Digital Transactions Authoritative, insightful and timely information for payments professionals
Mastercard Inc. is taking on the problematic use of passwords with its new Biometric Authentication Service.
Announced Wednesday, the new global service is meant to help resolve friction and vulnerability issues that arise from ceaseless passwords and multi-factor authentication prompts, Mastercard says.
The service relies on standards from the Fast Identity Online Alliance, also known as FIDO, which has been instrumental in developing new authentication measures, such as passkeys. Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-in to Web sites and apps. Mastercard created a developer’s Web site that includes documentation on the service.
A passkey consists of a key pair that includes one public key, which is registered with the Web site or app being used, and one private key, which is held only by the user’s device. Public passkeys are linked only with the Web site or app they were created for, which protects users from being tricked into using a passkey to sign in to a fraudulent site or app.
The use of this technology and biometrics can streamline account logins and changes, Mastercard says. “Authentication can happen within the browser or mobile app with a consumer’s preferred biometric such as FaceID or fingerprint, enabling effortless digital experiences without needing to toggle between multiple apps or devices,” Mastercard says. “The service supports all card brands and other forms of payments beyond cards. For merchants and financial institutions, it means reduced operational costs and a better experience for consumers.”
Adopting better authentication technology is essential, Mastercard argues. “Roughly 80% of confirmed data breaches are related to weak or stolen passwords,” Dennis Gamiello, an executive vice president who leads Identity Products and Innovation at Mastercard, says in a statement. “The vulnerability of passwords, including one-time passwords used in multi-factor authentication, only increases as we move to a more digital world. That’s why we need to replace the password with the person.” FIDO passkeys also are resistant to phishing attempts because there’s no sharing of passwords or codes.
Other payments companies have adopted passkeys. PayPal Holdings Inc. did so in 2022. Others include Adobe Inc., Google, and Shop by Shopify.
