The State of Identity - December 27, 2024
In case you missed it, here’s a recap of some exciting news and developments this week impacting identity and fraud, cybersecurity, trust and safety, financial crimes compliance, and privacy and consent management.
As we wrap up the final edition of The State of Identity for this year, we want to thank you for your continued support and engagement. Wishing you a bright and successful 2025—see you in the new year! ???
??Innovation and New Technology Developments
Digital ID Verification Reduces Stadium Entry Wait Times by 68%
Digital ID verification technologies, including facial recognition and blockchain-based ticketing, are transforming stadium operations by cutting entry wait times by up to 68% and boosting ticket security. Biometric systems like MLB's Go-Ahead Entry enable seamless, touchless verification while using tokenized authentication to address privacy concerns. Blockchain-based ticketing, often leveraging NFTs, enhances security, prevents fraud, and improves efficiency, with an expected annual growth rate of 13.7% through 2031. However, adoption challenges and privacy concerns persist, requiring stadiums to prioritize inclusivity, regulatory compliance, and user trust for widespread acceptance. (Source)
World Bank Extends Nigeria's Digital ID Project to 2026, Aiming for 180 Million NINs Amid Inclusion Challenges
The World Bank has extended Nigeria's Digital Identity for Development (ID4D) project to December 31, 2026, aiming to meet its target of issuing 180 million National Identification Numbers (NINs). As of October 2024, 115 million NINs have been issued, but challenges remain in reaching women, persons with disabilities, and marginalized groups. The $430 million project, funded by the World Bank, French Development Agency, and European Investment Bank, has disbursed 53.16% of its funds. The initiative seeks to improve access to government services, financial inclusion, and the digital economy, especially for vulnerable populations. (Source)
ReportIn and CBP One: A Tale of Two Biometric Border Apps
The CBSA ReportIn app enables remote immigration reporting, reducing in-person visits but raising privacy, security, and civil rights concerns. Along with the U.S. CBP One app, it collects sensitive data, including biometrics and location information, raising fears of misuse, biased algorithms, and disproportionate impacts on vulnerable groups like asylum seekers and low-income individuals. Accessibility barriers, such as requiring smartphones and internet access, further deepen inequalities. Addressing these issues demands transparency, data collection limits, independent oversight, and equitable alternatives to protect individual rights and ensure fair access to immigration services. (Source)
Taurus Integrates Digital Asset Platform with Temenos Core for Seamless Bank Management
Taurus SA has integrated its digital asset custody platform, Taurus-PROTECT, with Temenos Core, enabling banks to manage wallets and digital assets directly from the Temenos banking system. This integration allows banks to handle cryptocurrency and tokenized assets seamlessly, including wallet creation, automated transfers, real-time booking, and regulatory reporting. The collaboration aims to help banks quickly launch digital asset services with reduced costs and streamlined workflows. Features like automated processes and integration with traditional finance systems minimize operational risks and improve efficiency. The partnership reflects growing institutional demand for digital assets amid clearer regulatory frameworks and expanding market opportunities. (Source)
?? Investments and Partnerships
authID Joins the Accountable Digital Identity Association to Drive Reusable Identities Across the Internet
authID has joined the Accountable Digital Identity Association (ADIA) to advance standardized frameworks for decentralized identity services. The company will contribute to developing specifications that enhance trust, privacy, and security in reusable digital identities. This partnership aligns with authID's focus on biometric identity solutions and privacy-first protocols, supporting widespread adoption of secure authentication processes. With the reusable identity market projected to reach $266.5 billion by 2027, this collaboration addresses growing demands for better user experience, reduced fraud, and strong data protection. (Source)
Fiserv to Enhance its Embedded Finance Capability with Acquisition of Payfare Inc.
Fiserv has announced plans to acquire Payfare Inc. , a provider of program management solutions for gig-economy workforces. Expected to close in early 2025, pending approvals, the deal will enhance Fiserv’s embedded finance offerings across banking, payments, and lending. Payfare’s technology, including card management and a white-label app, will support Fiserv’s growth in serving large enterprises and financial institutions. Both companies see the acquisition as an opportunity to scale technology and deliver improved financial solutions to a broader client base. (Source)
Visa Acquires Featurespace to Bolster AI-Driven Fraud Prevention Solutions
Visa has completed its acquisition of Featurespace , an AI-driven fraud prevention firm. Featurespace’s technology will integrate into Visa’s tools to enhance real-time fraud detection and risk management while maintaining a seamless user experience. The merger will combine both companies' expertise to deliver stronger fraud protection solutions. This acquisition underscores Visa's commitment to combating evolving payment threats with advanced technology. (Source)
Amazon and Universal Music Tackle ‘Unlawful’ AI-Generated Content
亚马逊 and Universal Music Group (UMG) have expanded their partnership to combat unlawful AI-generated content and protect artists from fraud and misattribution. The collaboration focuses on innovating audio and visual programming, audiobooks, and livestreamed content. This move aligns with UMG's legal actions against AI music startups accused of unauthorized use of copyrighted material, underscoring ongoing tensions between technological advancement and intellectual property rights. The partnership highlights the growing need for clear legal guidelines around AI ownership, copyright, and ethical usage as the industry adapts to evolving technologies. (Source)
?? Policy and Regulatory
NY Hopes to Offset Trump’s ‘Aggressive Regulatory Reduction’
New York’s Department of Financial Services (NYDFS) plans to intensify oversight of banks, insurers, and cryptocurrency firms amid expected federal regulatory rollbacks under President Trump. NYDFS head Adrienne Harris emphasized readiness to address consumer protection gaps arising from deregulation. Key concerns include risks in bank-FinTech partnerships, cybersecurity, and shifting capital requirements, with record-keeping and regulatory frameworks set to shape the financial sector in the coming year. (Source)
CFPB Sues Walmart and Branch for Allegedly Forcing Unauthorized Accounts on Gig Drivers, Leading to $10 Million in Junk Fees
The Consumer Financial Protection Bureau is suing Walmart and fintech firm Branch Messenger for allegedly opening unauthorized deposit accounts for over one million delivery drivers under Walmart's Spark Driver program. The accounts reportedly imposed fees and delays on earnings transfers, costing drivers over $10 million in "junk fees." The CFPB also accuses Walmart of misleading drivers about instant pay access and using job termination threats as coercion. Both Walmart and Branch deny the claims and plan to contest the lawsuit in court. (Source)
Scottish Schools Issued Updated Biometric Guidance Emphasizing Privacy, Transparency, and Compliance with Data Protection Laws
New Scottish school guidance on biometric technology emphasizes balancing efficiency with privacy and civil rights. Schools must comply with UK GDPR and the Data Protection Act 2018 when processing sensitive data, justify biometric use, and consider less invasive alternatives. Key requirements include transparency, clear opt-out options, non-discriminatory practices, and avoiding intrusive technologies like facial recognition for routine tasks. Schools must also conduct Data Protection Impact Assessments, appoint Data Protection Officers, and maintain open communication with students and parents about data usage. (Source)
FTC Orders Marriott and Starwood to Boost Cybersecurity Following Major Incidents
The FTC has ordered Marriott International and Starwood Hotels to improve cybersecurity after breaches exposed data of over 344 million customers from 2015 to 2020. Weak encryption, access controls, and multifactor authentication allowed prolonged hacker access. Marriott must implement a robust security program, undergo biennial assessments, and report breaches within 10 days. Customers can monitor account activity and request data deletion. Marriott also faces a $52 million penalty for inadequate security and misleading practices. (Source)
WhatsApp Scores Historic Victory Against NSO Group In Long-running Spyware Hacking Case
A U.S. federal judge ruled that NSO Group violated state and federal hacking laws by exploiting WhatsApp to install Pegasus spyware on 1,400 devices, targeting journalists, activists, and officials. The court cited NSO’s breach of WhatsApp’s terms of service and lack of transparency during discovery, including failing to produce the Pegasus source code. A trial in March 2025 will determine damages owed to WhatsApp. (Source)
CFPB Sues JPMorgan, BofA and Wells Fargo Over Zelle Fraud
The CFPB is suing JPMorgan Chase, Bank of America, and Wells Fargo for failing to address widespread fraud on Zelle. The lawsuit claims the banks prioritized competing with Venmo and CashApp over implementing robust fraud protections, resulting in financial losses and poor responses to fraud complaints. The CFPB seeks to end these practices, secure restitution for consumers, and impose civil penalties. (Source)
CISA Issues Directive for Federal Agencies to Strengthen Cloud Security with SCuBA Baselines
CISA has issued Binding Operational Directive 25-01, requiring federal agencies to secure cloud environments with SCuBA configuration baselines. Focused initially on Microsoft 365, the directive mandates identifying cloud tenants, deploying CISA tools, and implementing SCuBA policies by 2025 to address misconfigurations and weak controls. It also includes guidance for senior officials on encryption, phishing-resistant authentication, and secure mobile communications. These measures aim to enhance resilience and adapt to evolving threats. (Source)
?? More from Liminal
Access the Market & Buyer's Guide for Third-Party Risk Management in Link for insights to strengthen compliance and tackle emerging risks as the TPRM market nears $19.9 billion by 2030.
Our award-winning Link? platform empowers you to monitor trends, access benchmark research reports, explore use cases, and more.
Interested in attending? Request an invite to our 4th annual exclusive CEO event, which will be held in Laguna Beach, California.