For years, consumers in India, like those in other digitally-advanced markets, such as the US and the UK, have lived under the shadow of a familiar warning: “Do not share your one-time-password (OTP)–your bank will never ask for it.” In a way, this is the digital equivalent of “don’t give your house keys to strangers.” Though simple to understand and follow, incidents of break-ins continue to rise.
For instance, in the first half of 2024 alone, phishing attacks targeting consumers—including those aimed at stealing and/or manipulating OTPs—surged by 175%. A massive 135,000+ incidents were reported across digital banking, e-commerce, and payment platforms during this period.
That’s why, when the Reserve Bank of India recently announced its decision to allow alternative authentication methods beyond OTPs, it was music to the ears of all key players across the financial ecosystem. With this move, RBI once again demonstrated its leadership as one of the world’s most forward-thinking regulators. Notably, the ‘bank of banks’ had earlier mandated tokenization—positioning India among the safest countries for card-based digital payments.
No wonder, nearly 47% of urban Indian households have experienced at least one financial fraud in the past three years. What’s especially alarming is that these scams don’t just target the less tech-savvy—even highly educated and digitally aware individuals, including doctors and engineers, are falling victim to increasingly sophisticated tactics like OTP-based fraud.
In fact, today, 68% of newly sold smartphones in the country come equipped with biometric features, and 40% of mobile wallet transactions are authenticated using this technology. According to Okta’s 2025 Digital Trust Index, 55% of Indian consumers use fingerprint recognition, and 79% trust it as a secure method of authentication.
Face ID is also gaining traction, with 35% adoption among users. What’s especially reassuring is that biometric data is typically stored locally on the device, rather than transmitted over networks—making it significantly harder for cybercriminals to intercept or misuse.
In simple terms, payment passkeys replace passwords and OTPs with biometric authentication and secure, encrypted verification stored locally on the device. Using public key cryptography, they ensure that the user’s private key never leaves their phone or laptop.
By eliminating the need to enter OTPs and passwords—both vulnerable to phishing—passkeys make payment authentication and checkout safer, simpler, and more intuitive. For India, where smartphone penetration is high and the fintech adoption rate exceeds 80%, the mainstreaming of this solution could make secure authentication almost intrinsic—enhancing public trust in digital solution, while reducing transaction drop-offs for businesses.
While these figures highlight the growing potential of biometric-based payments, what makes payment passkeys particularly compelling is their seamless integration into the existing digital infrastructure of banks, fintechs, and merchants. By leveraging device-native APIs, passkeys offer a scalable and secure solution—unlocking possibilities for frictionless payments at scale that were previously unimaginable.
With Aadhaar-based eKYC, high smartphone penetration, and growing consumer comfort with biometrics, India has laid a strong foundation for the next leap in digital payments. The widespread adoption of this form of authentication has the potential to set a new global benchmark. By standardizing checkout flows, ensuring interoperability, and fostering user awareness, India can build a unified, frictionless payment ecosystem for the world to follow.
This progress, when it happens, will be instrumental in advancing the vision of a ‘Viksit Bharat’, where smarter, safer, and more inclusive commerce becomes a cornerstone of the digital economy.
For instance, in the first half of 2024 alone, phishing attacks targeting consumers—including those aimed at stealing and/or manipulating OTPs—surged by 175%. A massive 135,000+ incidents were reported across digital banking, e-commerce, and payment platforms during this period.
That’s why, when the Reserve Bank of India recently announced its decision to allow alternative authentication methods beyond OTPs, it was music to the ears of all key players across the financial ecosystem. With this move, RBI once again demonstrated its leadership as one of the world’s most forward-thinking regulators. Notably, the ‘bank of banks’ had earlier mandated tokenization—positioning India among the safest countries for card-based digital payments.
A legacy system awaiting overhaul
While the concept of one-time passwords dates to the 1980s, they gained significant traction in India’s financial services during the early 2000s. For years, OTPs served as the default second layer of defense for online transactions—valued for their simplicity, familiarity, and ease of implementation. However, with rapid digitization and evolving technologies, OTPs have become increasingly vulnerable to phishing attacks and are often unreliable due to network issues and user fatigue.No wonder, nearly 47% of urban Indian households have experienced at least one financial fraud in the past three years. What’s especially alarming is that these scams don’t just target the less tech-savvy—even highly educated and digitally aware individuals, including doctors and engineers, are falling victim to increasingly sophisticated tactics like OTP-based fraud.
A new era for security
Introducing biometric authentication through fingerprints, facial recognition, and iris scans. By leveraging traits that are unique, unshareable, and difficult to replicate, this technology adds a critical layer of protection to the digital economy. India has already embraced biometric authentication in everyday life—from unlocking smartphones to checking in at airports and accessing secure apps.In fact, today, 68% of newly sold smartphones in the country come equipped with biometric features, and 40% of mobile wallet transactions are authenticated using this technology. According to Okta’s 2025 Digital Trust Index, 55% of Indian consumers use fingerprint recognition, and 79% trust it as a secure method of authentication.
Face ID is also gaining traction, with 35% adoption among users. What’s especially reassuring is that biometric data is typically stored locally on the device, rather than transmitted over networks—making it significantly harder for cybercriminals to intercept or misuse.
A transformative leap
If biometrics are a technological upgrade, payment passkeys are a transformative leap towards a future where digital transactions are secure by design and simple by default. Mastercard was the first company to introduce this solution in the Indian market as a pilot in August 2024.In simple terms, payment passkeys replace passwords and OTPs with biometric authentication and secure, encrypted verification stored locally on the device. Using public key cryptography, they ensure that the user’s private key never leaves their phone or laptop.
By eliminating the need to enter OTPs and passwords—both vulnerable to phishing—passkeys make payment authentication and checkout safer, simpler, and more intuitive. For India, where smartphone penetration is high and the fintech adoption rate exceeds 80%, the mainstreaming of this solution could make secure authentication almost intrinsic—enhancing public trust in digital solution, while reducing transaction drop-offs for businesses.
A look at the rest of the world
Already, more than 50% of consumers in the Asia-Pacific region use biometrics for everyday transactions. In the US, adoption surged by nearly 30% between 2022 and 2023, with continued momentum through 2025. Today, nearly half of Gen Z consumers there prefer biometrics as their go-to method for making digital payments. Globally, the biometric payment market is projected to exceed $46 billion by the end of this year.While these figures highlight the growing potential of biometric-based payments, what makes payment passkeys particularly compelling is their seamless integration into the existing digital infrastructure of banks, fintechs, and merchants. By leveraging device-native APIs, passkeys offer a scalable and secure solution—unlocking possibilities for frictionless payments at scale that were previously unimaginable.
With Aadhaar-based eKYC, high smartphone penetration, and growing consumer comfort with biometrics, India has laid a strong foundation for the next leap in digital payments. The widespread adoption of this form of authentication has the potential to set a new global benchmark. By standardizing checkout flows, ensuring interoperability, and fostering user awareness, India can build a unified, frictionless payment ecosystem for the world to follow.
This progress, when it happens, will be instrumental in advancing the vision of a ‘Viksit Bharat’, where smarter, safer, and more inclusive commerce becomes a cornerstone of the digital economy.
(Disclaimer: The opinions expressed in this column are that of the writer. The facts and opinions expressed here do not reflect the views of www.economictimes.com.)
Gautam Aggarwal
President, India & South Asia, Mastercard