NIST develops playbook for online use cases of digital credentials in financial services

In conversations about the accuracy of biometric technologies, one acronym is almost certain to come up. Testing and benchmarking by NIST – the National Institute of Standards and Technology – has provided the industry with a reliable, trusted resource to point to when critics raise objections about accuracy or bias. And it’s harder to frame tech as insidious or opaque when there is continual testing of algorithms and regularly published results.

This has made NIST a major partner in the emerging digital identity ecosystem, which includes mobile driver’s licenses (mDLs) and other Verifiable Digital Credentials (VDCs) alongside biometrics and identity verification vendors.

NIST’s work on mDLs gets an airing at the FIDO Identity, Authentication, and the Road Ahead 2026 conference, in a panel focused on how NIST’s partnerships have advanced the digital ID sector. Panelists include Jeremy Grant, coordinator of the Better Identity Coalition; Ben Amsterdam of PNC Bank; Tim Maru, portfolio director for identity credentialing the American Association of Motor Vehicle Administrators (AAMVA); and Ryan Galluzzo, who leads NIST’s digital identity program.

The focus is on a project, launched through the National Cybersecurity Center of Excellence (NCCoE), which aims to bring together stakeholders from digital identity providers with organizations such as banks, hospitals, and government agencies that are looking for guidance on how to integrate digital ID for online use cases.

NIST looks to cover online integration

Galluzzo says NIST realized it would be helpful to put together a project that focused on online use cases for digital credentials, since the TSA has extensively covered proximity and physical use cases. And it decided to base its project on mDLs.

The objective is to develop what a panel description calls a “playbook of standards and best practices that all parties can use to set a high bar for privacy and security.”

“We really wanted to be able to understand, what does it actually take for an organization to implement this stuff? How does it fit into workflows? And then start to think as well about what are the benefits to these organizations and to individuals.”

“The question became, what was the best online use case?” Galuzzo says. “At which point our colleagues in Treasury kind of said, hey, our online banking customer identification program, how do we make that both more usable and more secure at the same time? And it seemed like a really nice fit. So that brought us to both the kind of scope of what we’re focused on, those online components, and the specific use case of financial services as well.”

The optimal model to emerge from the discussion is a hybrid that leverages mDLs to establish a baseline identity but looks to passkeys for everyday authentication. That, Galuzzo says, results in a workflow of “very easy onboarding with that presentation of the mobile driver’s license, then very easy authentication without even having to use a password for the authentication side of the house.”

“You had these things where you basically took these extended, complicated, sometimes time-consuming workflows and you condensed those down into very two very basic online presentations of cryptographically provable objects, and it really increased or has the potential to increase confidence, accuracy, integrity of the identity information and the identity itself. So there’s that balance of the best of both worlds as things start to shake out.”

mDLs offer banks smooth, secure onboarding, reduced fraud

“From our perspective,” says Ben Amsterdam, the banker, “we’re trying to meet our customers either where they are or where they are likely to be in the not-too-distant future, while also trying to make sure that we’re maintaining a secure, streamlined and pleasant onboarding experience.”

The model, he says, “should allow you to engage remotely, to not have to worry about showing up in person to your closest branch, should allow for a reduction in human error from our side and should allow for reduction in fraud and concern over forged documents.” It should also serve to fulfil the bank’s KYC and related compliance requirements.

Beyond the bank, the major objective with mDLs remains getting people to use them. The AAMVA’s Maru points to his agency’s digital trust service, and to its efforts in outreach and education – which are as important in driving adoption as anything on the technical side.

“We do a lot in trying to educate folks like law enforcement and these other government agencies and private sector individuals about the mobile driver’s license, about how you can adopt it, the different ways that it can improve those workflows both for the relying party and for the customer. What we hear from those jurisdictions is a lot of it is just about prioritization and other projects, so that they have modernization projects and other things that are going on that they have to get through first before they can think about a mobile driver’s license.”

AAMVA ‘constantly having to correct’ notion that mDLs phone home

Outreach often means busting myths about mDLs. Regarding the idea that mobile driver’s licenses “phone home” via a server retrieval model, Maru – a former state trooper – says “we’re constantly having to correct that. It’s not something that occurs with a mobile driver’s license. But there is still this perception that this credential tracks or allows some back door on your phone by the DMV, which is simply not the case.”

“We have to continually educate people and make sure that they understand that and are comfortable with the fact that if the government’s tracking you or wants to track you, it’s not going to be through the mobile driver’s license.”

The trick, then, is to establish the mDL as a trusted, rather dull and low-risk administrative advantage, while also finding ways to frame the digital credential as a nifty enabling tool. Per Maru, much of the mission now lies in communication, since legislatively and systemically, a storing foundation has already been laid.

“We’ve got 22 states and territories right now that are issuing a mobile driver’s license and there’s several more that are on the way. Just about every jurisdiction that we represent has it workloaded within the next few years to be able to issue it.”

Article Topics

AAMVA  |  Better Identity Coalition  |  digital ID  |  FIDO Alliance  |  financial services  |  mDL (mobile driver's license)  |  NCCoE  |  NIST  |  verifiable credentials