Industry

Fintech Β· Payments Β· Enterprise UX

Organization

American Express

Industry

Fintech Β· Payments Β· Authentication UX

Organization

American Express

Passkey in 3DS: Building American Express's First Biometric Authentication Framework From OTP Dependency to Biometric-First Authentication

Passkey in 3DS: End-to-End Authentication UX Framework From OTP Dependencyto Biometric-First Authentication

Passkey in 3DS: Building American Express's First Biometric Authentication Framework
From OTP Dependency to
Biometric-First Authentication

Passkey in 3DS: Building American Express's First Biometric Authentication Framework From OTP Dependency to Biometric-First Authentication

Role

Senior Product Designer

Scope

End-to-End Passkey UX Framework β€” Checkout & Issuer Bank App

Timeline

Oct 2025 – Ongoing

πŸ’‘Executive SummaryπŸ’‘

πŸ’‘Executive SummaryπŸ’‘

As a Senior Product Designer at American Express, I led the end-to-end UX framework for Passkey in 3DS β€” replacing OTP with biometric-first authentication across the checkout flow and issuer bank app.

With no existing internal framework to reference, I built it from scratch β€” auditing competitor guidelines across major networks, aligning with PMs and engineering on SPC (Secure Payment Confirmation) constraints, and delivering a globally scalable framework ahead of issuer bank adoption timelines.


The framework spans two environments β€” checkout and issuer bank app β€” covering the full Passkey lifecycle: creation, enrollment, authentication, lifecycle management, and edge cases. India was scoped as the first target market, with global rollout to follow.

As a Senior Product Designer at American Express, I led the end-to-end UX framework for Passkey in 3DS β€” replacing OTP with biometric-first authentication across the checkout flow and issuer bank app.

With no existing internal framework to reference, I built it from scratch β€” auditing competitor guidelines across major networks, aligning with PMs and engineering on SPC (Secure Payment Confirmation) constraints, and delivering a globally scalable framework ahead of issuer bank adoption timelines.


The framework spans two environments β€” checkout and issuer bank app β€” covering the full Passkey lifecycle: creation, enrollment, authentication, lifecycle management, and edge cases. India was scoped as the first target market, with global rollout to follow.

πŸ”₯ The Problem

American Express Had No Defined Passkey UX – While Competitors Already Did

Every time you shop online and your bank asks you to verify your identity before completing a payment β€” that's 3DS. It's the global authentication protocol that sits between a cardholder and their bank during checkout, happening billions of times a day across every major card network worldwide.

For years, that moment looked the same: receive a one-time passcode (OTP) by SMS, type it in, done. The industry is now replacing OTP with Passkey β€” Face ID or fingerprint. One gesture. No code. Faster and more secure.

Visa, Mastercard, and other networks had already published UX guidelines for this transition. American Express had none β€” creating five concrete gaps:

  • Passkey creation during checkout had no defined flow

  • OTP-to-Passkey authentication had no replacement pattern

  • Checkout and issuer bank app experiences were misaligned

  • Lifecycle management (add, update, delete) was unaddressed

  • Risk of inconsistent implementation once issuer banks were ready to adopt

Without a structured UX framework, American Express would be unable to support issuer banks at the speed the market required.

βœ… The Objective

From OTP Dependency to a Presentation-Ready Biometric Authentication Framework

Design a clear, presentation-ready Passkey 3DS UX framework β€” defining how Passkeys are created during checkout, how they replace OTP during 3DS authentication, how the checkout and issuer bank app experiences align, and how cardholders manage their Passkeys over time.

The goal: ensure American Express is prepared before the market demands it β€” design readiness ahead of issuer adoption, not launch.

πŸ”¦ Understanding the Technical Context

From OTP to Biometrics β€” How Passkey Changes 3DS Authentication

What is 3DS?

What is 3DS?

3-D Secure (3DS) is an additional authentication (security) step that happens during online payments – verifying that the person completing the purchase is the actual cardholder.

3-D Secure (3DS) is an additional authentication (security) step that happens during online payments – verifying that the person completing the purchase is the actual cardholder.

What changes with Passkey?

What changes with Passkey?

  • Instead of: Payment β†’ Receive OTP β†’ Enter code β†’ Authenticate

  • It becomes: Payment β†’ Face ID / Fingerprint β†’ Authenticate


Biometric-based Passkey authentication replaces OTP during the 3DS verification step β€” making the experience faster, more secure, and frictionless for cardholders globally.

  • Instead of: Payment β†’ Receive OTP β†’ Enter code β†’ Authenticate

  • It becomes: Payment β†’ Face ID / Fingerprint β†’ Authenticate


Biometric-based Passkey authentication replaces OTP during the 3DS verification step β€” making the experience faster, more secure, and frictionless for cardholders globally.

ACS (Access Control Server) β€” The server that powers the identity verification screen during 3DS checkout.

ACS (Access Control Server) β€” The server that powers the identity verification screen during 3DS checkout.

ACS (Access Control Server) β€” The server that powers the identity verification screen during 3DS checkout.

ACS (Access Control Server) β€” The server that powers the identity verification screen during 3DS checkout.

SafeKey β€” American Express's own 3DS authentication screen, powered by its ACS. This became the key integration point for Passkey enrollment within the checkout flow.

SafeKey β€” American Express's own 3DS authentication screen, powered by its ACS. This became the key integration point for Passkey enrollment within the checkout flow.

SafeKey β€” American Express's own 3DS authentication screen, powered by its ACS. This became the key integration point for Passkey enrollment within the checkout flow.

SafeKey β€” American Express's own 3DS authentication screen, powered by its ACS. This became the key integration point for Passkey enrollment within the checkout flow.

πŸ«† Final Outcomes

The Complete Passkey UX Framework – Across Both Environments

The final framework covers the full Passkey lifecycle across two environments β€” from the moment a cardholder first encounters Passkey during checkout, through authentication as a returning user, to managing credentials within the issuer bank app.

β˜‘οΈ Checkout Environment

Delivered a biometric-first authentication flow within the existing SafeKey (American Express's 3DS authentication service) checkout experience β€” updated to reflect FIDO Alliance SPC standards for cross-origin compliance.

Passkey Authentication with SPC β€” Checkout Environment

β˜‘οΈ Issuer Bank App Environment

Designed the full lifecycle management experience within the issuer bank app β€” enabling cardholders to add, update, and delete Passkeys independently of the checkout flow.

Passkey Lifecycle Management β€” Issuer Bank App Β· Enrollment Flow

πŸ™‹πŸ»β€β™€οΈ My Role

End-to-End UX Ownership – From Research to Implementation-Ready Design

I led the end-to-end UX design for a framework that didn't exist β€” no internal reference, no established pattern to follow. Starting from zero, I audited competitor guidelines, defined the interaction model across both environments, and designed the full enrollment, authentication, and lifecycle management flows.

When the FIDO Alliance published an updated SPC specification mid-project, I rebuilt the authentication flow from the ground up β€” turning a technical constraint into a stronger, more implementation-ready design.

▢️ Design Progress

Competitive Analysis Β· Stakeholder Alignment Β· Iterative Design

πŸ“’ Phase 1 – Competitive Analysis Understanding the Industry Baseline

Before defining the framework, I audited Visa and Mastercard's existing Passkey UX guidelines β€” and analyzed how the company's own cardholder platform already handled Passkey registration and authentication β€” to understand what was already established and where the company needed to define its own approach.

What made American Express's framework distinct was the SafeKey step-up screen β€” a native authentication touchpoint within the 3DS flow. I anchored Passkey creation within this existing screen, turning a familiar security moment into the natural entry point for enrollment.

Competitive Landscape – Passkey UX Across Networks

Amex MYCA (Cardholder Platform) – Passkey User Journey Analysis

πŸ“’ Phase 2 – Alignment with PM and Engineering Turning Technical Complexity Into Shared Design Direction

I facilitated structured working sessions with PMs β€” sharing design thinking through presentations and walking through interaction decisions in real time.

The most complex challenge was a mid-project specification change. When the FIDO Alliance published an updated SPC spec, it redefined how the Passkey credential is scoped and who acts as the relying party β€” directly affecting the authentication flow structure and requiring a full redesign of the returning user checkout experience.

πŸ“’ Phase 3 – Design & Iteration From Framework to Implementation-Ready Prototype

With the framework established, I designed the full flow across both environments. The SPC update required the most significant iteration β€” repositioning the payment scheme as the relying party (cross-origin) changed the authentication trigger logic and required a full revisit of the returning user checkout flow.

ACS (Access Control Server) β€” the screen cardholders see during checkout when their bank verifies their identity

ACS (Access Control Server) β€” the screen cardholders see during checkout when their bank verifies their identity

v1 vs v2 – Passkey Authentication Flow, Checkout Environment

πŸš€ The Two Environments

The Design Decisions Behind Each Flow

1️⃣ Checkout Environment Designing the Full Passkey Journey Within the Existing SafeKey flow

πŸ”— View the Full Clickable Checkout Environment

β†’ Passkey Enrollment – First-time Users Turning a Security Moment Into a Natural Enrollment Touchpoint

The key design decision here was where enrollment happens. Rather than introducing a separate onboarding flow, I anchored enrollment within the SafeKey step-up screen β€” a moment where the user's identity is already being verified. This eliminated a redundant authentication step and made Passkey creation feel like a natural progression rather than an interruption.

OTP β†’ Passkey Creation β€” The Transition Moment

β†’ Passkey Authentication – Returning Users Replacing OTP With a Single Biometric Gesture

The core challenge was trust β€” making users feel confident that one biometric gesture was as secure as an OTP, without adding friction.

From SMS Code to a Single Biometric Gesture

β†’ v2 Update – SPC (Secure Payment Confirmation) Repositioning the Relying Party for Cross-Origin Compliance

The initial draft scoped the Passkey credential to the issuer bank. After the FIDO Alliance published an updated SPC specification, a key constraint surfaced β€” SPC is only supported on select platforms, which directly shaped how the relying party needed to be defined.

For Amex, SPC is implemented within SafeKey β€” the company's native ACS environment.

For Amex, SPC is implemented within SafeKey β€” the company's native ACS environment.

To reflect FIDO Alliance and Web Authentication standards, I repositioned the payment scheme as the relying party (cross-origin) β€” reducing implementation complexity for issuer banks. In a typical SPC flow, authentication occurs on the merchant domain. For Amex, SafeKey's ACS architecture enabled authentication to stay within the same domain β€” no redirect, no domain switch for the user.

Passkey Authentication Flow β€” v1 vs v2 (SPC)

2️⃣ Issuer Bank App Environment Extending the Framework Beyond Checkout

πŸ”— View the Full Clickable Issuer Bank App Environment

β†’ Passkey Enrollment via Issuer App Proactive Enrollment Before the Next Transaction

For users who prefer to set up Passkey outside of a live transcation, the issuer app enrollment flow enables proactive setup β€” on their own terms, before they reach checkout.

β†’ Passkey Lifecycle Management Giving Cardholders Full Control Over Their Passkey Credentials

The design challenge was consistency β€” lifecycle management needed to feel coherent with the checkout enrollment experience, while accommodating the distinct context of a banking app. Informed by competitive research, I designed the add, update, and delete flows with the cardholder's mental model in mind β€” ensuring the experience felt intuitive across both environments.

⚠️ Edge Cases & Failure Scenarios

Designing for When Things Don't Go as Planned

A framework is only complete when it accounts for failure. These three scenarios cover the most critical failure points β€” each designed to keep the user moving forward without abandoning the transaction.

β†’ Face ID Unable to Authenticate Fallback When Biometric Fails

When Face ID fails to recognize the user, the flow offers a clear fallback pathβ€” prompting an alternative authentication method without blocking the transaction. The design priority was to avoid dead ends: every failure state leads somewhere actionable.

β†’ Generic Passkey Setup Failure Handling Interrupted Enrollment

When Passkey creation fails due to a system error or interrupted flow, the user is automatically redirected back to the merchant payment screen β€” prompting them to restart the transaction.

β†’ User Decides Not to Create a Passkey Designing the Graceful Exit

Skipping Passkey creation is a valid user choice β€” not a failure state. The flow was designed to respect that decision without friction, completing the transaction cleanly while leaving the door open for future enrollment.

πŸ” Key Takeaways

Design Principles Shaped by the Framework

1️⃣ Keep Authentication In-Flow

1️⃣ Keep Authentication In-Flow

A seamless experience doesn't survive a domain switch

Sending users to a different domain mid-transaction β€” even briefly β€” creates doubt. Keeping both enrollment and authentication within the same flow protects the trust that makes a transaction complete.

2️⃣ Simpler Authentication Feels More Secure

2️⃣ Simpler Authentication Feels More Secure

Reducing steps doesn't reduce security β€” it reinforces it

Waiting for an SMS, switching screens, re-entering codes β€” each added step makes the experience feel less reliable, not more secure. One biometric gesture in context does more for user confidence than a chain of verification steps.

3️⃣ Every Failure State Is a Design Decision

3️⃣ Every Failure State Is a Design Decision

Sending users back to the start isn't a fallback β€” it's an abandonment.

When something goes wrong, users need a clear next step β€” not a dead end. Every error is a design opportunity. Miss it, and you lose the transaction.

πŸ”‘ Key Impact

Positioned American Express Ahead of Issuer Market Demand

The framework is currently in active review with PMs, engineers, and issuer bank stakeholders β€” with India as the first target market and global rollout to follow.

✦ Defined the first E2E Passkey UX framework for American Express in 3DS

✦ Designed 6 end-to-end flows across both environments β€” covering enrollment, authentication, SPC update, and full lifecycle management

✦ Leveraged the SafeKey screen as a native enrollment touchpoint β€” a key differentiator from Visa and Mastercard

✦ Aligned framework with updated FIDO Alliance SPC specification to deliver an implementation-ready design

✦ Framework targeting fewer than 50 issuer banks in India as the first rollout cohort, with global scale to follow

✦ Positioned American Express ahead of issuer market demand β€” before issuers are ready to launch

πŸ“š What I Learned

Constraints Made the Design Stronger

Technical complexity doesn't block good UX – it informs it.

When the SPC specification changed mid-project, work I had already designed had to be rebuilt. It was frustrating β€” but going deeper into the technical constraints was what ultimately made the design stronger. The more precisely I understood them, the more confidently I could design around them.

Competitive analysis is most valuable not as inspiration, but as a map of what's already solved.

Knowing where Visa and Mastercard had established patterns told me where I could execute with confidence β€” and where the real design work for American Express actually needed to happen.

Thank You!