Razorpay introduces biometric passkey card authentication through partnerships with Mastercard and Visa.

2026-04-03

Razorpay has introduced a biometric passkey-based card authentication solution in India, jointly developed with Mastercard and Visa.

This new system replaces traditional one-time passwords (OTPs) with device-linked biometric verification—utilizing fingerprint or facial recognition—enabling cardholders to authenticate payments directly from their devices without needing redirections or manual inputs.

The solution is designed to fully comply with the Reserve Bank of India’s (RBI) two-factor authentication guidelines, effective in 2025. It substitutes the OTP verification step with a more secure biometric confirmation tied to the user’s device, ensuring regulatory standards while enhancing user convenience during transactions.

From Concept to Implementation

The development timeline of this capability spans multiple years. At the Global Fintech Fest in 2024, Razorpay and Mastercard showcased a live proof of concept for biometric card authentication using passkeys. As the RBI’s two-factor authentication regulations came into effect in 2025, Razorpay swiftly deployed its native Access Control Server (ACS) infrastructure to support large-scale biometric authentication within ten days of the regulatory deadline. By 2026, during the AI Impact Summit, Razorpay demonstrated how this technology integrates seamlessly with live commerce processes alongside Mastercard and a retail partner.

Currently, the solution is integrated across both Mastercard and Visa networks, thereby broadening its applicability to cover a greater proportion of card transactions processed in India.

Regulatory Compliance and Market Context

India’s digital payments landscape has witnessed significant advancements in tokenization and authentication infrastructure. The RBI has emphasized the need for robust, secure authentication mechanisms, with the passkey standard, based on FIDO (Fast Identity Online) protocols, aligning well with this direction by tying credentials to a specific device.

From a merchant perspective, the new authentication method could significantly reduce abandoned transactions at the verification stage. This is especially beneficial for OTP-based flows where delays or network issues often result in transaction interruptions. For cardholders, it eliminates dependency on receiving and entering time-sensitive codes, thereby reducing risks associated with interception and SIM-based fraud.

The solution supports both traditional interface-based transactions and conversational commerce environments, making verification processes more fluid and compatible with AI-driven and mobile-first ecosystems. An official from Razorpay noted that the goal is to ensure authentication is seamless, enabling rather than hindering commerce.

A Visa representative emphasized that the passkey solution aims to progress beyond OTP-reliant systems while adhering to RBI’s two-factor authentication requirements. Similarly, Mastercard highlighted this development as a significant industry shift in alignment with regulatory trends set by India’s central bank.