Various countries are attempting to introduce digital IDs for use as identification for various services and, ultimately, central bank digital currencies (CBDC) wallets.
Yet across the world, roll-out has largely been delayed as governments work to iron out kinks in the systems and seek to overcome public opposition.
In December 2024, the UK government published plans to pass a new law in 2025 that will allow pubs, bars, and shops to accept a digital ID from an approved list of issuers as proof of a customer’s age.
But this voluntary option is a long way from a full national digital ID system.
Countries like Australia are piloting schemes and plan to roll out fully functional digital IDs by 2030.
It is more tricky in the U.S., which lacks a federal system to even begin the process, as IDs are managed by individual states.
For instance, mobile driver’s licenses are only accepted in 13 U.S. states, and major infrastructure upgrades are required to make them viable replacements for traditional IDs.
Against technical delays, regulatory challenges, and public opposition, we are also seeing generative AI tools and randomization tools that make it easier than ever for cybercriminals to engage in identity theft and create fake identities that are increasingly difficult to detect.
Techopedia explores the rise in digital identity fraud and advice for businesses that rely on ID as part of their duties.
Key Takeaways
- Digital IDs are becoming crucial for secure identification but face global rollout challenges.
- A lack of standardization hampers cross-border digital ID adoption and needs national rollout as a minimum.
- Generative AI tools allow for straightforward attacks on identity, complicating security efforts.
- Biometric and blockchain tech enhance ID security but also need widespread acceptance.
- Businesses must adopt defenses to combat evolving fraud tactics.
Why Has the Digital ID Rollout Lagged?
Initiatives in some countries to adopt national digital IDs have made progress, such as India with its Aadhaar system, which launched in 2009 and has enrolled around 99% of the country’s adults.
Various countries in sub-Saharan Africa have introduced biometric digital ID systems, coinciding with a surge in the use of smartphones as a way to register people for access to services.
However, one of the challenges to widespread adoption around the world is a lack of standardization and interoperability.
Ofer Friedman, Chief Business Development Officer at identity verification company AU10TIX, helped explain this to Techopedia:
“Every government or region is doing its own thing in terms of standards and frameworks, so the solutions do not tend to ‘talk to each other’ even though many markets are cross-border.
“Some are more apprehensive about what and how digital IDs should exist, while others are more confident. Many countries are taking a piecemeal approach rather than collaborating on a unified, global framework.
“The U.S. is a perfect example, lacking a unified federal system for digital IDs and leaving individual states and private companies to experiment with solutions like mobile driver’s licenses.”
As changing an identity regime for all citizens and residents is a major undertaking, governments are moving towards implantation at different speeds, which Friedman notes leaves an extended window of opportunity for fraudsters.
“Without universal adoption, interoperability across borders, infrastructure that supports both public and private acceptance, and a spreading sense of confidence in a digital identity regime, the fragmented nature of these efforts continues to stall progress,” Friedman added.
There are several factors that can help countries introduce digital IDs successfully, Friedman stated, including:
- An agreed-upon universal standards and cross-border interoperability—preferably globally, or at least on a regional scale.
- A complete working environment that includes user solutions and back-end solutions.
- An influential trailblazer, such as Australia introducing age-gating requirements that help get the market aligned around the concept.
- Widespread acceptance by governments and private service providers. Without these elements, adoption will remain fragmented, limiting the full potential of digital IDs. For instance, European Union countries have launched pilot programs for encrypted digital identity wallets.
- Usability by way of widespread identity wallets that offer a simple, trusted user experience.
Prioritizing security and interoperability at a regional level would represent a significant step forward. In addition, the tests of scalable and secure digital ID systems in Africa can offer insights into how regions with challenges can approach adoption successfully.
“Universal standards are not here yet, but we are seeing real progress with the National Institute of Standards and Technology (NIST) ‘s latest Digital Identity Guidelines (SP 800-63 Revision 4), which try to balance security with making these systems actually usable.
“They’re focusing on some crucial areas like making sure authentication can’t be phished and protecting against sophisticated social engineering attacks. But there’s still work to be done,” Friedman said.
“We need three main things: First, these IDs have to work across borders – no exceptions.
“Second, we need seriously robust security protocols, especially around biometrics, since most peoples’ personal data has already been compromised due to various breaches.
“Third, we need widespread acceptance.
“The standards exist on paper, but getting everyone to actually implement them? That’s the real challenge.”
Would Widespread Digital IDs Prevent AI-Driven Fraud?
Digital IDs can provide effective protection against AI-driven fraud by introducing stronger, standardized identity verification measures.
They incorporate biometric data such as fingerprints, facial recognition, and iris scans, making it harder for AI-generated synthetic identities to bypass verification systems.
This is because when it comes to biometric scans, generative AI struggles to effectively duplicate physical traits. Moving away from static identifiers such as birthdates, addresses, and government ID numbers is important, as these are easily compromised.
Additionally, many digital ID systems can be built on blockchains or other decentralized platforms without a single point of failure, and they can use cryptographic techniques, such as public-private key pairs and digital signatures, to authenticate an individual’s identity. This prevents tampering and impersonation by AI tools.
Multi-factor authentication, or real-time and continuous identity proofing, such as keystroke patterns and mouse movement, can also detect AI-driven automated attempts to breach security.
“It is not just AI per se that is enabling the significant surge in fraud. It is the emergence of packaged ‘solutions’ that enable mass production of impersonation, evasion, and target-specific customization.
“Without these solution packages, AI tools would remain a long list of nuts and bolts that require considerable time and effort to implement effectively,” Friedman said.
“The latest AI fraud platforms offer IDFaas (ID Fraud as a Service), enhanced by randomization and other algorithms.
“Such tools allow fraudsters to generate endless variations of fake identities — each one unique and nearly impossible to detect through traditional methods.
“Unlike older methods of identity forgery, which often relied on templates, generative AI has turned identity fraud into a large-scale, industrial operation where no two fakes are identical,” Friedman added.
“Organizations that rely on outdated identity verification tools are particularly vulnerable to these sophisticated attacks.”
Fraudsters are exploiting various gaps, including the availability of personal information on social media platforms and the Dark Web, the human tendency to trust familiar faces and voices and difficulty in detecting high-quality deepfakes, and the ability attackers now have to inject attacks into a communications flow rather than trying to fool cameras.
In addition, many service providers tend to want to settle for the minimum defense systems that meet regulatory requirements rather than spending more on more advanced capabilities.
Some organizations’ failure to properly address user experience can affect the quality of detection, Friedman said, adding that marketing promises from security providers can lead organizations to believe in unrealistic performance.
How Can Businesses Protect Themselves Against AI Identity Fraud?
The question is not just around the speed of digital ID rollouts but whether current approaches to identity verification are fit for purpose.
Until businesses and governments adopt comprehensive strategies that adapt to fraudsters’ new techniques, the battle against AI-driven fraud is likely to remain an uphill battle.
Friedman added:
“How many businesses do you know that have dual-layered defense in place? Too few. It won’t surprise anyone to learn that the majority of businesses do not have even basic AI fraud protection.
As AI-based attacks tend to feature humanly indiscernible fakes, back-office agents are likely not to be able to detect or corroborate machine detection.
“It should also be considered that while initial technologies to fight AI-driven fraud exist, many businesses haven’t invested in them yet, leaving themselves wide open to these sophisticated attacks.”
Regardless of the root causes, businesses face an urgent need to strengthen their defenses against AI-driven fraud. Relying solely on the eventual implementation of digital IDs may leave businesses exposed in the interim.
Instead, they need to take an approach that combines immediate safeguards with long-term solutions.
What practical steps can businesses take to protect themselves until digital IDs are adopted?
It is important to upgrade identity verification to implement advanced AI-driven systems such as facial recognition or fingerprint scans to safeguard against synthetic identities. Enforcing multi-factor authentication, for instance passwords combined with codes from authenticator apps or SMS messages, can reduce vulnerabilities.
It is important that businesses stay ahead of emerging threats by monitoring the latest developments in AI and cybercrime tactics and regularly updating fraud detection algorithms to help identify patterns that are linked to synthetic identities.
Friedman said:
“Companies should audit their defenses to understand what threats they are actively defending against, with what level of effectiveness.
“They should adopt a two-layered defense strategy that includes both case-level threat detection and traffic-level detection to identify organized fraud rings and repeated patterns of suspicious activity.
“I would also recommend that all organizations ask their vendors what type of defense is actively in place against deepfakes and injection. Finally, businesses should check which collateral risk factors, especially device-based ones, their present solution monitors for.”
It is also essential that businesses educate employees to spot red flags in identity fraud and conduct regular training to keep their knowledge up to date.
The Bottom Line
Digital IDs can provide a strong defense against AI-driven fraud. However, they are not a standalone solution, and their effectiveness depends on how they are designed, implemented, and adopted globally.
Universal digital IDs can create standardized processes for identity verification that reduce the risk of gaps across different industries and countries that fraudsters are able to exploit. Not all regions have the technological infrastructure to support digital ID systems, and fragmented global adoption leaves vulnerabilities open for attackers to engage in cross-border fraud.
And while biometrics can be effective, AI can, in some instances, still generate highly convincing synthetic data. For this reason, a multi-layered security approach remains necessary for comprehensive fraud detection and protection.