Protecting Payments is Expanding the Identity Life Cycle

The popularity of instant payments capabilities is growing around the world. Outseer has seen increases of 55% to 70% in mule activity, account takeover (ATO) activity, and authorized push payment (APP) fraud related to instant payments. (2024 Outseer Global Fraud & Scams Trends Report, pg. 20) Real-time payment fraud has been identified by fraud professionals as one of the top two fraud vectors in the US, Asia-Pacific, and Europe. (2025 Global eCommerce Payments & Fraud Report, p. 24, fig. 22) With the growth in scam losses and attention brought to scams, financial institutions, money service businesses, and telecommunications companies can expect to shoulder increased blame. (ACFE Fraud Magazine, Jan 2025)

And the fight is no longer about good guys and bad guys. There is a growing grey area. Visa has documented a staggering 244% increase in synthetic identities used in applications based on forged documents. (FinTech Magazine, May 2025)

Oh, no, this is not another blog post that regurgitates the depth of the fraud problem, is it?!

Well, yes and no. (Guilty as charged . . .) Above you’ve been provided with some helpful resources that should provide ample fodder for internal project justification. But the point here is to get us all in the same head space as we look to “force multipliers” in the fight against fraud.

Identity is a potential area to explore to find such a force multiplier in the fight against fraud. As Kay Turner with FinCEN says, “to get financial services right, we have to get identity right.” (Biometric Update, Feb 2024)

In order to turn identity into a force multiplier in the fight against fraud, perhaps we need some adjustments to the way we think about identities and their relationship to payments. There was a time that given a 3.5″ floppy drive and knowledge of an account number, you could login to access online services for that account. We have made significant progress on two fronts since then: 1) we have the ability to do much better binding of a digital credential to the proper human being; and 2) once we establish the digital credential, we have a much more robust toolbox of authenticators. Yes, we still have the challenge over “security vs. convenience,” but the tool box is well stocked.

So why are these fraud numbers continuing to grow? We have continued to play whack-a-mole with the fraudsters as we add hurdles to services (either onboarding or transactional).

I had a board member who used to say “you can fool anything anytime, but you can’t fool everything every time.” (RIP, Jim Woodhill) How can we take this premise and apply it to fraud fighting?

Think of the way we treat digital identity is a series of ladders. There is a ladder of activity we put a consumer through to get an account. Then there is another ladder we put them through to establish digital access. There might be another ladder we put them through to complete transactions (looking at you, 3DS2!). These ladders are placed in different locations, use different approaches, and likely do not share experience data.

So what if we shifted from thinking of the identity process as a series of ladders, to using the analogy of a conveyor belt. Better yet, an infinity torus! Identity is not something that we “establish,” then move on to the next step. We must be constantly challenging the assumptions we’ve made and share information across the identity life cycle.

But wait, what about customer experience, you say. Perhaps by treating identity as an something that needs ongoing grooming, we can actually create BETTER user experiences. One problem with the “ladders” is they are different processes using different terminology and different user interfaces. A continuous identity handling process presents an opportunity to unify experiences (and share experience information along the way). Another problem is the “point-in-time” nature of many identity management processes, the customer can be put through more rigorous challenges on occasion. And that occasion seems to always fall at an inconvenient time!

Perhaps the greatest benefit of a continuous identity life cycle is that we get a very complete view of who a user is by how they behave. As the advent of scams has made clear, financial institutions and payment service providers are being asked to “do something” to help protect customers. It turns out that the one thing we have a very hard time figuring out is the “intent” of a payment. If the right person with the right credentials wants to send money, our default is to send the money. Developing ways to understand the intent of a payment can give fraud fighters signals that will slow a customer down. In fact, many jurisdictions are passing rules to explicitly allow FIs to slow down payments when a scam is suspected. (AARP, Dec 2024)

How do you start on the road to continuous authentication? The first step is to break down the silos between teams responsible for AML/KYC, identity, authentication, and fraud. There is much common ground already, but continuous authentication requires a deeper level of cooperation. It is likely that these teams, when presented with the continuous conveyor belt theory of identity management, would be excited to participate!