DEV Community

Cover image for Payment Passkeys @ Mastercard: Revolution for Payment Security
vdelitz for Corbado

Posted on • Originally published at corbado.com

Payment Passkeys @ Mastercard: Revolution for Payment Security

Mastercard has taken a significant step forward with the August 2024 launch of its Payment Passkeys. This groundbreaking development integrates seamlessly with the Mastercard Token Authentication Service, offering a highly secure, passwordless authentication method that aligns with the latest in cybersecurity advancements.

Read the full blog post here

Introduction to Mastercard Payment Passkeys

Mastercard's Payment Passkeys, introduced in August 2024, represent a great innovation for digital payment security. These passkeys allow users to authenticate transactions securely without the need for traditional passwords. By leveraging biometric data and device-based credentials, Payment Passkeys not only enhance security but also streamline the payment process, making it both faster and more user-friendly.
This initiative is part of Mastercard's broader strategy to eliminate the vulnerabilities associated with password-based systems. With an increasing number of consumers expressing frustration over password management, Mastercard's Payment Passkeys provide a solution that addresses both security concerns and user experience. The introduction of these passkeys comes at a time when the financial industry is increasingly adopting advanced authentication methods to meet the growing demand for secure, frictionless transactions.

The Evolution of Passkeys in Financial Services

The introduction of Payment Passkeys is a direct response to the security requirements set forth by the Payment Services Directive 2 (PSD2) in the European Union, which mandates Strong Customer Authentication (SCA). Under PSD2, payment transactions must be authenticated using at least two of three factors: something the user knows, something the user has, or something the user is. Mastercard's Payment Passkeys satisfy these requirements by utilizing biometric data (such as fingerprint or facial recognition) and secure device storage.

As a longstanding member of the FIDO Alliance, Mastercard has been instrumental in advancing passkey and WebAuthn standards. The launch of Payment Passkeys marks the culmination of years of development and collaboration within the industry, further solidifying Mastercard's leadership in secure digital payments.

Implementing Payment Passkeys During Checkout

Mastercard's Payment Passkeys are designed to enhance the checkout process, offering a secure and efficient alternative to traditional authentication methods. During a payment transaction, users are typically redirected to a Mastercard-hosted page as part of the EMV 3DS issuer authentication process. This process ensures that the cardholder's identity is verified securely, often through biometric methods.
After successful authentication, users can create a Payment Passkey. This passkey is associated with Mastercard's domain, allowing it to be used across different merchant sites that support Mastercard's Token Authentication Service. This cross-site functionality eliminates the need for users to create new passkeys with each merchant, streamlining the user experience.
Depending on the specific implementation by the merchant, users may encounter one of two checkout flows:

  • Standard Passkey Flow: The user is redirected to the Mastercard authentication site to complete the transaction before being redirected back to the merchant's site.
  • SPC (Secure Payment Confirmation) Passkey Flow: The user remains on the merchant's site, where an SPC popup allows for on-site authentication without redirection.

These flows are designed to minimize friction during the payment process while maintaining the highest levels of security.

Benefits of Mastercard Payment Passkeys

The August 2024 introduction of Payment Passkeys through Mastercard's Token Authentication Service marks a significant milestone in the evolution of payment security. By fully replacing password-based authentication with passkeys, Mastercard is setting a new standard for secure digital transactions.
For merchants, the benefits include:

  • Reduced Fraud Risk: Authentication that is directly tied to the user's biometric data significantly lowers the risk of fraud and chargebacks.
  • Smoother Transaction Process: The elimination of passwords reduces friction at checkout, leading to higher approval rates and increased conversion rates.

For consumers, Payment Passkeys offer:

  • Seamless Cross-Device Transactions: Users can enjoy a consistent and secure checkout experience across different devices and merchant sites.
  • Enhanced Security: Passkeys provide phishing-resistant multi-factor authentication (MFA), offering robust protection against various forms of cyber threats, including phishing and credit card scams.

Implications for Merchants and Developers

The launch of Mastercard Payment Passkeys represents a huge advancement in the payment industry. Merchants who adopt this technology can expect to see a substantial reduction in fraud and an overall improvement in the user experience during transactions. For developers, integrating Mastercard's Payment Passkeys is an opportunity to stay at the cutting edge of payment security and user experience. Read the full analysis in our detailed blog post.

Top comments (0)