The Rise of Passkeys: A New Era in Authentication and Fraud Prevention
The intersection of conversion pressure and fraud fatigue is creating a breaking point in commerce. Authentication failures and credential-based fraud are increasingly common, costing businesses billions annually. As consumers demand seamless digital experiences, merchants are seeking stronger, lower-friction authentication methods. This is driving accelerated interest in passkeys, a passwordless login solution poised to reshape online security.
The Problem: Credential Stuffing and Authentication Friction
Credential stuffing and phishing attacks continue to exploit password reuse, causing operational and reputational damage to merchants and financial institutions. Loyalty reward fraud, often stemming from compromised credentials, is a significant concern, with estimates reaching $3.1 billion in fraudulent redeemed loyalty points annually, resulting in approximately $1 billion in losses each year. High-income shoppers, frequent users of multiple digital accounts, are particularly vulnerable due to the value of their accounts and sensitivity to login friction.
What are Passkeys?
Passkeys are passwordless login credentials based on public-key cryptography. They are stored on a user’s device and unlocked locally with biometrics or a PIN, eliminating the need for shared passwords and reducing exposure to phishing and credential theft. This approach addresses key vulnerabilities in traditional authentication methods, where basic passwords are often insufficient and legacy systems struggle to keep pace with modern threats.
Platform Support and Adoption
Major platforms are recognizing the potential of passkeys. PayPal has expanded support for passkey-based login for consumer accounts in the United States and other markets, emphasizing the feature’s ability to reduce phishing risk and simplify sign-in. Stripe has published developer guidance encouraging merchants to implement passkeys through WebAuthn standards to improve login resilience and speed. These platforms, critical junctions in online checkout and wallet activity, are paving the way for wider adoption.
Passkeys are built on standards developed by the FIDO Alliance, which promotes phishing-resistant authentication based on public-key cryptography. Major operating systems and browsers now support passkeys, enabling credentials to be stored on a device and unlocked locally through biometrics or a device PIN.
Current Adoption Landscape
While passkey support is growing, adoption remains uneven. Some merchants have integrated passkeys into account login flows, while others continue to rely on passwords and SMS one-time passcodes due to integration costs, customer education hurdles, and account recovery complexity. Financial institutions are testing passwordless authentication in limited deployments, often layering it alongside existing multifactor controls.
Regulatory Considerations
Passkeys present both opportunities and scrutiny from a regulatory standpoint. Because biometric data typically remains on the user’s device, the model may reduce exposure under state biometric privacy laws. However, institutions must still satisfy supervisory expectations around strong authentication and fraud mitigation.
Benefits and Challenges
The commercial appeal of passkeys is significant. They eliminate password reuse, diminish phishing effectiveness, remove reliance on vulnerable SMS codes, shorten login times, and reduce password reset support costs. However, successful implementation requires consumer awareness and trust. Cross-device synchronization is improving but relies on platform ecosystems, and account recovery processes must be carefully designed to prevent lockouts without reintroducing weak fallback mechanisms.
The Future of Authentication
Merchants face measurable abandonment rates tied to authentication friction, and financial institutions continue to grapple with credential-based fraud. The trajectory of passkey adoption will depend on evidence demonstrating lower account takeover rates and improved conversion metrics within major wallet and checkout environments. As passkeys mature and become more widely adopted, they have the potential to significantly enhance both security and user experience in the digital commerce landscape.