Mastercard and Visa Advance Passkey Authentication

- Passkeys are built on the FIDO2 and WebAuthn standards, which use public-key cryptography to create a unique key pair for each website or app. The private key is stored securely on the user's device, while the public key is registered with the online service. This method is resistant to phishing and server data leaks because the private key never leaves the device. - For issuers, passkey adoption can lead to a liability shift for fraudulent transactions. When a payment is authenticated using a passkey through services like Click to Pay, the chargeback liability can move from the merchant to the issuer, providing greater financial protection for businesses. - The adoption of passkeys is part of a broader industry initiative to phase out manual card entry for online transactions. Mastercard, for example, aims to completely replace manual card entry in Europe with tokenization and biometric authentication by 2030. - While FedNow has seen rapid growth in the number of participating financial institutions, The Clearing House's RTP network still leads in terms of account reach, covering approximately 70% of U.S. accounts. Both real-time payment systems are expanding, with RTP increasing its transaction limit to $10 million to better accommodate large B2B and corporate transactions. - AI and machine learning are being integrated with passkey authentication to provide an additional layer of security. These systems can analyze behavioral data, such as login times and device location, to detect anomalies and trigger further verification steps or block suspicious login attempts in real-time. - The move to passkeys is also being driven by regulatory requirements like the Payment Services Directive 2 (PSD2) in Europe, which mandates Strong Customer Authentication (SCA). Passkeys, which combine a user's device (possession factor) with a biometric or PIN (inherence or knowledge factor), inherently meet these multi-factor authentication requirements. - Noon Payments, a payment service provider in the Middle East, is the first to offer Visa's Payment Passkey service globally, highlighting the international expansion of this technology. In India, the adoption of biometric and passkey authentication is projected to increase transaction success rates by 2-3 percentage points. - There are different implementation models for passkeys in the payments ecosystem, including issuer-centric, merchant-centric, and network-centric approaches. Each model presents different trade-offs regarding who manages the authentication process, holds user trust, and assumes liability.