Signal fusion for identity and fraud

Banks and payment companies are shifting fraud checks from one-off rules to live identity scoring that combines credentials, device data, behavior, and payment signals in milliseconds. (w3.org; docs.stripe.com; developer.payments.jpmorgan.com) A verifiable credential is a tamper-evident digital document — the online equivalent of a driver’s license or diploma — that moves between an issuer, a holder, and a verifier. The World Wide Web Consortium’s Verifiable Credentials Data Model 2.0 says the format is designed to be cryptographically secure, privacy-respecting, and machine-verifiable. (w3.org) In financial onboarding, that model is being tested as a replacement for repeated document uploads and manual know-your-customer checks. A 2024 Springer chapter on self-sovereign identity for digital KYC said current KYC processes are inefficient and costly, and proposed a framework for using self-sovereign identity to mitigate those problems. (link.springer.com) The other half of the shift is signal fusion: systems score a transaction by linking browser, payment method, past activity, and other clues instead of relying on a single flag. Stripe says its Radar model evaluates payments in real time using hundreds of risk factors, while J.P. Morgan says its fraud-analysis API returns a synchronous risk decision and risk elements before a merchant decides whether to proceed. (docs.stripe.com; developer.payments.jpmorgan.com) That architecture changes what “step-up” means. Instead of challenging every customer, firms can let low-risk transactions pass and ask for extra proof — such as 3-D Secure or a phishing-resistant authenticator — only when the score crosses a threshold. (docs.stripe.com; idmanagement.gov; fidoalliance.org) U.S. standards already support that risk-based approach. NIST’s Digital Identity Guidelines frame identity proofing and authentication as assurance decisions tied to risk, not blanket checks for every user and every session. (nist.gov; doi.gov) The fraud numbers show why companies are investing now. Javelin said traditional identity-fraud losses in the U.S. held steady at $27.3 billion in 2025 after a 19% rise in 2024, while scam losses fell 45% year over year to just under $11 billion; Javelin attributed the drop in part to consumer awareness, industry task forces, and clearer scam definitions. (javelinstrategy.com) Those gains are uneven. Javelin said new-account fraud victims rose 31% to 5.4 million in 2025 and account-takeover victims rose 18% to 6 million, while consumers spent an average 10.4 hours resolving identity-fraud cases. (javelinstrategy.com) Vendors and researchers are also warning that fraud is getting more automated. Entrust’s 2025 Identity Fraud Report highlighted generative artificial intelligence in document fraud, deepfakes in biometric attacks, synthetic identities, and fraud-as-a-service, and Sumsub said its 2025–2026 report analyzed more than 4 million fraud attempts across 2024 and 2025. (entrust.com; sumsub.com) Regulators are paying closer attention too. The Federal Reserve, Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation opened a request for information on payments fraud on June 16, 2025, and the Federal Trade Commission continues to publish live consumer-reporting dashboards for fraud and identity theft. (federalreserve.gov; occ.treas.gov; ftc.gov) The thread running through all of it is speed with context: reusable digital identity for onboarding, real-time scoring for transactions, and extra checks only when the risk score says they are needed. The promise is fewer manual reviews for legitimate customers and fewer openings for identity fraudsters. (w3.org; docs.stripe.com; developer.payments.jpmorgan.com)