Passwordless Banking: How Global Regulations Are Transforming Authentication
Conor White
President, Strategic Initiatives
Conor White is part of the core team that founded Daon. He joined the company as Chief Technology Officer in 2001 with the goal of designing and delivering trusted experiences that put human beings back at the center of digital transactions. In 2015, Conor accepted the role of President of the Americas, where he led all Daon activities across North, South, and Latin America. Then, in 2023, he accepted the role of President, Strategic Initiatives, where he leads efforts to find Daon’s “next big thing.”
In his current role on the Senior Management team, Conor spearheads the company’s expansion by identifying opportunities to apply Daon’s tech stack in new markets and verticals around the world.
As CTO, Conor shaped Daon’s technology strategy, including the development of its award-winning IdentityX® platform. As President of the Americas, his responsibilities encompassed sales, business development, marketing, customer delivery and financial performance.
Conor has a proven, 25-year track record of innovation in digital identity and cybersecurity. He is an accomplished inventor, with more than 30 patents in the field of human authentication, and has architected some of the world’s highest-performing digital identity systems.
Conor is also a frequent speaker at international digital identity conferences on the topics of human identity, biometrics, and cybersecurity. He serves on several technology standards boards, both in the U.S. and abroad, and is a member of Daon’s Board of Directors.
Conor holds a B.Sc. in Computer Applications and an M.Sc. in Computer Science from Cork Institute of Technology. He is also a graduate of the Executive Leadership Program at Stanford University Graduate School of Business.
In his spare time, Conor enjoys traveling, playing bad golf and spending time with his wife and sons. In the last two years, he has become an avid cyclist (commuting almost daily when not traveling on business) and is seriously trying to find a way to get rid of his car!
October 30, 2025
The UAE Central Bank has announced that all banks must adopt passwordless banking and eliminate one-time passwords by March 2026. No more SMS codes. No more email verifications. No more customers locked out of their accounts waiting for a six-digit confirmation number that never arrives.
Within months, similar passwordless authentication mandates cascaded across the global banking landscape. Singapore’s monetary authority declared SMS OTPs obsolete for customers using secure alternatives. The Philippines set a June 2026 deadline for biometric authentication. Malaysia required app-based verification on registered devices. Regulators worldwide are reaching the same conclusion: passwords have become banking’s greatest liability, and institutions have less than 18 months to reinvent how billions of people access their money. The momentum for passwordless applications extends beyond financial services. When technology leaders like Oracle implement company-wide passwordless authentication, it signals that password elimination has become an enterprise imperative across all sectors.
The world’s largest banks aren’t waiting for passwordless banking regulations to force their hand. ANZ Plus, one of the “Big 4” banks in Australia, announced full passwordless authentication by 2025. The National Australia Bank also set a 2030 target for complete biometric banking transition. JPMorgan Chase and Bank of America, as board members of the FIDO Alliance, were already deep into deployment. These early movers understand something their competitors don’t yet grasp. They’re seizing the opportunity to transform their most common customer complaint into their strongest competitive advantage.
Why Passwordless Authentication Is Replacing One-Time Passwords
For two decades, SMS one-time passwords served as banking authentication’s universal second factor before passwordless banking emerged. Simple, familiar, and seemingly secure, they became the default authentication method for everything from balance checks to wire transfers. Banks sent billions of these six-digit codes annually, each one a tiny digital key meant to prove that the person attempting access was who they claimed to be.
Unfortunately, fraudsters have evolved faster than the tools intended to stop them. SIM swapping—where criminals hijack phone numbers by convincing carriers to transfer service to new devices—has turned from a rare occurrence into a daily threat. Phishing sites have become indistinguishable from legitimate banking portals, harvesting OTPs in real-time. Malware on compromised devices intercepts codes before users ever see them.
The UAE Central Bank’s passwordless banking mandate assessment was blunt: fraudsters are intercepting OTPs “through fake websites, duplicate SIM cards, or by tricking users into sharing codes.” What had once required sophisticated technical knowledge now requires only basic social engineering skills and readily available fraud tools.
OTPs aren’t just a security failure waiting to happen, they’re also a constant source of customer frustration. International travelers find themselves locked out when they can’t receive SMS messages across borders. For countless people living with poor cellular coverage, completing urgent banking transactions becomes impossible. Support centers field millions of calls about expired codes, undelivered messages, and authentication failures. The very system meant to protect customers has become their primary source of banking frustration.
Banks spend exorbitant amounts annually on SMS delivery charges, and costs continue to scale with every new customer and transaction. Fraud losses from compromised OTPs reach billions globally, making SMS authentication a liability no bank can afford. Authentication-related support costs alone consume enormous operational resources. The calculation for forward-thinking global banks is clear: continuing with SMS authentication is economically unsustainable.
Passwordless Authentication Solutions: FIDO Passkeys and Biometric Banking
The shift to passwordless authentication has introduced a catalog of superior technologies that work on fundamentally different principles. FIDO passkeys for passwordless banking eliminate memorization altogether, using cryptographic credentials that make authentication something that devices do automatically.
“This new capability stands to usher in a new wave of low-friction FIDO implementations,” Andrew Shikiar, Executive Director of the FIDO Alliance, explained to American Banker. Unlike passwords that exist as shared secrets between users and services, passkeys use public-key cryptography where the private key never leaves the user’s device. The result is “instant, phishing-resistant passwordless authentication” with nothing to steal, intercept, or forget.
Biometric banking authentication takes this convenience even further for passwordless banking. Emirates Face Recognition has partnered with UAE banks to enable login through facial scanning. ANZ’s biometric rollout means customers can access accounts with a glance or touch rather than typing passwords on tiny keyboards. Modern biometric banking solutions use liveness detection to ensure real human presence, preventing spoofing attempts with photos or masks.
Risk-based passwordless authentication adds intelligence to the banking authentication process. A customer checking their balance might only need device recognition, while international wire transfers could trigger additional biometric verification. This contextual security means that routine banking remains frictionless while high-risk transactions receive appropriate scrutiny. The passwordless banking system learns from patterns—recognizing when customers typically bank, from which locations, and through which devices—creating invisible security that only appears when needed.
The most sophisticated passwordless authentication deployments incorporate AI-powered deepfake detection, protecting against synthetic media attacks that might fool human reviewers. Hardware security keys provide an additional option for customers requiring the highest security levels, while post-quantum cryptography prepares systems for future threats that don’t yet exist.
What unifies these technologies isn’t just their security superiority but their user experience philosophy. Each method prioritizes customer convenience alongside protection. Biometric banking scans are faster than typing passwords in passwordless authentication. Passkeys eliminate password reset procedures entirely. Risk-based systems remove unnecessary friction from routine tasks. The result is passwordless banking authentication that customers actually prefer: security that enhances rather than impedes their banking experience.
Passwordless Banking Compliance: How Regulatory Requirements Enhance CX
The business case for passwordless banking is already proving itself in real-world deployments. Banks implementing passwordless authentication and eliminating SMS report immediate operational savings—millions in annual SMS charges disappear overnight. Support call volumes drop 30-40% as password reset requests vanish. Fraud losses from account takeover attacks, which passwordless banking addresses and which have reached billions globally, are declining dramatically as phishing-resistant authentication removes the primary attack vector.
The real impact is seen in customer behavior. Digital adoption rates, long plateaued by authentication friction, are suddenly surging. Customers who abandoned mobile banking due to OTP frustrations are returning. Transaction completion rates are increasing as authentication failures disappear.
Early passwordless banking adopters like UBank are demonstrating how compliance can become a competitive advantage. By implementing passwordless authentication ahead of mandates, they’re differentiating through superior user experience while competitors scramble to meet deadlines. These banks market security as a feature rather than a restriction, attracting security-conscious customers who also value convenience.
The passwordless banking trust equation has fundamentally shifted. Instead of cumbersome security measures that frustrate without protecting, banks offer genuine protection that customers barely notice. Regulatory-grade security that people actually want to use sounds impossible—until banks realize that the best security is the kind customers never have to think about.
Passwordless authentication revenue implications extend beyond cost savings. Higher-value transactions that previously required branch visits can move online safely with biometric banking. New digital services, impossible under password-based authentication, are becoming viable. Customer lifetime value increases as friction decreases. The dual dividend of meeting regulatory requirements while enhancing customer experience creates returns that justify transformation investments many times over.
Implementing Passwordless Banking
ANZ Plus’s announcement of passwordless authentication by 2025 comes with an important detail: customers will have two authentication options, ensuring compliance while maintaining choice. This balanced passwordless banking approach of mandated security with user control exemplifies how successful banks are navigating the transition from passwords to biometrics.
Singapore’s coordinated passwordless banking transformation offers a masterclass in industry-wide change management. When MAS aligned requirements across DBS, OCBC, and UOB, it creates market-wide normalization. Customers don’t feel singled out by their specific bank’s passwordless authentication transition since everyone is moving together. This coordinated approach reduces customer confusion and resistance while preventing any single institution from bearing competitive disadvantage during transition.
“We have to explain to customers that what feels like a big change is actually a win-win: stronger protection and less hassle,” said a senior executive at a leading UAE bank. This passwordless banking communication philosophy of focusing on benefits rather than compliance proves crucial for customer acceptance. Banks that lead with convenience gains rather than regulatory requirements see higher voluntary adoption rates.
The most successful passwordless authentication implementations use regulatory deadlines as a catalyst for overdue improvements. Rather than building minimum viable passwordless banking compliance solutions, forward-thinking banks create authentication experiences that customers would choose regardless of regulations. They’re discovering that compliance requirements often align with what customers have wanted all along: faster, simpler, more reliable access to their money.
Migration strategies balance ambition with pragmatism. Phased rollouts allow banks to learn and adjust before full deployment. Maintaining temporary fallback options reduces anxiety for hesitant customers. Clear timelines give users time to adapt while creating urgency for adoption. Success metrics spanning both passwordless banking regulatory adherence and customer satisfaction ensure that compliance doesn’t compromise user experience.
Early passwordless banking adopters reveal an unexpected insight: regulatory compliance actually accelerates digital transformation. The infrastructure investments required for passwordless authentication, including biometric systems, risk engines, and identity platforms, create foundations for broader innovation. Banks building for compliance discover they’re actually building for the future.
The Daon Advantage: Enabling Seamless Passwordless Banking Solutions
As banks worldwide race to meet passwordless banking deadlines while maintaining competitive edge, the choice of technology partner becomes strategically critical. Daon’s biometric banking authentication suite, purpose-built for passwordless banking scale, addresses the dual challenge of regulatory compliance and customer experience transformation that defines modern financial services.
Our passwordless authentication facial recognition and fingerprint technologies reimagine the entire authentication experience. With privacy-preserving architecture that meets stringent data protection requirements from the EU’s GDPR to Singapore’s PDPA, Daon enables banks to deploy biometric solutions confidently across jurisdictions. The platform’s seamless integration with existing banking authentication infrastructure means institutions can transform authentication without rebuilding their digital foundations.
Whether meeting the UAE’s 2026 passwordless banking deadline, Singapore’s digital token requirements, or the Philippines’ biometric mandates, Daon’s solutions deliver on passwordless banking’s essential promise: enhanced security that customers prefer using.
