Why digital identity has become a strategic imperative for banks

Is it me, or is digital identity management the hottest topic in banking technology today?  Digital identity is everywhere today.  As my friend David Birch says, “Identity is the new money.”  

No matter what industry blog I read, one thing is consistent: identity has become a key driver of a safe and secure digital experience.  Whether it’s traditional step-up or probabilistic risk-based authentication, emerging innovations such as agentic AI and mobile driver’s licenses, or market challenges such as deepfakes and liveness attacks, they all point to the need for strong digital identity management as a core capability.  

Over the past few years, my view of digital identity has changed dramatically, from a simple transactional model to real-time, continuous security and fraud monitoring. It’s not enough to check it once and monitor it occasionally in the world of digital onboarding, authentication, and KYC.

Digital identity management matters now more than ever

So why has digital identity management become so important?

• Digital offerings continue to expand: Banks are widening their portfolio of online services, from Zelle and Bill Pay to wire transfers and ACH, all of which are introducing a much higher level of risk to bank platforms.
• Bank technology stacks have evolved: The rapid migration to highly flexible, microservice- and API-driven systems, unlimited cloud bandwidth and processing power, and a wide range of targeted vendor data solutions, including LLM capabilities, offer banks a highly dynamic, scalable technology platform for delivering services.
• Massive increase in the size and complexity of fraud: Synthetic identity, account takeover (ATO), and authorized push payment (APP) fraud have institutions nervous and many consumers concerned.  New AI-powered attack tactics are emerging at lightning speed and must be addressed in real time with best-in-class, targeted solutions, making agility a key driver of success.
• Consumer expectations: Everyone desires a low-friction, highly secure customer experience.  As the tsunami of AI fraud hits consumers, we must educate them on new multi-factor authentication (MFA) methods such as passkeys and mobile driver's licenses, and communicate expectations that a bit more friction may be required to keep them safe. 

Three core capabilities for managing digital identity

These trends have elevated digital identity management from a backroom operation to a strategic imperative for every US bank. To succeed, banks must break down antiquated silos, inconsistent policies, and redundant use of resources to deliver a truly effective approach to managing security, risk, and compliance.

Today’s target state is a fully integrated, omnichannel enterprise platform that combines these three core capabilities:

1. Identity verification (NIST identity proofing)
2. Authentication (login and step-up/risk-based authentication)
3. KYC monitoring  

This is not a six-sprint coding exercise but a strategic journey that all banks should have on their technology roadmap. The integration of these three core capabilities is vital because they all require the same dynamic, flexible rules engine, connectivity to many of the same vendor services, integrated and holistic data, and consistent governance. Customer lifecycle risk management is required for consumer and commercial services – onboarding to stop synthetics, digital servicing to eliminate account takeover, and KYC/KYB for money laundering.  

Key benefits of an integrated, enterprise-wide identity platform

An integrated, enterprise-wide platform will offer banks the ability to:

• Enable adaptive, risk-based authentication at scale: Continuously monitor behavior and context to trigger MFA step-ups or stop high-risk transactions in real time.
• Quickly identify and respond to new AI-driven attacks: Slow down or stop attacks with real-time rules management, as well as by adding and modifying in-house or vendor solutions.
• Safely test and deploy emerging technologies: Leverage key innovations such as LLMs, agentic AI/Know Your Agent, and verifiable credential solutions with appropriate on-ramp and guardrail controls.
• Improve fraud detection accuracy through LLM risk modeling: Link deep transactional and behavioral data on customers across their journeys and entire lifecycle.
• Lower operational costs with a unified risk-based authentication and fraud system: Reduce manual reviews, minimize technical debt, and streamline technology operations.
• Empower lines of business with real-time risk intelligence: Give product leaders the tools to actively manage fraud exposure in near real time.

There are several outcomes of this approach. For example, an enterprise-wide identity platform enables financial institutions to unify governance and analysis across fraud, compliance, and risk teams. By doing so, they can ensure consistency across cross-functional teams (CISO, CTO, Risk & Compliance, Fraud, and Digital Product Management) in meeting security, risk, and compliance requirements for policies, vendor use, and analytics. 

The approach also makes it possible to integrate payments authorization with traditional authentication. In Europe, new rules under the Payment Services Directive 3 (PSD3) are tightening Strong Customer Authentication (SCA) requirements by mandating phishing-resistant authentication methods, such as biometrics and the dynamic linking of transactions. These rules will also work alongside Electronic Identification, Authentication, and Trust Services 2.0 (eIDAS 2.0) and the new EUID wallet. Together, this EU model will prove how linking digital banking servicing transactions to payments data will reduce overall fraud losses, which should accelerate adoption in the US market.

Identity as the cornerstone of trust

The biggest takeaway is simple: digital identity management is now mission-critical for banks. I truly believe that identity is the cornerstone of trust in the digital economy.     

Innovation and regulatory changes are creating significant opportunities for the banking market while introducing significant risks that must be tightly managed in a real-time environment. We are seeing a surge in fraud attacks that move quickly across products, channels, and financial institutions, increasing fraud costs and damaging the consumer trust we have built.  

At the same time, nascent but rapidly accelerating agentic AI solutions require that banks not only Know Their Customer but must Know Their Agent and the authority we’ve empowered them with. 

A risk-based authentication approach throughout the customer lifecycle, powered by a flexible, enterprise-wide orchestration engine, provides a toolkit to help us capitalize on these opportunities by managing risks while building customer trust.