Banking has always been built on trust. But the way banks create that trust is changing. Customers no longer expect to hand over reams of personal data, and banks can no longer afford to collect, store and reuse it by default. The next phase of identity is built on data minimisation: proving what matters, without exposing what doesnโt. In a heavily regulated industry, it gives banks a stronger foundation for security, auditability and compliance โ without adding friction to the customer experience.
Amidst this wider shift, pressure is mounting on multiple fronts for fraud, security and compliance leaders in financial services. Fraud is getting smarter, new regulation is being introduced and all the while, customers expect increased security without adding friction to their digital experience. The most successful leaders will be those who can ensure trust without any level of doubt, not those who gather and store the most information.
Notably, AI-enabled identity fraud โ whether synthetic identities, deepfake impersonation or sophisticated phishing โ is accelerating faster than traditional identity controls were designed to handle. Banks rely on identity controls to onboard customers, secure account access, approve transactions and recover accounts safely when something goes wrong. However, each time identity data is copied between onboarding tools, fraud systems, customer support workflows and third-party providers, banks increase operational complexity and widen their exposure to fraud, compliance risk and data handling burdens. Each additional touchpoint introduces incremental complications and increases the organisationโs exposure to threats and regulatory risk. At the same time, the highly regulated ecosystem in which banks operate has a low tolerance for error, putting the industry at significant risk.
Historically, banks have added more verification steps to mitigate this risk and bolster security, but customers lose their patience with endless checks. Equally, holding more data due to these additional steps creates more risk exposure, so banks should move to models that confirm identity without endlessly accumulating information.
Developments such as eIDAS 2.0 regulation and the European Digital Identity Wallet scheme are catalysing this change but also matter far beyond Europeโs short term regulatory agenda. They signal the direction in which identity is headed. These regulations underpin a model in which individuals hold high quality verified digital credentials and share only the information needed for a specific interaction. With Member States required to make wallets available by the end of 2026, identity verification and authentication will increasingly depend on validating trusted credentials and claims, not on endlessly duplicating underlying data.
While this change will be pertinent, it will not happen overnight. Established workflows and centralised systems wonโt be immediately replaced; they remain essential for business continuity, governance, policy enforcement and regulatory auditability while the evolution to decentralised systems takes place. However, institutions that delay setting up wallet-based credential acceptance will find themselves retrofitting under deadline pressure, rather than adapting on their own terms.
The real challenge is operating across both models simultaneously whilst the customer base straddles them. This means running existing KYC processes, while building the capability to accept and validate credentials from digital wallets. This requires orchestration, not just integration, via a coherent identity layer that can connect centralised systems with decentralised credentials, establish trust between parties (who could be on opposite sides of the world) and quickly secure a full audit trail.
One of the routes being pursued by financial services organisations is cryptographic identity, which is becoming more than a security feature; it forms the basis for a better trust model. Cryptography shifts the emphasis from data sharing to proof of legitimacy. This means banks can validate whether a user or credential is genuine through cryptographic assurance that never exposes the underlying data, instead of repeatedly transmitting and storing raw identity information.
The strongest digital identity models will be those built on cryptography. The architecture does not present data that can be stolen, intercepted or replayed. In this way, overall data exposure is reduced and banks have a stronger, unreputable basis on which to verify the legitimacy of an interaction.
In a sector where the cost of a compromised identity event is severe from all angles โ regulatory, reputational, financial โ cryptography provides a resilient model by addressing one of the structural vulnerabilities in current banking systems. It reduces the reliance on passwords and third-party attributes that remain susceptible to phishing, replay attacks and interception. Higher assurance without higher data exposure is the outcome banks need, and cryptographic architecture supporting Zero-Knowledge Proofs (whereby an attribute is proven without sharing the data that proves it) is fast becoming one of the most infallible ways to achieve this.
Identity platforms designed for centralised data collection will struggle to adapt to a world shaped by wallet-based credentials, selective disclosure of data and escalating fraud sophistication. The institutions that move early to adapt their infrastructure will be better positioned to respond to new customer expectations, absorb regulatory change, reduce fraud exposure and capture market share.
Centralised and federated frameworks remain the cornerstone of digital identity, for now, but there will be a transition to decentralised systems that are built on principles of lower data exposure, higher assurance and greater consumer control. Banks that can orchestrate trust cryptographically, rather than by asking customers to hand over yet more information, will gain both a security and commercial edge. And while the transition to decentralised systems wonโt happen overnight, cryptography will help generate the trust needed to expedite it and make it a smoother process.
Gonzalo Alonso, CEO, Ditto
“How cryptography is solving the growing identity conundrum for banks” was originally created and published by Retail Banker International, a GlobalData owned brand.
ย
The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
