Identity Continuity Is the Only Authentication Architecture Built for the Future
Clive Bourke
President, EMEA & APAC
Clive Bourke is President of EMEA and APAC for Daon and is a member of Daon’s Board of Directors. His team are responsible for all Daon’s business activities across Europe, the Middle East, Africa and Asia Pacific. They deliver and support biometric and identity solutions in banking, payment, public sector, aviation, telecommunication, gaming, online markets and fintech sectors.
Clive has been intimately involved in the development of Daon from start-up to an established global business with market leadership in biometrics and identity. With over 25 years of international technology experience, Clive brings a track record in taking multiple first-of-a-kind initiatives from concept to realization. He earned his Electronic Engineering degree from University College Dublin in Ireland.
In his free time, Clive enjoys going to the gym, running, hanging with family and socializing, reading and playing golf.
April 2, 2026
Traditional authentication treats identity as disconnected checkpoints using passwords and security questions vulnerable to theft, social engineering, and SIM swapping attacks. Identity Continuity establishes verified biometric identity at onboarding and maintains continuous authentication across all channels and devices, eliminating password resets while stopping credential-based fraud that causes 77% of breaches and costs organizations an average of $4.8 million per incident.
The way customers interact with financial services, healthcare systems, and digital platforms has fundamentally changed over time, but authentication infrastructure still relies on passwords and security questions designed for an earlier era. Organizations face an impossible choice: frustrate customers with cumbersome security processes or expose them to fraud with inadequate protection.
The authentication alternatives everyone relies on were built for a different threat landscape. Passwords remain vulnerable by design. Security questions have answers readily available on social media. One-time passwords sent via SMS face interception vulnerabilities. Even device-locked biometrics authenticate hardware rather than humans, creating a critical gap between convenience and genuine security.
Identity Continuity solves this structural problem by treating identity as a continuous journey rather than a series of repeated checkpoints. Built on biometric authentication (verifying who you are, not what you know or possess), Identity Continuity establishes a single unified record for each customer that follows them across all channels and interactions throughout their relationship with your organization.
Why Every Alternative to Biometrics Breaks Down Under Pressure
Authentication factors fall into three categories: what you know, what you have, and who you are. The first two categories—knowledge-based and possession-based authentication—share a common weakness. They can be compromised, transferred, or circumvented in ways that biometric factors simply cannot.
What You Know: The Knowledge Factor Problem
The average user manages 255 passwords across personal and business accounts, according to NordPass. Despite enhanced password requirements across platforms, the most common password remains “123456.” Gartner estimates that 40% of all helpdesk calls involve password resets, while research from Sapio Research found that people abandon purchases and services an average of 4.76 times daily when they cannot remember passwords.
Security questions fare no better. The answers to common verification questions (mother’s maiden name, first pet, high school mascot) are readily available through social media profiles or previous data breaches. One-time passwords delivered via SMS face their own vulnerabilities, from SIM swapping attacks to SS7 protocol interception. Call centers remain susceptible to social engineering, where fraudsters manipulate customer service representatives into granting account access.
The business impact is measurable. One-third of consumers will abandon online transactions that exceed 30 minutes, according to Experian. When authentication friction costs revenue, organizations face pressure to reduce security measures at precisely the moment fraud attacks are accelerating.
What You Have: The Device Authentication Gap
Device-based biometrics like Face ID and Touch ID represent a significant improvement over passwords for unlocking smartphones. However, these systems verify device possession rather than individual identity. This creates a critical distinction: confirming that someone has access to an authenticated device is not the same as confirming they are the actual account holder.
This gap becomes apparent across multiple scenarios. Device authentication breaks down when customers switch devices, use borrowed devices, access services via web browsers on different computers, or interact through contact centers. Organizations relying on device-based authentication also cede control over security thresholds and enrollment standards to device manufacturers. They cannot adjust authentication strength based on transaction risk or calibrate security requirements for specific use cases.
The Regulatory Reality
Regulatory frameworks are recognizing these limitations. The European Union’s PSD3 regulations require stronger authentication for digital payments, establishing standards that knowledge-based and simple possession factors cannot meet. Compliance frameworks across industries are tightening requirements, making inadequate authentication both a security liability and a regulatory risk.
Identity Continuity: One Customer, One Record, Continuous Trust
Identity Continuity establishes a fundamentally different architecture. Rather than treating each authentication event as an isolated checkpoint, it creates a single centralized identity profile for each customer that follows them across every touchpoint: mobile applications, web portals, contact centers, and in-person interactions.
This continuous authentication framework integrates three processes that traditional systems treat separately:
Verification establishes identity during customer onboarding. A customer scans their government-issued ID document and takes a selfie. The system analyzes the document for authenticity—examining security features like watermarks, holograms, and embedded chips—then links the validated document to the customer’s biometric template.
Authentication confirms identity during each subsequent interaction. A quick facial scan or voice sample matches against the stored template in seconds. This works across any channel and any device, remaining invisible to customers when behavioral patterns align with their established profile while prompting additional verification only when risk indicators warrant it.
Recovery maintains account access without knowledge-based factors. When customers need to regain access, a simple selfie verifies their identity and restores account control. No password reset calls, no security questions, no lengthy verification processes.
Why Biometrics Form the Foundation
Biometric authentication is based on who you are: facial features, voice patterns, behavioral characteristics. These factors cannot be lost, stolen, forgotten, or willingly shared the way passwords can. When Identity Continuity captures biometric data, it doesn’t store photographs or voice recordings. Instead, it creates mathematical templates, encrypted representations of distinguishing features that cannot be reverse-engineered to recreate images even if compromised in a data breach.
This architectural approach gives organizations control over the matching process in ways that device-based systems cannot provide. Security requirements can adjust based on transaction value, user behavior patterns, channel risk, and regulatory requirements. A routine balance check might require lower matching confidence than a $50,000 international wire transfer. The same authentication experience works consistently across channels, whether a customer accesses their account via mobile app, desktop browser, or a phone call to a contact center.
When integrated with multi-factor authentication frameworks, biometrics serve as the strongest available factor. Organizations can combine biometric verification with registered device authentication—satisfying multi-factor requirements without any knowledge-based dependencies—or replace weak factor combinations entirely.
Identity Continuity isn’t simply adding biometric capabilities to existing authentication systems. It’s rebuilding the entire authentication architecture around continuous identity verification, where the customer’s identity remains consistently verified throughout every interaction rather than repeatedly challenged at disconnected checkpoints.
Four Compounding Advantages
Organizations implementing Identity Continuity gain advantages across four dimensions that reinforce each other over time.
Security benefits extend beyond basic fraud prevention. Liveness detection defeats presentation attacks using photos, videos, masks, or deepfake technology. Injection attack prevention stops synthetic identities created by digitally manipulating verification processes. The architecture is immune to phishing, credential stuffing, and social engineering attacks that target knowledge-based factors. Continuous monitoring can detect account takeover attempts in real-time by identifying behavioral deviations that indicate unauthorized access.
User experience improvements eliminate the friction that drives customer abandonment. Passwordless authentication replaces credentials with facial scans or voice samples. Self-service account recovery removes the need for support calls. Customers can choose between biometric modalities based on personal preference or situational convenience. Most importantly, the experience remains consistent across all channels, eliminating the frustration of different security requirements for mobile, web, and phone interactions.
Compliance capabilities address regulatory requirements that knowledge-based authentication cannot satisfy. PSD3’s strong authentication mandates, GDPR and BIPA privacy requirements, and industry-specific regulations all demand demonstrable organizational control over identity verification processes. NIST-tested algorithms provide the documentation compliance audits require. Clear audit trails track authentication events and security decisions. Flexible deployment options (cloud, on-premise, or hybrid) address data sovereignty requirements across jurisdictions.
Operational efficiency translates into measurable cost reduction. Eliminating password resets removes a support burden that consumes 40% of helpdesk calls. Preventing fraud losses protects against average data breach costs of $4.8 million, according to IBM research. Consolidating identity verification, authentication, and recovery onto a single platform reduces technical complexity and integration costs. The architecture scales to handle growing transaction volumes without proportional increases in operational overhead.
These advantages compound over time. Better security enables organizations to offer improved user experiences. Enhanced user experiences drive customer adoption and satisfaction. Stronger compliance postures reduce regulatory risk and audit costs. Lower operational costs free resources for innovation. Each improvement reinforces the others.
Privacy: Why Biometrics Are Actually Safer
Biometric authentication raises legitimate privacy questions that organizations must address transparently. The key distinction is that biometric templates are mathematical representations, not images or recordings. These templates cannot be reverse-engineered to recreate photographs or voice samples even if stolen during a data breach.
Identity Continuity architectures encrypt biometric data and separate it from personally identifiable information. Even if an attacker gained access to stored templates, they would acquire meaningless mathematical sequences with no connection to specific individuals. User consent and control are built into the enrollment process. Systems designed for BIPA, GDPR, and CCPA compliance include transparent data usage policies and customer rights to modify or delete their biometric profiles.
Unlike password theft—which immediately enables account access—biometric data theft provides no direct path to fraud. The stolen data cannot authenticate against live verification systems that confirm human presence through liveness detection. For comprehensive discussion of biometric privacy and data protection principles, see our dedicated article on privacy-first biometric design.
The Inevitable Trajectory
The shift toward Identity Continuity reflects three converging forces that make this evolution inevitable rather than optional.
The threat landscape has evolved dramatically. AI-generated deepfakes and synthetic identities now challenge fraud detection systems that relied on manual review and human intuition. Fraudsters adapt their techniques faster than organizations can deploy quarterly security patches. According to Deloitte, synthetic identity fraud represents the fastest-growing financial crime in the United States, with associated losses expected to exceed $23 billion by 2030.
Regulatory momentum continues building globally. PSD3 and similar strong authentication mandates establish requirements that knowledge-based factors cannot satisfy. Privacy frameworks demand demonstrable organizational control over identity verification processes. Compliance has shifted from checkbox exercise to competitive differentiator as customers increasingly evaluate service providers based on their data protection practices.
Market recognition of authentication’s strategic importance is accelerating. The Identity Defined Security Alliance (IDSA) reports that 90% of businesses experienced identity-related incidents in 2024. Organizations are treating authentication infrastructure as strategic priority rather than technical implementation detail.
Daon originated the Identity Continuity concept over five years ago and remains the market’s most experienced practitioner in production deployments. The TrustX platform powers implementations across regulated industries, supported by NIST-tested and ISO-certified algorithms that provide the technical foundation compliance frameworks require.
Every organization will eventually be required to adopt Identity Continuity and continuous authentication. Thankfully, authentication infrastructure is finally catching up to the demands digital transformation placed on it years ago. Organizations implementing these systems now are gaining competitive advantages measured in years, not months.
The shift from fragmented authentication checkpoints to Identity Continuity—continuous authentication across the customer lifecycle—isn’t simply better security. It’s the foundation that makes modern digital services possible. Identity Continuity represents where authentication must evolve to support the experiences customers expect and the security that regulations require. The organizations leading this transition understand that identity infrastructure is no longer a technical detail buried in IT architecture. It’s a strategic asset that enables growth, ensures compliance, and builds customer trust.
