Remote user authentication schemes provide a system to verify the legitimacy of remote users’ authentication request over insecure communication channel. In last years, many authentication schemes using password and smart card have been proposed. However, password might be revealed or forgotten and smart card might be shared, lost or stolen. In contrast, the biometrics, such as face, ﬁngerprint or iris, have no such weakness. With the trend of mobile payment, more and more applications of mobile payment use biometrics to replace password and smart card. In this paper, we propose a biometric-based remote authentication scheme substituting biometric and mobile device bounded by user for password and smart card. This scheme is more convenient, suitable and securer than the schemes using smart cards on mobile payment environment.