Banking has always been built on trust. But the way banks create that trust is changing. Customers no longer expect to hand over reams of personal data, and banks can no longer afford to collect, store and reuse it by default. The next phase of identity is built on data minimisation: proving what matters, without exposing what doesn’t. In a heavily regulated industry, it gives banks a stronger foundation for security, auditability and compliance — without adding friction to the customer experience.
Amidst this wider shift, pressure is mounting on multiple fronts for fraud, security and compliance leaders in financial services. Fraud is getting smarter, new regulation is being introduced and all the while, customers expect increased security without adding friction to their digital experience. The most successful leaders will be those who can ensure trust without any level of doubt, not those who gather and store the most information.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Fraud is getting harder to outrun
Notably, AI-enabled identity fraud – whether synthetic identities, deepfake impersonation or sophisticated phishing – is accelerating faster than traditional identity controls were designed to handle. Banks rely on identity controls to onboard customers, secure account access, approve transactions and recover accounts safely when something goes wrong. However, each time identity data is copied between onboarding tools, fraud systems, customer support workflows and third-party providers, banks increase operational complexity and widen their exposure to fraud, compliance risk and data handling burdens. Each additional touchpoint introduces incremental complications and increases the organisation’s exposure to threats and regulatory risk. At the same time, the highly regulated ecosystem in which banks operate has a low tolerance for error, putting the industry at significant risk.
Historically, banks have added more verification steps to mitigate this risk and bolster security, but customers lose their patience with endless checks. Equally, holding more data due to these additional steps creates more risk exposure, so banks should move to models that confirm identity without endlessly accumulating information.
Regulation is paving the way
Developments such as eIDAS 2.0 regulation and the European Digital Identity Wallet scheme are catalysing this change but also matter far beyond Europe’s short term regulatory agenda. They signal the direction in which identity is headed. These regulations underpin a model in which individuals hold high quality verified digital credentials and share only the information needed for a specific interaction. With Member States required to make wallets available by the end of 2026, identity verification and authentication will increasingly depend on validating trusted credentials and claims, not on endlessly duplicating underlying data.
While this change will be pertinent, it will not happen overnight. Established workflows and centralised systems won’t be immediately replaced; they remain essential for business continuity, governance, policy enforcement and regulatory auditability while the evolution to decentralised systems takes place. However, institutions that delay setting up wallet-based credential acceptance will find themselves retrofitting under deadline pressure, rather than adapting on their own terms.
The real challenge is operating across both models simultaneously whilst the customer base straddles them. This means running existing KYC processes, while building the capability to accept and validate credentials from digital wallets. This requires orchestration, not just integration, via a coherent identity layer that can connect centralised systems with decentralised credentials, establish trust between parties (who could be on opposite sides of the world) and quickly secure a full audit trail.
Cryptography as a trust model
One of the routes being pursued by financial services organisations is cryptographic identity, which is becoming more than a security feature; it forms the basis for a better trust model. Cryptography shifts the emphasis from data sharing to proof of legitimacy. This means banks can validate whether a user or credential is genuine through cryptographic assurance that never exposes the underlying data, instead of repeatedly transmitting and storing raw identity information.
The strongest digital identity models will be those built on cryptography. The architecture does not present data that can be stolen, intercepted or replayed. In this way, overall data exposure is reduced and banks have a stronger, unreputable basis on which to verify the legitimacy of an interaction.
In a sector where the cost of a compromised identity event is severe from all angles – regulatory, reputational, financial – cryptography provides a resilient model by addressing one of the structural vulnerabilities in current banking systems. It reduces the reliance on passwords and third-party attributes that remain susceptible to phishing, replay attacks and interception. Higher assurance without higher data exposure is the outcome banks need, and cryptographic architecture supporting Zero-Knowledge Proofs (whereby an attribute is proven without sharing the data that proves it) is fast becoming one of the most infallible ways to achieve this.
Building digital infrastructure for the future
Identity platforms designed for centralised data collection will struggle to adapt to a world shaped by wallet-based credentials, selective disclosure of data and escalating fraud sophistication. The institutions that move early to adapt their infrastructure will be better positioned to respond to new customer expectations, absorb regulatory change, reduce fraud exposure and capture market share.
Centralised and federated frameworks remain the cornerstone of digital identity, for now, but there will be a transition to decentralised systems that are built on principles of lower data exposure, higher assurance and greater consumer control. Banks that can orchestrate trust cryptographically, rather than by asking customers to hand over yet more information, will gain both a security and commercial edge. And while the transition to decentralised systems won’t happen overnight, cryptography will help generate the trust needed to expedite it and make it a smoother process.
Gonzalo Alonso, CEO, Ditto
