<p>There is disclosed a system (10) and method for authenticating the identity of a user (22) of a client device (12) as part of a transaction between the client device (12) and a server (14) of a service provider over a communications network (18), the client device comprising a unique identifier (38). The system (10) and method comprise one or more personal identification elements (32) issued to the user based upon an initial authentication of the identity of the user, a credential issued to the client device (12) by the service provider based upon the personal identification elements (32) and the unique identifiers, and a trigger event for launching an authentication application (36) installed on the client device. When the authentication application (36) is launched by the trigger event, the authentication application (36) transmits the one or more personal identification elements (32) and the unique identifier (38) in a combination with the credential to the server (14) for authentication by the service provider.</p>