City of London urges identity network

Identity is the thing underneath this story. Not passwords by themselves — identity. Who a customer really is. Who an employee really is. Who should be trusted to get through a gate without setting off alarms. The City of London Corporation wants tech firms to help build a new digital verification service for the UK financial sector, and the timing is not subtle. Fraud is eating a huge chunk of British crime and the old model — every company verifying everyone on its own — looks slow, expensive, and easy to game. (news.cityoflondon.gov.uk) ### What did the City actually ask for? On May 8, the City of London Corporation said it wants technology firms to help shape a blueprint for digital verification services that banks and other financial firms could use to verify people more reliably. The basic idea is shared infrastructure. A pers(news.cityoflondon.gov.uk) of forcing every institution to start from scratch. The City framed it as anti-fraud plumbing, but also as a way to cut admin costs and make access to services less painful. (news.cityoflondon.gov.uk) ### Why now? Because the fraud backdrop is ugly. The City’s own materials say fraud makes up about 40% of recorded crime in England and Wales, which is why identity verification has moved from a compliance chore to a national economic problem. The Corporation is also tying this to a wider UK polic(news.cityoflondon.gov.uk)public money going into the broader anti-fraud effort. (cityam.com) ### What problem is a verification network trying to solve? Basically, fragmentation. Right now, every bank, fintech, and service provider runs its own checks, stores its own evidence, and makes its own trust decision. That creates duplicated cost and lots of weak seams between systems. A shared verification laye(cityam.com) once through an approved route, then reuse that result where it’s accepted. The City says that kind of setup could make fraud easier to detect while modernizing how firms onboard and authenticate customers. (news.cityoflondon.gov.uk) ### Why does the employee-login survey matter here? Because it blows up the comforting idea that identity and access management is mostly about keeping outsiders out. Cifas said 13% of respondents had sold company login details to a former colleague in the last year or knew someone who had, and th(news.cityoflondon.gov.uk)agers and 36% for directors on the “justifiable” question. That turns identity into an insider-risk problem too. If valid credentials can be traded, a system needs stronger proof of who is behind the login, not just whether the password works. (itpro.com) ### So is this about consumers or employees? Mostly consumers in the City’s current proposal, but the logic spills over fast. The published plan focuses on people using financial products and services. But the same trust problem shows up inside companies. A credential is only useful if it sta(itpro.com)roof starts to look thin. That is why this story matters beyond banks. It touches enterprise security, fraud controls, and regulation at the same time. (news.cityoflondon.gov.uk) ### What’s the economic pitch? The City is selling this as both security and growth. In the new call to industry, it said the proposed service could unlock nearly £5 billion in fraud mitigation and digital-modernisation benefits. An earlier City report had put the upside lower — about £1.8 billion(news.cityoflondon.gov.uk)ency argument. (news.cityoflondon.gov.uk) ### What’s the catch? Shared identity systems only help if lots of firms trust them, regulators accept them, and consumers actually use them. That means standards, liability rules, privacy guardrails, and a market structure that does not just create one more silo with better branding. The City is (news.cityoflondon.gov.uk)on the rails. (news.cityoflondon.gov.uk) ### Bottom line? This is where the identity story is heading. Passwords and MFA still matter, but they are no longer the whole plot. Fraud pressure is pushing the UK toward reusable digital verification on the customer side, while insider-risk data is showing why “valid login” is not the same thing as “trusted person.” (news.cityoflondon.gov.uk)