The Ongoing Challenge of Identity Verification in American Banks
Adobe Stock
In the digital age, American banks are grappling with a paradox: an abundance of data, yet an uphill battle against fraud. Despite heavy investment in identity verification procedures, ranging from $15 to $30 per customer, banks continue to face rising fraud losses. Synthetic identities, account takeovers, and AI-generated deepfakes are outsmarting traditional document checks, leading to escalating fraud losses that are hitting record highs.
Consumer Experience and Data Privacy Concerns
Amidst the fight against fraud, consumers are often caught in the crossfire. The verification process not only requires them to provide a vast amount of personal data, but also to repeat this tedious process with each new bank they engage with. The result is a slower customer onboarding, higher account abandonment, and increased risk of personal data breaches.
It’s clear that the current system, designed to verify identity, is increasingly undermining trust. With more data being collected than ever, yet fraud continuing to rise, a shift is needed in the way identity verification is approached. The good news is that the tools to fix this already exist. These technologies can strengthen verification, reduce data exposure, and streamline compliance. What’s missing however, is regulatory clarity.
Proposed Solutions: Mobile Driver’s Licenses, Reusable Credentials and AI
There are three practical regulatory clarifications, achievable under existing law, that could move the industry towards a stronger and more privacy-preserving model of identity verification. Firstly, a mobile driver’s license (mDL) should be recognized as a valid, even preferred, form of identification under Customer Identification Program (CIP) rules. Unlike a typical ID, an mDL is an issuer-attested, cryptographically signed credential with real-time revocation and selective disclosure, offering enhanced security and privacy.
Secondly, financial regulators should encourage the use of reusable credentials within the financial system. This would mean a customer verifies their identity once with a trusted provider and then reuses that credential elsewhere. These credentials can carry live signals, such as device reputation, liveness checks, behavioral biometrics, and revocation status, which can expose synthetic identities and coordinated fraud earlier than traditional document uploads.
Lastly, it is crucial that financial institutions and their vendors adopt AI technologies to combat fraudsters who are already weaponizing AI. AI-enabled fraud defenses can detect anomalies and behavioral patterns that are not easily visible to humans, thus helping to flag deepfake selfies, identify real-time account takeovers, and connect related synthetic identities across multiple applications.
The Role of Regulatory Clarity
For these solutions to be implemented and effective, regulatory clarity is of paramount importance. Regulators need to assure banks that adopting stronger controls, like mDLs, reusable IDs, and well-governed AI, fit within existing CIP, know-your-customer, and safety-and-soundness frameworks. This will allow banks to modernize identity verification in ways that strengthen both privacy and security in our increasingly digital world.
The technology to make identity verification stronger, cheaper and far less invasive of privacy exists. What’s needed now is regulatory action that supports and encourages its adoption. In a system awash in data but short on trust, regulatory clarity may be the most practical and necessary upgrade of all.
Find out more about the need for a regulatory upgrade in digital identity verification Here.
