Leveraging Identity Verification to Treat Your Customers Like Individuals
Clive Bourke
President, EMEA & APAC
Clive Bourke is President of EMEA and APAC for Daon and is a member of Daon’s Board of Directors. His team are responsible for all Daon’s business activities across Europe, the Middle East, Africa and Asia Pacific. They deliver and support biometric and identity solutions in banking, payment, public sector, aviation, telecommunication, gaming, online markets and fintech sectors.
Clive has been intimately involved in the development of Daon from start-up to an established global business with market leadership in biometrics and identity. With over 25 years of international technology experience, Clive brings a track record in taking multiple first-of-a-kind initiatives from concept to realization. He earned his Electronic Engineering degree from University College Dublin in Ireland.
In his free time, Clive enjoys going to the gym, running, hanging with family and socializing, reading and playing golf.
April 16, 2026
Banks wrongly assume security and customer experience exist in opposition, creating fragmented authentication that frustrates users while missing actual fraud. Identity Continuity frontloads verification into biometric enrollment, then maintains continuous authentication across all interactions. This eliminates repeated checkpoints while delivering risk-based protection customers trust.
Many modern digital banks wrongly assume that seamless customer experiences and robust security exist in opposition. With that false trade-off in mind, organizations often architect authentication systems as if every security measure costs customer satisfaction, and every convenience creates vulnerability. This zero-sum thinking has produced a banking landscape filled with frustrating compromises and the consequences are tangible. In reality, customers must navigate multiple verification checkpoints for routine transactions, while actual fraud threats slip through gaps in fragmented security infrastructure.
Identity verification built on Identity Continuity principles shatters this misconception entirely. Rather than functioning as a security checkpoint that interrupts customer journeys, robust identity infrastructure transforms into a personalization engine recognizing each customer as the unique individual they are. Strong enrollment enables effortless interactions precisely because the system knows with confidence who it’s serving.
The institutions that grasp this shift will fundamentally change how customers experience digital banking. When properly implemented, authentication architecture treats customers as individuals to protect and serve, not risks to manage.
Rethinking Security & Customer Experience
Traditional banking architecture operates on a simple equation where friction equals security and convenience equals risk. In this example, adding authentication steps protects customers, but removing obstacles exposes them. This way of thinking has driven decades of poorly conceived design decisions that accept customer frustration as the inevitable cost of adequate protection.
Properly designed systems deliver both security and customer satisfaction simultaneously. An Australian bank that Daon worked with in the past informed our Customer Success team that they learned this distinction through direct customer feedback. The bank had developed a payment journey so seamless that customers felt unsafe. Concerned users ended up abandoning transactions not because the process was difficult, but because it felt insufficiently protected. The bank had eliminated friction entirely and customers interpreted that absence as negligence.
What customers want is intentional friction at moments that matter—confirmation prompts asking “Are you sure? Would you like to reconfirm?” before large transfers, visible security measures demonstrating protection is active. Customers expect and appreciate security at “moments of truth” where genuine risk exists. Well-placed friction builds confidence without creating complexity.
Identity Continuity principles resolve this tension by frontloading verification effort into enrollment. Strong initial enrollment combining biometrics and document validation establishes multi-factor authentication from day one. A single, robust verification completed during enrollment unlocks frictionless access and transactions afterward. NIST guidance reinforces this approach, recommending organizations bind multiple authenticators to minimize account recovery needs. Implementing identity continuity ensures the institution holds sufficient, timely identity data to authorize confident action while maintaining strong customer protection. When enrollment captures comprehensive identity verification, institutions possess layered assurance enabling confident authorization without repeated verification demands.
From Checkpoints to Journeys: Continuous Authentication That Knows YOU
Traditional identity verification operates on a checkpoint model, including verification at onboarding, periodic re-verification thereafter, and isolated treatment for each authentication event. Identity Continuity reframes verification as a continuous journey where the system maintains awareness of who is accessing services and how that access compares to established patterns.
Consider a concrete scenario: Employee-X passes a strongly-bound device to Colleague-Y. Both are legitimate users within the organization, but only Employee-X should access certain accounts or systems. Passive continuous authentication detects the handover through behavioral signals—different height affects device angle, different gait creates distinct movement patterns, usage behaviors stray from established norms. These deviations trigger active step-up authentication, and a facial biometric prompt confirms the current user is Colleague-Y and not Employee-X.
Drawing on these capabilities, real-world implementations discovered student syndicates selling authenticated devices for $500 each, specifically for money laundering schemes. The devices passed initial authentication because they were genuinely enrolled. Continuous authentication detected that different individuals were using those devices, flagging suspicious activity that checkpoint-based security would miss entirely.
Continuous monitoring doesn’t mean constant interruption. Systems learn normal patterns, like typical banking hours, usual locations, familiar devices, and characteristic transaction amounts. When behavior stays within established parameters, authentication remains unobtrusive. Deviations trigger appropriate responses calibrated to risk level. This represents intelligent, context-aware protection rather than invisible security that customers neither see nor trust.
Personalization vs. Surveillance
A fundamental tension exists between the need for robust security and the desire for identity-based personalization. Organizations collect extensive personal information through verification processes, creating temptation to leverage that data for marketing, product recommendations, or behavioral profiling. However, identity security experts assert that using this sensitive data for personalization is fundamentally problematic, arguing that information collected in a trusted form must strictly serve the continuous protection of the human.
Identity data should protect, not profile for marketing purposes, establishing a clear division between security and commercial uses. Any non-security uses require explicit consent, meaning institutions must refrain from sharing data or using identity information to personalize customer experiences beyond protection. This stance challenges industry practices where verification data routinely feeds recommendation engines, targeted advertising, and cross-selling initiatives.
The conflict between data security and commercial temptation forces organizations to confront a critical choice: Is data usage perceived as cool and convenient, or is it seen as icky and trust-eroding? Companies maintaining trust as their core operating principle will win the medium-term competitive landscape, even if they forgo short-term revenue from data monetization. The “sugar hit” of convenience marketing—using identity data to create personalized product pitches—delivers immediate engagement metrics but erodes the foundational trust that verification processes are meant to establish. Customers who provide biometric data expect that information will protect them, not target them.
Decentralized identity frameworks will drive this critical decision by shifting ownership of verified data away from the organization and back to the user. These frameworks empower customers with self-sovereign identity, meaning they become the keepers of their attested credentials and biometrics. As customers gain control over verified credentials and can selectively share information (or refuse to share it altogether), organizations that treated identity data as marketing fuel will find themselves excluded.
Not all personalization erodes trust. Personalized authentication experiences—allowing customers to choose face versus voice, setting security preferences, controlling which features require step-up verification—grant control rather than exploit. Personalized security preferences represent legitimate individualization. Personalized marketing based on identity verification data crosses the line. Daon’s architectural approach embodies this principle: biometric templates are stored separately from personally identifiable information and cannot be connected even if systems are breached. The technical infrastructure enforces the ethical boundary and establishes that identity data exists for protection, full stop.
Putting Customers in Control: Security as Shared Responsibility
The digital security industry operates on a problematic assumption: that customers want protection to remain completely invisible. This philosophy treats authentication as something to hide and customer awareness as a design failure.
This invisible security myth doesn’t reflect how customers actually behave. People practice significantly better security in physical environments than digital ones. They lock car doors in unfamiliar neighborhoods and secure valuables in hotel safes, yet these same individuals reuse passwords across critical accounts and share credentials with family members. The gap exists because physical security feels tangible while digital security remains abstract.
Making digital security tangible requires customer involvement rather than invisibility. When customers understand what protections are active and why certain verifications occur, they become partners in their own security. Consider step-up authentication before high-value transfers. Transparent messaging demonstrates protection: “We noticed this payment is larger than usual and going to a new recipient. Let’s confirm it’s really you.” The friction isn’t arbitrary obstruction, it’s responsive protection that customers recognize as safeguarding their interests.
Customer involvement also generates valuable security intelligence. When institutions give customers control over high-risk features (enabling or disabling cryptocurrency transfers or international payments) those behavioral changes become signals feeding dynamic risk engines with context automated systems would miss.
Biometric Recovery: Restoring Access Without Starting Over
Account recovery situations occur constantly, through forgotten passwords, lost devices, or stolen phones. Traditional approaches treat recovery as an afterthought, creating experiences where locked-out customers face 20-minute hold times, bureaucratic verification procedures, and treatment as threats to manage rather than people needing help. Customers experiencing urgent access problems deserve responses that maintain dignity and urgency, whether they’re locked out while traveling, dealing with a stolen device, or responding to compromised credentials.
Recovery should mirror enrollment. What bound customer and institution together? Biometrics. The customer’s face, voice, and behavioral patterns belong uniquely to them. A simple selfie restores access: human, personal, secure. No passwords to reset, no security questions remembered from account creation years earlier. The process leverages what the customer knows to be theirs and only theirs, creating continuity between enrollment and recovery. The relationship established at the beginning persists through the recovery process. Customers don’t become strangers requiring re-verification from scratch. They remain known individuals temporarily separated from access credentials.
Recovery isn’t an edge case requiring workaround procedures. It’s a core journey deserving first-class design attention. Identity Continuity principles anticipate loss of access and architect recovery as integral to the overall experience. Systems maintain customer dignity during vulnerable moments while reducing support costs through automated, secure restoration processes. Recovery designed upfront transforms a frustrating crisis into an opportunity to demonstrate that the institution recognizes and values the individual, even when access credentials fail.
The Individual at the Center
Identity verification built on Identity Continuity principles makes “one customer, one record” genuinely achievable. Strong biometric foundations enable personalization through security rather than surveillance. Customers become active participants in their own protection, not passive subjects of institutional security theater. Recovery maintains human relationships even during crisis moments when access fails.
The ultimate goal transcends operational efficiency or fraud prevention: digital access should function as a fundamental right, delivered through technology that sees and serves each customer as the unique individual they are. Organizations that maintain trust through privacy-first identity verification, customer empowerment, and human-centered design will win the long competitive game.
The eIDAS 2.0 framework signals broader shifts toward user-held identity wallets designed to reduce onboarding friction and online fraud while preserving privacy. These emerging models validate the principles that forward-thinking institutions are already implementing: strong verification enables better experiences, customer control builds sustainable trust, and recovery processes can maintain relationship continuity.
The technology exists today to dissolve the false security-experience trade-off. The remaining task is for institutions to rebuild their authentication architecture around the human at the center rather than the systems surrounding them.
