persona-logo
Industry
Published June 12, 2025
Last updated June 12, 2025

What to consider before accepting digital IDs during identity verification

Find out what you should focus on and the differences in several regions' adoption rates, regulations, and assurance levels for digital IDs.
Louis DeNicola
Louis DeNicola
9 min
digital ID verification
Key takeaways
Many governments are testing, and sometimes mandating, the use of digital IDs, which are also commonly referred to as a type of electronic ID (eID).
As with other forms of identity verification (IDV), eID verifications aren’t immune to fraud or abuse. Digital IDs can also offer different levels of assurance depending on how people obtain and use their digital ID. 
Adoption rates, regulations, and standards for eIDs can vary widely depending on the region, country, and state. 
Before you accept digital IDs for IDV, you’ll want to consider which eIDs to accept, how comfortable your users are with eIDs, the legal basis for eIDs in different regions, regulatory requirements around handling personal data obtained through eIDs, and the potential impact on your dropoff and fraud rates.

Around the world, governments are introducing many forms and versions of electronic IDs (eIDs), including digital IDs, in an attempt to create a more secure, private, and seamless identification system that natively works with online services. Some countries, such as Belgium, Germany, and Latvia, have even passed or proposed mandates that require physical IDs to include chips with electronic identifying information. 

Identity verification best practices change as technology advances. In the US, data breaches led to the decline of verification based on Social Security numbers and knowledge-based questions. Now, fraudsters are attacking government ID and selfie verifications with AI-based face spoofs.

Unfortunately, similar to these previous waves of identity verification efforts, eIDs aren’t immune to fraud and abuse. Adding to the complexity, there's no global standard for how to create or use digital IDs. Many countries and regions haven’t even agreed on a single standard for their residents. 

Below, we untangle the hype of digital IDs from the reality of using them for identity verification.

Focus on adoption rates, regulations, and assurance

Many organizations tout digital IDs as the future of identity. But even if that’s the case, you need to be pragmatic when setting expectations and timelines for accepting eIDs.

At a high level, you’ll want to consider whether your users have adopted eIDs at scale, the regulatory environment where you operate, and how much certainty eID verifications can offer. 

1. Adoption rates

Government mandates for eIDs will force adoption in some areas, but there’s still a classic marketplace problem at play. Most people won’t sign up for another service or install a new app if it’s not widely accepted, and many non-government organizations don’t want to accept digital IDs that consumers aren’t already using. 

What to consider:

  • If and when the government requires agencies to accept digital IDs.

  • Your target population's access to and familiarity with smartphones. 

  • Whether the eID is part of a new app or integrated into existing digital wallets.

  • How much effort will go into integrating and maintaining support for the digital ID.

2. Regulations affecting use and implementation

Governments are trying to minimize the risk of digitizing and centralizing identity data, but data access, storage, and processing regulations vary from region to region. You need to be aware of what you’re allowed to do and how new laws, administrations, or cybersecurity standards can impact your operations. 

What to consider:

  • The limitations on using eIDs and the underlying personal data. 

  • The consequences for violating regulations.  

  • How and where you and your vendors should process identity data. 

  • If and when you can expect new regulations to affect eID use in the region.

3. Assurance levels for identity verification 

Government-approved digital IDs may offer varying levels of assurance depending on the steps people need to take to sign up for and use the ID. In some cases, governments merge identity verification and authentication requests, leading to a high level of assurance. But verifying a digital ID still isn’t a foolproof method for confirming identity. 

What to consider:

  • What types of identifying information the eID can verify. 

  • How much assurance you need for your use cases. 

  • How to manage risk when users can choose whether to use a digital ID. 

  • If data breaches exposed a region’s digital identification records.

A quick tour of digital IDs around the world 

Every country and region’s approach to identity is slightly different, and their cultural norms, digital infrastructure, and existing systems can affect the rollout of eIDs. 

Let’s take a look at how these factors play out in several areas around the world.  

The US — a fragmented rollout with state-based standards

In the US, the federal government set the stage for federal ID requirements with the Real ID Act of 2005. But there isn’t a nationwide requirement for how people should get or use eIDs. As a result, states are driving the rollout of digital IDs across the country. 

Most states are exploring digital IDs in some form, and the first step is often passing a law that recognizes the validity of mobile driver’s licenses (mDLs) and digital state identification cards. Some states go on to develop mobile ID apps, while others allow residents to add eIDs to existing digital wallets, such as the Apple Wallet or Google Wallet.

In May 2025, the Transportation Security Administration (TSA) and other federal agencies limited the acceptance of mDLs for specific purposes. Now, they only accept mDLs from states with a TSA-granted waiver. The requirement might promote some unified standards. But it seems like adoption by residents, public agencies, and private organizations will still vary widely from state to state for the foreseeable future. 

EU — a fragmented rollout with regional standards

The European Union enacted the European Digital Identity Regulation in May 2024. Also known as the electronic Identification, Authentication and Trust Services 2.0 (eIDAS 2.0), the law requires member states to offer at least one digital wallet to residents by 2026. It also requires many businesses to accept eIDs for identity verification or authentication by December 2027. 

Each member state must offer at least one version of the EU Digital Identity Wallet, and the digital wallets must conform to common standards. A resident can use the eID in their digital wallet to verify their identity and electronically sign documents. Additionally, the digital wallets can hold payment cards, travel documents, event passes, and education credentials.

The current requirements make eIDs useful and widely accepted — a necessity for adoption — while integrating the EU’s strong, privacy-first approach to digital identity. However, adoption rates and wallet options could still vary widely by region.  

India — high adoption with strict requirements 

India’s Aadhaar is the largest biometrically secured identification system in the world. It’s also a success story in terms of adoption — over 99% of India’s adult population signed up for an Aadhaar ID by 2017.  

Residents can store their Aadhaar in the government-backed DigiLocker digital wallet and use it to access government benefits, apply for insurance, and complete electronic Know Your Customer (KYC) identity verification checks. 

Organizations that want to use Aadhaar during identity verification need to send their users through a government-approved verification flow. The DigiLocker wallet requires multi-factor authentication for IDV to increase security, and, in some cases, facial checks against a government database can increase assurance. 

The government system returns a match or no-match result to limit the distribution of personal information. Additionally, the Aadhaar verification needs to occur on servers in India. 

Japan — top-down adoption with challenges

Japan started issuing its national My Number Cards as part of a new identity system in 2016. The physical My Number Card has an IC chip for NFC-based verifications. Cardholders can also access an electronic version of their My Number Card using the government-built app and add their eID to supported digital wallets.

Most of the population has a My Number Card, largely because Japan consolidated other national documents and services into the system. For example, My Number Card replaced health insurance cards in December 2024, and residents can use it as an alternative to a driver’s license. The government also offered cash incentives to enroll. 

Although there have been examples of fraud, these may decrease as merchants increasingly rely on NFC-based verifications instead of visual checks when accepting My Number Cards.

Brazil — top-down and fast-paced innovation

Brazil began digitizing its national identity system in the early 2000s. It has repeatedly tested or adopted the latest technology to further the process, including biometrics, QR codes, and blockchains. 

Brazil was also one of the first countries to use facial recognition and liveness checks for identity verification against a national database. And in early 2025, the federal government established a service to oversee its biometric national ID, with specific requirements for face and fingerprint biometric identification.

Historically, Brazilians received many identification numbers and documents. But that changed after 2023 when the Cadastro de Pessoas Fisicas (CPF) number, Brazil’s national tax ID number, became the primary identification number for various private and public services. 

Private organizations can leverage Brazil’s centralized systems to verify residents’ identities. For example, you can verify identifying information and a selfie against the federal Serpro database that stores information from Brazilian driver's licenses. 

What to consider if you want to use eIDs for identity verification

Verifying identities using eIDs can be more convenient for users and, in some situations, offer more certainty than alternative methods. But you’ll want to think through the following: 

  • Fallback options for users: Although organizations must accept digital IDs in some regions, individuals generally aren’t required to apply for or use an eID. You may need to accept alternative options to support users who don’t have or want to use an eID, and it’s important to consider the risk associated with each option.

  • Which digital ID form factors and integrations to accept: In many areas, people can choose to store their digital ID in several digital wallets. Accepting more wallets can increase your coverage, but some wallets are more difficult to accept or more susceptible to bad actors.

  • Compliance requirements: There may be strict rules for how you can access, use, and store personal information. You need to be certain that you and your vendors stay compliant with local regulations. 

  • Impact on fraud: Although verifying users’ identities or ages via eIDs might offer more assurance in some situations, it also opens up a potential new attack method for bad actors.  

How Persona approaches eID verifications

Persona continually monitors digital ID rollouts around the world and expands support for new digital ID verifications based on expected adoption rates, security levels, regulatory requirements, and feedback from existing customers.

Today, organizations can use Persona with share codes and OneID checks in the UK, Aadhaar verifications in India, and Serpro database verifications in Brazil. And Persona’s NFC verification supports passports and ID cards from over 120 countries. 

Persona offers these verifications and other solutions as building blocks. You can use one or two to supplement your existing process, or orchestrate everything on Persona’s all-on-one platform. With Dynamic Flow, you can also automatically create different user flows to stop fraud without adding unnecessary friction for every user. 

For example, you can prompt users with NFC-enabled devices and documents to use an NFC verification and automatically direct other users to use alternatives. Or, add an NFC check as a step-up verification when you detect other signs of risk or before high-risk transactions.  

Want to learn more about accepting digital IDs? Contact us to discuss the pros, cons, regulatory concerns, and strategic value.

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Louis DeNicola
Louis DeNicola
Louis DeNicola is a content marketing manager at Persona who focuses on fraud and identity. You can often find him at the climbing gym, in the kitchen (cooking or snacking), or relaxing with his wife and cat in West Oakland.
Continue reading
  • eIDAS: A guide to electronic identification in the EU
    7 mins

    eIDAS: A guide to electronic identification in the EU

    In 2021, the EU set an ambitious goal of equipping 80% of its citizens with digital identification. eIDAS 2.0 is...

  • Share codes: Digitizing the UK right to work
    7 min

    Share codes: Digitizing the UK right to work

    Before any UK company hires a non-UK citizen, it must verify that the individual has the right to work in...

  • Mobile driver’s licenses (mDLs) and your business
    7 mins

    Mobile driver’s licenses (mDLs) and your business

    Take a closer look at what mobile driver’s licenses are, how they work, and the use cases they may present...