    - **Seamless user experience** – Users authenticate instantly without needing
      additional security steps.

### 3. PSD3’s Stance on Biometric Authentication

- The **European Banking Authority (EBA)** has clarified that
  [biometric authentication](https://www.corbado.com/blog/passkeys-biometric-authentication) can be used for
  **SCA compliance**, provided:
    - It meets **high security standards** for **encryption and fraud detection**.
    - It is **securely integrated within the payment provider's ecosystem**.
- [PSD3](https://www.corbado.com/blog/psd3-psr-passkeys) is expected to **provide clearer guidelines on biometric
  authentication**, making it easier for **banks, fintechs, and enterprises to implement
  passkeys securely**.

### 4. How Passkeys Fit Into PSD3/PSR’s Security Goals

- [PSD3](https://www.corbado.com/blog/psd3-psr-passkeys) aims to make **SCA more effective and user-friendly**
  while **minimizing authentication friction**.
- **Passkeys with biometrics simplify compliance**, since:
    - They eliminate **password-related security risks**.
    - They enable **seamless authentication while maintaining high security standards**.
    - They are **device-bound and cannot be reused outside their registered environment**.

## Conclusion

**PSD3/PSR acknowledges biometric authentication as a key component of SCA.** The
**adoption of passkeys aligns perfectly with PSD3's goals**, making authentication more
**secure, convenient, and phishing-resistant**. As **passkeys gain broader regulatory
support**, organizations implementing them will benefit from **enhanced security and
compliance**.

## Read the full article