Q&A with Andrew Shikiar, CEO of FIDO
We had the pleasure of sitting down with Andrew Shikiar, CEO of the FIDO Alliance known for their creation and evangelism of the Passkey the authetnication method we've all come to know and love. The team here at Ideem, is of course huge fans of the passkey and what it has done to revolutionize how people authenticate themselves and were honored that Andrew took the time to answer all of our questions about passkeys and banking. That Q&A is below. Of course if you're interested in learning more about how Ideem is making passkeys bank-grade you can learn more at our site.
Without further ado, the conversation with Andrew.
Andrew, thank you for taking the time to speak with us. You’ve said that “2025 is shaping up to be a year of passkeys breaking through into consumer banking and payments, dispelling the myth that banks will never embrace passkeys.” For years, adoption has moved quickly in consumer platforms but more slowly in financial services, where security, regulation, and customer trust create a higher bar. Now we’re seeing signs of change, and you’ve called this year a turning point. We’d like to spend some time today digging into why you think this is the year they adopt, the regulatory environment, the challenges, and how FIDO is helping both banks and their customers make the transition.
Adoption Pace & Trust Factors
Why do you think banks have been more cautious in adopting passkeys compared to other consumer services?
Banks tend to be more conservative than many other industries given the critical role they play in the global financial system and as custodians of public funds. Banks also face much higher levels of scrutiny and regulatory oversight, and require higher levels of identity assurance. This understandably leads to a more considered approach to adopting new technologies, especially ones that represent a fundamental shift in how they operate. Banks do recognize the unique advantages passkeys bring, and we’re now seeing many leading banks roll out passkeys to their customers, including, ABANCA, BBVA, Citi, Shinhan Bank, Standard Bank, UBank, and Wells Fargo.
For banks that have started rolling out passkeys, what kinds of extra controls might they layer on to meet regulatory or internal security requirements?
Ultimately, authentication is largely about signals to relying parties so they can determine whether an authentication attempt is genuine. Passkeys provide a far stronger signal than many technologies typically employed today, such as passwords and outdated multi-factor authentication methods like SMS OTPs. Each deployer has to determine how much they want to rely on this very strong signal associated with a passkey and some may want to augment this with added explicit or passive data about the user and/or their device.
Regulatory & Compliance Pressures
Do you see differences in how regulators in APAC, Europe, and the US are thinking about passkeys, particularly around device binding and data residency?
Historically, authentication-related regulatory policy only contemplated a world predicated on how to make passwords less risky. This resulted in additional security measures being layered on top, such as OTPs. There has been a significant shift in this approach over the past few years, with passkeys being recognized as a true and effective password replacement that meets traditional MFA requirements. This can be seen by leading agencies, including the National Institute of Standards and Technology (NIST) and the European Union Agency for Cybersecurity (ENISA) among others, citing and endorsing passkeys, while also underscoring the importance of non-phishable credentials.
Challenges
What are the most common challenges banks raise when they look at passkeys? Is it integration with legacy infrastructure, customer education, or something else?
The challenges will vary depending on the bank in question, but much of this boils down to typical change management issues we see in any transformation project. Legacy integrations and customer education are certainly a part of that, but they are easily addressable if the organization has the conviction and the buy-in of all the necessary stakeholders.
Consumer Education
In many markets, OTPs have been the default for years. We’ve seen banks invest heavily in educating users about why those OTPs are going away. How is FIDO helping banks prepare that messaging so customers trust the change rather than resist it?
We have released UX guidelines so that product managers, designers, researchers, and engineers at service providers deploying passkeys at scale in ways that will optimize consumer enrollment and utilization. This includes guidance on messaging, how and when to prompt for passkey enrollment and best practices for customer support. All of this guidance is freely available on our Passkey Central resource center.
I have also heard from several banks that they receive many inbound requests from customers asking for passkey support - which makes sense as passkeys have wide consumer awareness and utilization across the world. So while there will be consumers where education is clearly very important, there are also those who understand the technology and are ready and waiting to adopt it.
Beyond education, do you see opportunities for banks to use UX design things like app flows, prompts, or default settings to make the transition feel as natural as possible for users?
Passkeys have always aimed to tackle the dual issues of security and usability, so UX is a critical component. Our UX design guidelines are based on design patterns, which are self-contained experiences that organizations can combine to match their unique business and customer needs.
The Big Picture
If 2025 is the year of passkey adoption in banking, what does success look like twelve months from now? What metrics or milestones will tell you that the breakthrough has happened?
Banks recognize that in passkeys we now have technology that's highly secure, highly usable and is capable of supporting the entire banking and payments industry. We’ve discussed the higher bar that banks have to meet and they have been exploring adoption behind the scenes and doing their due diligence. A major factor that is giving banks the confidence to take the next step is the universal support from regulators, governments and major organizations and platforms for what we’re doing in the FIDO Alliance. By this point next year I anticipate seeing many more banks joining those who’ve already adopted passkeys.
