When was the last time you walked into a bank or bought furniture in a store? As more of our daily activities and services transition online, the onus continues to be on companies to transform high-touch, in-person transactions into equally seamless and enjoyable digital experiences.
Fraudsters have taken notice too, undergoing a digital transformation of their own. The FBI reported that Americans lost $10.3 billion to internet scams last year. Emboldened with generative AI and more stolen PII than ever, fraud has only become more adaptive, pervasive, and costly to remediate.
This has put companies in a difficult position as they face increasing regulatory and fraud prevention pressures while still attempting to deliver streamlined experiences to digital-savvy customers.
The result? Similar to how we have been asked to make more complicated passwords with special characters and numbers, companies are now asking us to verify our identities with more documents and checks — a pattern that multiplies across every online service we use. These new measures may be more secure for companies but have only created new headaches for people who just want to send money or buy a new couch.
The challenges of reusable identity
With increasing requests for information across different sites, the need for reusable digital identities is clear. However, to date, no reusable identity has succeeded in comprehensively addressing companies’ compliance and flexibility needs while offering the privacy and security assurances end users desire.
So why does a good solution not yet exist?
Unique risk and compliance requirements
Every company has unique risk and compliance requirements — there is no universal set of information that will meet a universal level of risk assurance for businesses. For example, fintechs and financial institutions need to meet Anti-Money Laundering (AML) compliance focused on individual or business verification, whereas e-commerce platforms need to collect tax numbers on top of the standard KYC process to meet INFORM Consumers Act requirements in the US and Directive on Administrative Cooperation 7 (DAC7) requirements in the EU.
From a customer lifecycle perspective, different activities, such as onboarding or high-value transactions, also require different levels of risk assurance. To live up to their name, reusable identities need to be dynamic enough to handle each company’s unique requirements.
Securing the reusable identity
Even if you can collect information from users in a compliant manner, you need to ensure each reusable digital identity is only being used by the individual who created it. While two-factor authentication approaches such as phone numbers might be more secure than a simple password, they can still be spoofed.
Biometric approaches can be more powerful, but they're subject to many regulations and still capable of being spoofed by emerging fraud techniques such as deepfakes. The right approach here needs to prioritize verification — not trust.
Meeting consumer expectations for seamless and secure experiences
Like businesses, people understand the benefits of a reusable identity experience and the convenience of not having to repeatedly submit their personal information. But they’re tired of having to install yet another app and worry about the privacy and security of their most valuable asset — their PII. With so many data breaches and privacy scandals around data brokering today, they need assurance that their reusable identity isn’t going to be in the next leak they read about or used in an AI training model without their knowledge.
Reusable identities need to meet individuals where they are — not only supporting the various ways they verify themselves and use the internet, but also, more importantly, their expectations for privacy and security. Consumers need to be able to access their identities across the applications, browsers, and devices they use.
Introducing Reusable Personas: Persona’s reusable identity
At Persona, we understand the challenges businesses face needing to balancing their unique risk and compliance considerations with providing a seamless end-user experience.
We are pleased to introduce Reusable Personas — our reusable identity solution that allows users to seamlessly store and reuse their verified personally identifiable information (PII) across devices and the ever-growing Persona network while enabling businesses to holistically evaluate risk without sacrificing the user experience.
Allow users to store their identity and securely reuse PII across multiple devices and platforms
Every reusable identity product needs to make it easier for the user to verify themselves, save their data in a way that protects their privacy, and then reuse their PII across the internet without additional friction. As a baseline, all companies using Persona already have access to Persona’s broad coverage of data sources and verification checks, blocking fraudsters from being able to create Reusable Personas. Moreover, as we roll out Reusable Personas to our customers, users will be able to seamlessly reuse their Reusable Persona across our broad base of companies spanning different countries, industries, and use cases.
Evaluate risk more holistically with additional usage-based risk signals
Even though every Reusable Persona is based on verified PII, all the data on board is still passed through the verification process without requiring the end user to resubmit everything. This allows companies to seamlessly maintain their risk assurance with their unique set of checks and step up or step down verifications via Dynamic Flow. Any additional information verified in this process will be stored on the Reusable Persona going forward.
In addition, Reusable Personas contain usage-based network and device signals that allow companies to holistically evaluate the risk of the Persona as well. Businesses can leverage risk signals such as when a Reusable Persona was created, how many times it has been successfully verified, whether it has been used on the device before, and more. For example, if a Reusable Persona was created over a year ago, businesses can ask individuals to resubmit their ID in case it’s been changed or renewed.
Built with privacy, security, and reusability in mind on Passkey technology
Reusable Personas automatically sync across devices (mobile web, desktop) and operating systems (iOS, Android) without requiring app installation. They are also easier to use and more secure than passwords and one-time codes that can be forgotten or stolen. Additionally, Persona cannot read a Reusable Persona without end-user consent. This gives consumers additional assurance that their data is only being shared directly with the companies they choose to activate their reusable identity with.
These user-friendly security features are enabled by Passkeys, a passwordless authentication method based on W3C and FIDO standards. As an added benefit, Passkeys are harder to compromise than traditional passwords and phone number verifications, as they can be secured by device-native security mechanisms such as Touch ID or FaceID.
With Reusable Personas' robust privacy and security features, end users gain peace of mind knowing no one can access their passkey and they can use their Reusable Persona to safely and securely access the services they need.
Unlock faster, more trustworthy experiences for you and your customers with Reusable Personas
Identity is not a one-off transaction — it is an ongoing relationship over time.
With Reusable Personas, your IDV processes can stay dynamic and keep up with your customers’ shifting wants and needs. From supporting changes in a user's profile (addresses, phone numbers, devices, and more) to surfacing usage-based risk signals, Reusable Personas can help you build trust and loyalty — all while mitigating risk, meeting compliance needs, and keeping fraudsters out.
Interested in learning more about what Reusable Personas can do for you and your customers? Talk to a Persona expert today.