Can digital identity wallets fix the identity theft and AI deepfake fraud problem?

As AI becomes a staple of the fraudster’s toolkit, driving an uptick in identity theft and deepfake fraud, some are looking to digital identity wallets as a scalable solution. In particular, the EU Digital Identity (EUDI) Wallet scheme has drawn attention as a key test case. Under the EUDI Wallet Framework, which took effect last year, all EU member states must offer citizens a digital ID wallet by 2026.

AI enabling surge in identity theft and fraud as face swaps proliferate

The World Economic Forum (WEF) explores how digital identity wallets protect against fraud in a recent post. Noting that the U.S. federal government lost between $233 billion and $521 billion annually to fraud from 2018 to 2022, WEF says many of these losses are attributable to “identity thieves who use their victims’ personal information to steal benefits such as SNAP assistance, small business loans, and other resources.”

AI is aggravating the problem. WEF reports that in 2023, deepfake-driven face swaps used to bypass identity verification surged by 704 percent. Injection attacks fool employees into forfeiting millions to fraudsters. Phishing, smishing and vishing scams proliferate as fraudsters work quickly to exploit vulnerabilities at scale.

“Traditional methods of verifying identity – passwords, usernames, and knowledge-based verification – are no longer sufficient.”

Digital ID wallets with good biometrics are worth investing in: WEF

Enter biometric digital wallets. “Digital identity wallets that leverage good biometrics to combat deepfakes and scams offer a secure and scalable way for organizations to verify that the individuals seeking access to their benefits and services online are who they say they are,” WEF says.

Digital ID wallets “address multiple vulnerabilities to fraud, including those associated with AI. They can incorporate advanced technologies such as 1:1 facial verification, duplicate face check and liveness detection, making them far more resistant to deepfake-driven impersonation attempts and scaled attacks.”

The proof, WEF says, is in the numbers. It notes that seven states have credited ID.me, the largest digital identity wallet in the United States, with helping to prevent over $270 billion in fraud during the coronavirus pandemic. “By 2029, 1.5 billion people are expected to use digital identity wallets, which will store approximately 30 percent of all digital identities worldwide.”

Finally, WEF’s stance is clear: “Digital identity wallets transform identity verification, historically handled by point solutions such as data brokers, into a login problem. They provide a user-centric approach that is better designed for the future. By investing in digital wallets, we can build a more secure, inclusive and future-proof digital economy.”

CoE-DSC EUDI case study identifies new role of ‘scheme aggregator’

The Netherlands-based Centre of Excellence – Data Sharing and Cloud (CoE-DSC) takes a different perspective, exploring the value of the EUDI Wallet as a “legal entity wallet for data sharing initiatives (DSIs).”

A case study on its website examines one such initiative. CoE-DSC worked, “together with eIDAS experts, the Company Passport initiative and the iSHARE foundation to describe the current situation of the EUDIW LEW, explore the impact of the EUDI Legal Entity Wallet (LEW) on iSHARE and its DVU use case,” which addresses “the need for secure and efficient data sharing in the pursuit of optimising CO2 reduction projects within non-residential buildings.”

While the results of the study say there is value in the EUDI LEW for DSIs, it comes with a couple of caveats. “DSIs should be mindful of remaining challenges when implementing the LEW and continue to offer their current solutions,” the report says.

Moreover, there is “there is a need for a new role of ‘scheme aggregator’” to overcome hurdles in harmonizing the content and meaning of credentials.

CoE-DSC says its “developed exploration can be re-used as a blueprint for other DSIs, to facilitate adoption of the EUDI Wallet.”

Optional registration certificates render eIDAS security pillar ‘meaningless’

Not everyone is convinced that the EUDI Wallet will do what it promises. There has been political discord in Germany over positions on the digital wallet scheme, with concerns over a “divide between operational pragmatism and broader societal goals in digital policy.”

And a post from Vienna-based digital rights advocacy group epicenter.works says amendments to the Implementing Acts (batch 2, rev4) of eIDAS undermine a “core pillar of the safeguards regime of the eIDAS ecosystem.”

The group’s concern is an amendment that would make wallet relying party registration certificates optional. According to its website, “these certificates, issued by the EU member states, allow your wallet to automatically check what information a particular service (e.g. an online platform, public transport company, your doctor, etc.) is allowed to access.”

In making the certificates optional, epicenter.works says, the European Commission is thus “essentially removing the mandatory automatic check for illegal data requests,” such that “no country could protect their citizens from illegal information requests from other EU countries.”

“We therefore strongly advise against the adoption of the Commission’s proposal and argue in favor of making the relying party registration certificates mandatory in all EU member states.”

Article Topics

AI fraud  |  biometrics  |  digital ID  |  eIDAS  |  EU  |  EU Digital Identity Wallet  |  fraud prevention  |  World Economic Forum