All posts

Visa launches Payment Passkey in India to replace OTPs

Manaal KhanJuly 13, 2026 at 6:31 AM5 min read
Visa launches Payment Passkey in India to replace OTPs

Key Takeaways

Visa Payment Passkeys Launched In India: Will Biometrics Replace OTPs?

Visa launches Payment Passkey in India to replace OTPs
Source: Tech-Economic Times
  • Visa's Payment Passkey uses device biometrics instead of SMS OTPs for card authentication
  • Service is live with IDFC FIRST Bank and merchants including Myntra, Paytm, and MakeMyTrip
  • Launch follows RBI's April 2025 framework allowing alternatives to OTP-based authentication

Visa launched its Payment Passkey service in India on Thursday, letting cardholders approve online purchases with fingerprint, facial recognition, or device PIN instead of typing a one-time password. The service is live with IDFC FIRST Bank and rolling out to users on Myntra, Paytm, MakeMyTrip, Tata Starbucks, Reliance Digital, and EatSure.

Payment aggregators Juspay, Wibmo, Razorpay, PayU, Pine Labs, BillDesk, M2P Fintech, and Paytm Payments Services are handling the integration. After a one-time enrollment, users can authenticate at any participating merchant without receiving or entering an SMS code.

Advertisement

How does Payment Passkey work?

The product is built on FIDO, a global passkey framework backed by Apple, Google, and Microsoft. FIDO lets a device or browser verify identity through public-key cryptography tied to biometrics, eliminating the need for passwords or OTPs that can be intercepted.

In practice, a customer at checkout confirms the payment the same way they unlock their phone. The authentication stays on the device. No SMS is sent, no code is typed, and no redirect to a bank page is required.

"With Visa Payment Passkey, we are helping make digital commerce safer, more inclusive, and easier to use by enabling people to authenticate card payments through familiar device-based experiences such as biometrics, PINs, passwords, or patterns," said Suresh Sethi, group country manager for India and South Asia at Visa.

Why is OTP-based authentication a problem?

OTP-based checkout has been a persistent friction point for online card payments in India. Transactions fail because of delayed SMS delivery, weak network connectivity, wrong entries, or redirect issues. Each failure is a lost sale for merchants and a frustrated customer who may switch to a competitor.

Security is the bigger concern. Industry estimates attribute roughly 40% of digital payment fraud in India to OTP interception and phishing attacks. Attackers use SIM-swap fraud, fake bank websites, and social engineering to capture codes. Passkeys, by design, cannot be phished. The cryptographic keys never leave the user's device, and there is no code to intercept or trick the user into revealing.

FIDO Alliance data suggests passkey authentication is about 3x faster than traditional OTP verification and can reduce checkout abandonment by 46% compared to password-based flows.

What triggered this launch?

The Reserve Bank of India's new authentication framework took effect on April 1, 2025. The framework retained the requirement for two-factor authentication on digital payments but, for the first time, allowed banks and payment companies to use alternatives to SMS OTPs. That regulatory green light is what made this rollout possible.

Visa said it has been developing the product for nearly two years. The Economic Times first reported on the initiative in November 2024. With the RBI framework now live, Visa and its partners moved quickly to bring passkeys to market.

Advertisement

What does this mean for AI-powered commerce?

Visa is positioning passkeys as infrastructure for agent-led commerce, a future where software agents make purchases on a user's behalf. If an AI assistant books your flight or reorders office supplies, you still need to authorize the payment. Passkeys could capture that approval before the delegated transaction is initiated, according to Ramakrishnan Gopalan, Visa's head of products for India and South Asia.

This is forward-looking, but not far-fetched. OpenAI, Google, and other AI labs are building agents capable of browsing the web and completing tasks. Payment authentication that works without human intervention at the moment of purchase, but with prior consent, is a prerequisite for those agents to transact.

Which devices and browsers are compatible?

Visa said the service works with major operating systems and browsers on any passkey-enabled device globally. Apple, Google, and Microsoft have all shipped passkey support in their platforms. Most smartphones sold in the past three years can use the service.

The main constraint is merchant adoption. Passkey authentication only works where the retailer, payment aggregator, and issuing bank have completed integration. Visa's initial partner list covers major e-commerce and travel sites, but the long tail of Indian merchants will take time to onboard.

ℹ️

Logicity's Take

Visa's move addresses two problems at once: checkout friction that costs merchants revenue, and phishing attacks that cost consumers money. For CTOs running e-commerce platforms, the integration work is nontrivial but the payoff is clear: fewer abandoned carts, fewer fraud chargebacks. The agent-commerce angle is speculative today, but Visa is placing an early bet that whoever owns the authentication layer for AI-initiated transactions will have significant leverage. Payment aggregators like Razorpay and PayU are already integrated, so the path to adoption is straightforward for most Shopify or custom-stack merchants. Watch for Mastercard and RuPay to announce competing passkey products within the quarter.

What happens next?

India processes more digital transactions than any other country, with UPI alone handling over 10 billion monthly transactions. Card payments are a smaller but high-value segment. Reducing friction on that segment could shift some UPI volume back to cards, where issuers earn interchange fees.

The broader question is whether passkeys become the default authentication method in India or remain an option alongside OTPs. That depends on how aggressively banks push enrollment and how quickly merchants integrate. Visa has the regulatory cover and the partner network. Execution will determine whether this is a footnote or a turning point.

Frequently Asked Questions

Is Visa Payment Passkey available to all Indian cardholders?

Not yet. The service is currently limited to IDFC FIRST Bank cardholders and select users on participating merchants. Visa plans to expand to more banks and merchants over time.

Do I need a special app to use Payment Passkey?

No. Passkey authentication uses your device's built-in biometrics and is supported by major browsers and operating systems. No additional app is required.

Can passkeys be phished like OTPs?

No. Passkeys use public-key cryptography tied to your device. The private key never leaves your phone, so there is nothing for an attacker to intercept or trick you into revealing.

Will OTPs be phased out completely?

The RBI framework still allows OTPs as one authentication option. Passkeys are an alternative, not a replacement. Banks and merchants will likely offer both for some time.

Which merchants support Visa Payment Passkey at launch?

Myntra, Paytm, MakeMyTrip, Tata Starbucks, Reliance Digital, and EatSure are the initial merchant partners. More will be added as integration progresses.

ℹ️

Need Help Implementing This?

If you're a merchant or fintech looking to integrate passkey authentication into your payment flow, reach out to your payment aggregator. Razorpay, PayU, and Juspay are already supporting the Visa Payment Passkey integration. For questions on implementation strategy, contact us at Logicity.

Source: Tech-Economic Times / ET

Advertisement
M

Manaal Khan

Tech & Innovation Writer

Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.

Related Articles