ID.me scores big roll outs with FINRA and CMS

Stricter identity checks are coming to two of the most sensitive corners of the U.S. digital ecosystem: financial regulation and federal healthcare. FINRA and CMS are both moving to adopt ID.me for high assurance verification.

The Financial Industry Regulatory Authority (FINRA) will begin directing selected users to verify their identities through ID.me. FINRA’s mission is to protect investors and ensure the integrity of the financial markets and operates under the supervision of the SEC.

The change took effect on December 15 when Early Access participants first logged in to the FINRA Entitlement Platform. The Early Access period runs until February 13, 2026, ahead of a broader rollout planned for later in the year.

The U.S. authority said the move is driven by regulatory and contractual obligations requiring the organization to safeguard sensitive data and prevent unauthorized access to its systems.

The not-for-profit organization said ID.me is certified to federal standards and provides Identity Assurance Level 2 (IAL2) verification, a NIST benchmark, as it explained its choice of vendor. FINRA said this additional layer of authentication is designed to ensure that only legitimate users can access sensitive regulatory data.

According to FINRA, ID.me offers several advantages, including fraud prevention tools, bank‑grade encryption and around-the-clock U.S.-based customer support. The authority emphasized that the new verification requirement is part of a broader effort to strengthen cybersecurity controls and reduce the risk of identity theft or system compromise.

Identity verification will become mandatory for a wider group of users during the 2026 FINRA Entitlement Account Certification Period, scheduled to begin in May. All SAAs, AAs, and users with access to certain categories of sensitive information will be required to complete ID.me verification at that time. Later in 2026, the process will also become compulsory for account recovery across the platform.

The requirement will apply specifically to accounts with access to highly sensitive data, including FBI fingerprint results, RAP sheet information, fingerprint‑related records in reports and queues, and Social Security numbers.

FINRA said the phased rollout is intended to give firms time to adjust to the new process while ensuring that the most sensitive data is protected under strengthened identity verification standards.

As part of the early implementation, users must ensure that the first and last name on their FINRA Entitlement account matches their legal name used for ID.me verification. Those whose account names differ from their legal identity are being instructed to contact their Super Account Administrator (SAA) or Account Administrator (AA) before attempting verification. More information on the implementation can be found here.

ID.me agrees contract with CMS for IDV on Medicare.gov

ID.me has secured a new contract with the Centers for Medicare and Medicaid Services (CMS) to provide identity verification and sign‑in services on Medicare.gov.

The integration is scheduled to go live in early 2026 and is intended to strengthen security, streamline access and reduce fraud across Medicare’s online services. CMS also signed a contract with Clear with the announcement last week emphasizing modernizing identity verification.

Under the agreement, Medicare beneficiaries will be able to verify their identity and log in using ID.me, a digital identity wallet used by more than 157 million people, including 80 million who have been verified to federal authentication standards.

CMS said this will modernise access workflows and support its broader “Aligned Networks” and “Kill the Clipboard” initiatives, which aim to create a more interoperable and patient‑centric digital ecosystem.

The change is expected to reduce friction for beneficiaries who already use ID.me to access services at 21 federal agencies, such as the Social Security Administration and the Department of Veterans Affairs, as well as 50 state agencies and hundreds of private‑sector organizations.

Because all Medicare applicants begin their eligibility process with the Social Security Administration, many will already hold ID.me credentials that can be reused on Medicare.gov, the announcement pointed out.

ID.me’s system provides high assurance credentialing, real‑time data exchange and deterministic matching based on verified attributes. CMS says this will allow beneficiaries to authenticate once and use the same credential across multiple CMS programmes.

Additional tools, such as multilingual live video chat, are expected to help more beneficiaries complete tasks digitally without needing in‑person support.

“Healthcare access should be simple, secure, and trustworthy for every American,” says Blake Hall, ID.me’s founder and CEO. He said the partnership would create a more unified patient experience while strengthening programme integrity at a national scale.

The contract adds to ID.me’s expanding footprint in government identity services. In October, ID.me announced a deal with Flexpa to expand interoperable patient record-sharing. Beyond federal and state partnerships, the company now works with more than 70 private‑sector healthcare organizations including provider networks, electronic health record (EHR) systems and digital health platforms.

Article Topics

Centers for Medicare and Medicaid Services (CMS)  |  digital identity  |  financial services  |  healthcare  |  ID.me  |  identity verification  |  patient identification  |  U.S. Government