Dive into the world of fraud with the "What The Fraud?" podcast! 🚀 Today, Tom is joined by two experts: Daniel Flowe, Head of Digital Identity at the London Stock Exchange Group, and Eddie Moxon-Garcia, Product Marketing Lead at Sumsub. Together, they explore the latest in digital ID and discuss if a reusable identity can balance privacy, security, and accessibility.
THOMAS TARANIUK: Hello, dear audience and welcome back to series three of “What The Fraud?” Podcast, a series where digital fraudsters meet their match. I’m Thomas Taraniuk, Head of Partnerships here at Sumsub, the global verification platform, helping to verify users, businesses, and transactions as well.
Governments worldwide are racing to roll out digital identity systems promising greater convenience, security, and efficiency. From Estonia’s e-Residency program to Singapore’s S Pass, these initiatives are gaining momentum. The UK is also launching, its own digital wallet to store official documents this year in 2025. But with new technology comes, new risks. Hackers recently exposed vulnerabilities in Germany’s digital ID system affecting over 10 million users.
And in India login credentials were leaked on the darkweb for just $8 as per the Aadhaar database. And in this episode today, we will sit down with Daniel Flowe, head of Digital Identity at the London Stock Exchange Group, and Eddie Moxon-Garcia, Product Marketing Lead at Sumsub to hear what’s being developed in the new digital ID sector and find out whether there really can be a reusable identity solution that balances privacy, security, and accessibility as well.
Daniel, Eddie, thank you so much for coming on the show with us today. I would love to get straight into it if you don’t mind. So Daniel, if I turn to you first, I’d like to address digital IDs. It is going absolutely global right now, and you are right at the center of it at the London Stock Exchange Group.
So how did you get into the world of digital ID in the first place and how has the landscape evolved since you started?
DANIEL FLOWE: I got into Digital ID the way most people get into anything—through personal connections. I started working with a startup called Global Data Consortium.
Back in the mid-2010s, I collaborated with them on and off as an advisor, and eventually joined full-time around 2020. Then, in 2022, we were acquired by the London Stock Exchange Group. It’s been a fascinating journey through the space, and what drew me in initially—and keeps me here—is just how full of complex, interesting problems it is.
We’ve got eight and a half billion people on the planet—how do we enable all of them to participate in the digital economy? How do we help people transact securely, prove who they are, and stay safe online? How do we protect them from fraud? These are big questions, and the challenges never really stop coming. But that’s part of what makes it exciting—there’s always something new to learn, new ways to grow, and always a race to stay ahead of the fraudsters.
What’s changed most, I think, is how the field has evolved over the past decade. Ten years ago, identity verification involved a lot of manual work. There was heavy reliance on documents, and much of the process was done behind the scenes by humans—literally eyes on glass.
But now, the technology for fraud detection and liveness verification has advanced dramatically. The adoption of digital IDs has grown so much that it feels like we’re working in a completely different space compared to when I first started.
Suggested read: Digital Identity in 2025: The Complete Guide
THOMAS TARANIUK: Absolutely, Daniel. I mean, that’s a big mission. I think, one that we’re all a part of the democratization of access to digital services globally for those underserved.
But that means sort of releasing those moats, those barriers to entry for those individuals. And of course, having people on the backend actually go through and do everything manually and over, let’s say, sorry, usage of ID documents, et cetera, can also, sort of kill progress. Eddie, great to have you on the podcast.
Finally, I would like to kick off with a question: what in your opinion are the benefits of digital ID compared to traditional methodologies?
EDDIE MOXON-GARCIA: I have to agree with Daniel—it’s a fascinating space, but one that’s riddled with challenges. Every day brings a new hurdle, which definitely keeps things interesting.
The biggest benefit, in my view, is that digital reusable identity aims to eliminate repetitive onboarding steps. That’s a major bottleneck for both businesses and users. It’s not just a company problem; it affects everyone. Right now, if you want to sign up for a new service—whether it’s opening a bank account, accessing a crypto exchange, or joining an online marketplace—you have to go through nearly the same identity verification process from scratch every single time. It’s tedious for users and results in drop-offs, rejections, and lost opportunities.
The promise of reusable identity is that you can verify once and reuse that verification across multiple platforms. That means faster onboarding and lower drop-off rates—something that benefits everyone.
But beyond that, there’s a strong case for financial inclusion. Our own research, through an initiative called Greenflag, revealed some powerful insights. There’s a fantastic white paper out there—I highly recommend reading it—which highlights that 627 million people around the world are digitally excluded. I can dive into the reasons behind that later, but the key takeaway is that this group represents a $1.75 trillion missed opportunity for businesses.
So making identity digital and reusable—and crucially, universally recognized—isn’t just about reducing friction for users. It’s also about unlocking new markets and expanding revenue potential. And I’d say that’s a pretty compelling reason for companies to care.
Suggested read: Addressing the Digital Divide in 2025
THOMAS TARANIUK: Definitely, Eddie, and we’re talking about solving a massive problem here and it’s like one step at a time.
As I’ve been thinking throughout this year, the UK government is planning to introduce a new digital wallet to store official documents—like driving licences—entirely in digital form. Countries such as Germany and Estonia have already implemented similar systems, with mixed results.
Daniel, why is there such a growing demand for digital IDs right now?
DANIEL FLOWE: I think there’s always been demand. Especially if you look at the last 25 years—as we’ve transitioned from digital interactions being a complementary part of our lives to becoming how we live our lives.
I often use my own experience as an example: I work from a home office, I bank with a financial institution that doesn’t have a physical branch anywhere near me, I live in the US, and I work for a company based in London. My digital self—everything I do online, from transacting to signing up for services—isn’t a side element of my life anymore. It is my life.
And yet, if you go back to the foundation of the internet, there was never an identity protocol built into it. There never has been. For the last 25 to 30 years, we’ve relied on physical photo IDs and user-controlled devices to make it work. It’s been a functional workaround, but still a workaround.
I like to point out that the photo ID was invented by the British in 1915, during World War I, to prevent German spies from entering the country. Fast forward a century, and even ten years ago, we were using that same hundred-year-old technology to verify ourselves online—to gain access to systems and institutions that are entirely digital.
So, I’d argue that as long as people have been transacting online, there’s been a need for a truly digital way to assert and prove identity. What’s changed in the last five years is that governments and regulators are finally starting to catch up. They’re beginning to recognize both the reality of the digital world and the needs of the people living in it.
Not to be overly picky, but I wouldn’t say the demand is new—it’s always been there. What we’re seeing now is that the older institutions are finally responding to it, and offering what people have needed all along.
THOMAS TARANIUK: Absolutely—I agree with you there. It’s a really fascinating point, because at the end of the day, as you said, we’re not replacing a hundred-year legacy of identity documents overnight.
But there’s definitely room to evolve and adapt. So Eddie, what’s your take on this? May I ask?
EDDIE MOXON-GARCIA: I completely agree—I think the demand for digital identity has always been there. But what we’re seeing now is a sharp spike, driven by a perfect storm of regulatory pressure, rising security concerns, and growing consumer expectations.
And those expectations come from the reality of how people live today. Like Daniel mentioned, you might work for a company in one country, bank with a provider that has no physical branches nearby, and manage your entire life online. Governments around the world are recognizing that paper-based identification simply doesn’t cut it in a digital-first economy anymore.
Take the UK’s digital wallet initiative, for example—and Daniel, please correct me if I’m off here. It’s part of a broader move toward self-sovereign identity, where people can control and reuse their digital credentials without needing to resubmit sensitive documents over and over again.
At the same time, businesses are under pressure to streamline onboarding while staying compliant. Regulators are tightening KYC and AML rules, yet users still expect a fast, frictionless experience. Digital identity is really the only way to meet both demands simultaneously.
All of these factors are absolutely driving demand. But as you mentioned, results have been mixed so far—and in my view, that’s because no solution should focus solely on efficiency. It has to strike the right balance with security and usability.
Germany is a great example. When they rolled out their national digital ID system, it ended up exposing significant security gaps—affecting around 10 million users. That situation highlights just how critical it is to build systems that are not only efficient but also secure, inclusive, and scalable.
So yes, the demand is high—but the real question is: can we design digital identity systems that truly deliver on all fronts?
THOMAS TARANIUK: Absolutely. It needs to be robust. At the end of the day, the idea is to stop fraudsters, right?
From our perspective, we’ve seen that identity fraud is heavily driven by the misuse of ID cards. In fact, ID cards account for around 50% of all identity fraud cases, and they’re involved in roughly 70% of document-based fraud.
So looking at it from the other side, Daniel, what kinds of protections can digital ID offer individuals when it comes to safeguarding themselves online—especially compared to the traditional, non-digital IDs that have been so frequently targeted by fraudsters?
DANIEL FLOWE: Yeah. And I think you touch on. What is a really important element in this discussion, which is that, that we shouldn’t fall in the trap of expecting a new technology to be perfect.
We should expect it to be better. And I see a lot of arguments against digital Id pointing out places where there have been breaches and there have been failures. And I don’t think there’s any denying that there have been, and there will be privacy and security issues with digital IDs.
But the question we need to ask ourselves is are we more private and more secure under some of the digital ID schemes than we are under today’s scheme? Where if I lose my wallet, I’ve lost my identity card and you know, for about 15 bucks I can get a pretty convincing digital ID that has my face and my signature on it and completely fictitious name and address.
THOMAS TARANIUK: Fifteen sounds like quite a lot as well, Daniel. I’ve seen them go for four or five bucks. I want one of the good ones. You’re being scammed there.
DANIEL FLOWE: I think the key point we need to focus on is this: when discussing the safety, security, and privacy of digital IDs, our baseline for comparison should be the real-world level of fraud that currently occurs with counterfeit identity documents and synthetic IDs. You all have some excellent research highlighting just how widespread that issue is.
We shouldn’t be comparing digital ID solutions to an imagined, flawless system where everything is perfectly secure, seamless, and confidential—because that world doesn’t exist. Our comparisons need to be grounded in reality.
Suggested read: Fraud Trends for 2025: From AI-Powered Scams to Identity Theft and Fraud Democratization
THOMAS TARANIUK: Wouldn’t that be the perfect world though?
That’s what we’re sort of always going for. So from the fraud prevention perspective, do you think a digital-first approach will reduce risks or introduce new ones? And what would those risks be if that was the case?
DANIEL FLOWE: I think, it will both reduce risks and introduce them, but fundamentally, well-designed digital ID systems can significantly reduce many of the fraud vectors we see today.
Take some of the digital driver’s licenses in the US, for example. Many are simply digital replicas of physical documents, without secure credentials or user-controlled authorization flows. That’s a weak approach.
The distinction really lies between strong and weak digital ID schemes. Strong systems require active confirmation from the user via a trusted device, which adds a powerful layer of security and makes fraud much harder.
Of course, centralizing large amounts of personal data—whether by a government or business—creates its own risk, essentially forming a “honeypot” for attackers. But we need to ask: is that risk greater than what we face today?
Most governments already store our personal data centrally. The real value of digital ID lies in moving beyond easily forged physical documents and giving individuals greater control over their identities. A key part of that is requiring active user input through a known, user-controlled device—something that effectively shuts down many common fraud tactics.
I have a colleague based in Sweden who often uses this example: he can easily look up his tax ID, name, address, and date of birth—all public information in Sweden. But because of how they’ve designed BankID and its surrounding security, none of that matters. No one can impersonate him or access his accounts, because any action ultimately requires authentication through a device he controls.
In that sense, well-designed digital ID schemes actually reduce the impact of data leaks. They make personal data less useful to fraudsters, not more.
THOMAS TARANIUK: Definitely the case. Eddie, are you on the same page as well?
EDDIE MOXON-GARCIA: Definitely. I think, your question was around are there new risks in addition to the old ones?
I think, it’s also not that black and white, right? I do believe that a digital-first approach is essential for fighting fraud, especially at scale. But it has to be intelligent and adaptive. Automation, AI and behavioral analysis have already massively improved fraud detection. The biggest advantage is that it removes reliance on human judgment and outdated manual processes with analog systems.
The risk was, I think, more. Apparently because we had to rely on how well trained a person was to spot a fake document, for example, or how accurate the physical scanning equipment was. The risk now with the new technology comes from having for overcompensating somehow.
If you have a really strict fraud prevention system, it can exclude legitimate users.
A really good example of this is biometric verification. It’s a great fraud finding tool. But it’s not foolproof. Our research again shows, I think it was around 96 million people who face verification challenges, because they’ve had changes in their physical appearance because they’ve aged or they’ve had a medical condition, they’ve had hair loss, even gender transitions and so on.
So a rigid system may misclassify people as fraud risks and lock them out unfairly. And that’s something that should be thought of when you’re trying to implement these solutions.
Suggested read: Biometric Authentication—Benefits and Risks
Another big one is country-based restrictions. So many companies automatically block users from high risk regions. And there is a large subset of the population who are affected by a blanket ban that doesn’t account for individual legitimacy. So in order to sort of mitigate this, you should be using AI-powered risk scoring that assesses behavior dynamically rather than denying access outright.
There isn’t a silver bullet to say “There’s no risk. Everyone here is legitimate. They have all the good intentions”. There should be a combination of all these different tools that we have at our disposal today. And as Daniel said, it’s no solution is perfect. We have to keep iterating and seeing what works and the nature of the solution, in my opinion, should be very much dynamic and able to adapt and have a different approach for different users.
DANIEL FLOWE: Yeah, well said.
THOMAS TARANIUK: Yeah, absolutely. I mean, iteration is essential—innovation is rarely painless. So yes, there’s bound to be some friction in the early stages. But we’ve talked about why governments are now so enthusiastic about digital ID. I’m excited about it too, and financial institutions—especially in Europe—are clearly on board as well.
Of course, the new forms of digital ID will bring changes. But what I’d really like to explore from both of your perspectives—and Eddie, you touched on this quite nicely—is: what about the public?
The financial institutions are happy, governments are moving forward… but is the public embracing this shift? Are we seeing skepticism when it comes to privacy and security?
Daniel, would you like to take this one first?
DANIEL FLOWE: Sure. There’re so many ID schemes, there’s so many countries that it’s really hard to give a blanket answer. I think you’re seeing a few things that are really driving that user adoption and user trust. There are a few interesting reports out there. For example, the Bill & Melinda Gates Foundation is involved in this space. And what we’re starting to see is a real tipping point in user adoption—when a few key elements are in place.
First, there needs to be a baseline level of trust around safety and security. It really comes down to this: does the average citizen trust their government to handle and protect their data responsibly?
Second, it’s about the number of services that actually accept and use the digital ID. We typically see adoption begin to scale when around 100 services are connected. Take Estonia, for example—they have hundreds of services integrated with their e-ID, making it part of everyday life. The same goes for the Nordics, Singapore, and India.
But where adoption tends to stall is in countries where only a limited number of services are available through the digital ID. People might sign up once but never use it again. Hong Kong is a good example—most people enrolled in the system, but due to the small number of use cases, engagement quickly dropped off.
Third, and perhaps most influential, is mandatory usage. When access to essential services—like banking or government portals—requires a digital ID, adoption tends to spike. A good example of this is itsme in Belgium. Residents must use it to access government services, so the uptake has been massive—because it’s required.
What about you, Eddie? What do you see?
EDDIE MOXON-GARCIA: That’s such an important point about forced adoption. I do think there’s a clear divide in public perception.
On one hand, people want faster, more convenient access to services—whether it’s banking, government benefits, or something else. But on the other hand, trust remains a major hurdle. Many are concerned about data privacy, surveillance, and the risk of security breaches—and as we saw with the example from Germany, those concerns are not unfounded.
I believe the key to overcoming this is transparency and giving users control over their data.
Yes, there’s excitement around digital ID, but the real test is how well these systems address security concerns and ensure inclusion—so that no legitimate users are left behind. Because ultimately, if people don’t feel they can benefit from a digital identity system, or if certain groups are being excluded, it’s unlikely to achieve the widespread adoption that governments and businesses are aiming for.
DANIEL FLOWE: Well, I think Aadhaar in India is a standout example of how digital ID can be successfully implemented at massive scale. When Aadhaar was first introduced, the World Economic Forum reported that around 25% of Indians were living in extreme poverty. You had a population of over a billion people, spread across a vast and geographically diverse country, with a significant portion facing serious economic hardship.
And yet, Aadhaar achieved remarkable levels of adoption and everyday usage.
Of course, there have been concerns, including some issues around data security. But looking at the broader picture—the decline in poverty rates, the rise in digital financial inclusion, and the increased participation of Indian citizens in the digital economy—Aadhaar demonstrates that it can be done, and done well.
THOMAS TARANIUK: Absolutely. And Eddie, correct me if I’m wrong there, I think Daniel touched on a very good point, but it’s 97% of the adult population between 16 and 65 in India have access to that Aadhaar scheme, which is amazing. The country has been known for very, very large, very good adopted censuses of the population as well.
And that’s super important to understand the population and also provide them with access to those digital services, which they might not already have. But you also touched on the security sort of side. I mean, the security debate around digital IDs is massive. We touched upon it briefly now, but whilst these government schemes of course offer or promise convenience, storing sensitive ID, storing sensitive PII, as you mentioned, within a single digital wallet.
I mean, it creates a clear sort of target for hackers, even if there are limitations around how they can actually gain access to those. There’s obviously the attraction for them. So experts across the world worry that linking passports, driver’s license, and all of these digital services with their credentials into one system creates a centralized point of failure.
So I would ask both of you actually, how can digital ID systems be secured without introducing one single attack vector? What measures other than what we’ve talked about today have been put in place?
EDDIE MOXON-GARCIA: First of all, it’s a very valid concern and point to raise. I think anyone would be terrified if they knew their whole life was contained in one single place, right?
It is about reducing reliance on this. Single point of failure, and there’s a lot of conversation around different topics. I think the main one would be decentralization and a push for self-sovereign identity, so giving users the control of their data and so on.
Suggested read: Blockchain, Digital Identity, and the Next Level of Data Security
One of the most effective is adaptive, risk-based authentication. Rather than applying the same security measures to everyone, this approach uses behavioral analytics, device intelligence, location data, and more to detect anomalies. If a login attempt seems unusual, the system triggers additional verification steps. It’s dynamic, personalized, and practical.
Another crucial measure is decoupled verification. For example, many biometric systems allow for local verification on a user’s personal device—like a smartphone—without ever storing raw biometric data in a central database. This dramatically reduces the risk of large-scale data breaches and gives users more control over their own identity.
So this alone reduces hacking risks and increases user of control. It also increases that sense of security and so on. So those two were far more practical, in my opinion, than decentralization, because inherently it does feel like you’re putting all your eggs in one basket.
DANIEL FLOWE: Yeah, and I mean a absolutely spot on response.
I think the, the only counter I’ll offer is I feel like consumers have become so callous to data breaches, that they almost don’t even register anymore. Like, how many times has T-Mobile’s database been breached? I’ve frankly lost count. And not to single them out specifically, but when you consider your digital footprint as a consumer, there’s an important reality most people don’t fully realize: every service you interact with is maintaining some version of your digital identity behind the scenes—without your knowledge or control.
Take Amazon, for example. They have a set of information about me stored somewhere I don’t know, protected by security measures I can’t verify, and governed by policies I have no say in. And that same situation plays out across every platform I use.
To reduce these risks, we absolutely need to put better safeguards in place—and we can do much better than we’re doing today. But it’s important to acknowledge that the current system is far from secure. Let’s be honest: nearly everyone listening to this podcast has likely been affected by a data leak or breach within the past few months.
THOMAS TARANIUK: Absolutely not. So we’ve talked about this a lot on our podcast, right?
It’s a little bit of a broken record in my own mind, but AI: it’s being used by fraudsters on a day-to-day basis, not only for deepfakes, but as Daniel’s mentioned earlier, for document creation and the fraudulent documents, which can actually bypass systems and of course return a very good ROI for the actual fraudster themselves.
So as for businesses, what can they do to adjust their systems to digital IDs whilst protecting themselves from possible attacks using AI, Deepfakes or otherwise?
EDDIE MOXON-GARCIA: My advice is very simple. The execution might be a little bit more complex, but let’s try. I would encourage businesses to take a very proactive approach when it comes to fighting AI fraud, because the fraudsters are evolving just as fast as a technology.
AI-driven attacks, especially deepfakes and synthetic identities have become so sophisticated. And as, Daniel mentioned earlier, most fraud attempts. A while ago, were just based on stolen documents now. We have AI-generated faces, voice cloning, entire fake personas slipping through the cracks of weak verification systems.
Suggested read: What Are Deepfakes, and How Can You Spot Them? (2025)
So in terms of what can be done practically, I would say:
Number one, and this is something we love to say at Sumsub: fight AI with AI. Enlist the power of machine learning for fraud detection. Deepfake detection models can analyze subtle facial distortions, you know, on natural blinking patterns, inconsistencies in skin texture, things that the human eye just might miss, right?
And then behavioral AI can become a tool for evaluating user interactions like keystrokes. Device data also might help determine whether an identity is real or fake.
The second point would be a multi-layered approach to identity proofing, not relying on a single authentication factor.
So, layer it: biometric liveness detection on top of device intelligence, on top of behavioral analytics.
Do as much of it as you can in a mix and match way, depending on the use case, depending on the user and so on.
The last one would be adaptive risk-based authentication. As I’ve mentioned before, just try and look for these patterns and only surface additional checks when it’s absolutely necessary.
And I think, if a company does all of this, they’re not just improving security, it’s reducing unnecessary friction for those legitimate users.
THOMAS TARANIUK: Absolutely. And, of course, on the business side as well, there’s a lot of security risks and challenges in making digital IDs truly fraud-resistant.
Daniel, from your perspective, are there key security features being prioritized right now for businesses or otherwise. Would you recommend that businesses focus on similar elements as Eddie has pointed out?
DANIEL FLOWE: Yeah. I mean, I think every, everything Eddie said is excellent. I would just add that the more a business can broaden its perspective when assessing an individual, the harder it becomes for someone to launch any kind of attack, especially an AI-driven one.
And, just to clarify, I might be overpaying for my fake IDs—I’ll explain after the podcast—but the point is, I can easily create a fake identity, complete with an address and date of birth, and obtain an identity document for a relatively small cost. However, trying to build a credit record for that identity is much more difficult and time-consuming.
So, the more organizations can expand their approach—looking beyond just the presented information and verifying it with independent, authoritative sources—the better they can handle the challenge of AI-generated content.
Additionally, another key strategy is to rely heavily on methods that require active user participation and consent.
I love Singpass. I really admire how Singpass operates, requiring active engagement from the user on a trusted device. It’s much easier to create a video of me that could potentially bypass someone else’s biometric or liveness scans. But it’s a completely different scenario when someone needs to control a device that I personally own and give explicit consent on it.
THOMAS TARANIUK: Definitely. It’s super important as well, Daniel, just to have a me well multi-layered approach to everything you do around making sure the, the person is who they say they are.
By all means that can stop of course the, the nefarious actors who are trying to bypass systems. But with the development and also that sort of exponential growth of social engineering as well, people often handing over the reigns to these accounts as well, which is something that we need to bear in mind, right?
I mean at Sumsub developing the Sumsub ID involved extensive planning and also refinements ensure. The robust security of the network as well, and there’s a few other things that we could touch upon here, but Eddie, I’d like to sort of pose a question to you as well. Would you be able to sort of break down exactly how that that works from our side?
EDDIE MOXON-GARCIA: I have to preface this by saying that there’s an army of people behind Sumsub ID, because we all deeply care about security, privacy, and user consent and finding that balance between making users feel at ease, but also providing businesses with the right verification data and information that they need to conduct their actual business.
With that in mind, Sumsub ID was very much designed to provide a seamless and secure and reusable identity form, while maintaining high compliance standards. And that compliance point is so important. Instead of having users upload documents and input data every time they sign up for a new service, Sumsub ID allows them to reuse that store document and data across multiple platforms.
So it’s very simple. Once the Sumsub ID account is created, it can be used across various platforms. The power truly lies with the user, who has full control over what data to share—and if they choose not to share anything, that’s entirely within their rights. We’ve ensured that user consent is a core part of the process, as it’s crucial.
At the same time, to address compliance requirements, we’ve made sure to accommodate the fact that different companies must adhere to varying regulations, KYC (Know Your Customer), or AML (Anti-Money Laundering) frameworks. For instance, if I create a Sumsub ID account and have my documents and data ready, but then try to use it with another company that requires my ID document to be valid for at least six months (while mine has three months remaining), we will prompt for a re-upload of the document. This ensures that compliance is always maintained.
What’s particularly interesting is that throughout the entire flow, all of our checks—whether it’s for ID verification, liveness checks, or fraud prevention—are deeply integrated.
We don’t conduct a liveness check without simultaneously checking for deepfakes or synthetic identities. Similarly, we don’t perform an ID document check without doing OCR extraction and cross-referencing against relevant databases. It’s as robust and comprehensive a solution as we could possibly create.
Suggested read: OCR: How To Extract Information From IDs
THOMAS TARANIUK: Daniel, you’ve mentioned Singpass, the Estonian Bank ID, and now the UK Government’s Digital ID program, which is set to roll out later this summer in 2025—exciting times, right? So, looking ahead, what other developments can we expect in the coming months and years?
Are there any other projects, either within or outside the UK, that you’re particularly excited about and keeping an eye on?
DANIEL FLOWE: You’ve got the EU Digital Wallet Initiative, which currently requires all member nations to have at least one, digital identity that can be presented in a mobile wallet for all residents, citizens and subjects of the EU by January 1, 26.
So that obviously is gonna be huge. There are some countries where they’re already there and it’s not really gonna be a big lift. There’s some other countries where they’ve got a lot of work to do in nine months remaining, before that deadline. I also think that there are some really interesting, IDs in like Southeast Asia that aren’t commercially available.
There’s several in Indonesia, the Philippines, where commercialization is limited or not available at all, and citizens really only use them for government services. But given the difficulty in verifying identity in some of those regions we’re working heavily with those identity ministries.
To broaden the scope of those digital IDs and make them more easily accessible for commercial vendors—that should make a huge difference in minimizing fraud, and in improving that user experience in Southeast Asia.
THOMAS TARANIUK: That’s a really interesting point. Much of our lives are now online, especially when it comes to financial transactions and ensuring financial inclusion.
Eddie, from your perspective, how crucial is it to establish international agreements on regulation? Are you optimistic about this? While the EU is making strides in this area, there’s also the growing demand for cross-border remittance—whether across the West, East, or beyond. How important is it to address this on a global scale?
EDDIE MOXON-GARCIA: How important it is? I think going back to Daniel’s introduction and his depiction of his life—living somewhere, working for a company based in a different country, doing business with another bank—it’s crucial, because this is the way that we live now.
Interoperability amongst all these companies is what’s going to ensure that I, as a user, as a citizen, as a normal person, adopt, um, this type of solution. Because if I move from the US to Spain and then I go to Southeast Asia, I want to be able to open a bank account seamlessly and with very little pain.
And that is not the case right now. And this is a very real problem. And it’s linked to all sorts of immigration debates and, you know, being able to prove your identity when you don’t have documents in a new country, for example. It’s very tricky. So I think it’s incredibly important. I don’t know how optimistic I am that the nations of the world would agree.
But hopefully. The technology is advancing really fast, as we said before. So I think maybe that will give a push for governments and institutions to at least pay a little bit more attention.
And then, just realize the benefits we’ve been discussing for the past hour. It’s not just about making the user’s life easier; there is also a financial and economic advantage for businesses that adopt these technologies.
THOMAS TARANIUK: Absolutely, that’s definitely the case. I love how positive we’ve been in today’s podcast episode. But when we look at the benefits, it’s clear—especially for people like us, day-to-day, and for the businesses we work with, buy from, or use services from—just how crucial digital identity is. A global or at least interoperable digital identity is incredibly important.
Ultimately, it’s going to save businesses a lot of time, and of course, users will benefit by saving time and avoiding headaches as well. But are there any other benefits we could discuss and share with our audience today?
DANIEL FLOWE: I would argue that, I think that the biggest benefit, and Eddie touched on this earlier, is that the estimates range from what 600 million to 800 million people in the world don’t have an identity at all.
They can’t participate in the digital economy. They can’t transact online. They can’t vote, they can’t bank. And I think that’s a humanitarian crisis.
I spent a lot of time in Africa about 15 years ago. One of the things that was really interesting back then was that most of Africa skipped landlines. And they just went straight to mobile phones. Everyone had a mobile phone. Everyone had access to mobile internet and very few people had landlines. They just never ran the cables. I think that there’s an opportunity for us in some of these more impoverished or low income countries to take a similar initiative with identity.
I would love to see us help them skip physical identity documents altogether. And let’s just go straight to digital identity. Let’s go straight to mobile internet access for people. Let’s take that number from, you know, six to 800 million down to zero in our lifetimes.
EDDIE MOXON-GARCIA: I couldn’t agree more. I don’t have anything more optimistic to say than that. And I think, for normal people, like reusable or digital identity is not something that you. Think about until you come across a problem, until you cannot open a bank account or whatever it may be. So for businesses, it’s just a win-win: you’re ensuring your, your users are having a great onboarding experience. You are improving your fraud prevention tactics without adding unnecessary barriers for the users. I really don’t see a downside in the adoption of this.
THOMAS TARANIUK: Absolutely. Well, not so much the adoption, just maybe some of the, the friction that we’ll see.
And the adoption of new methods or methodologies from fraudsters’, perspectives of trying to target these spots as well. We’re coming towards the end of our podcast today. Eddie, Daniel, it’s been great, but we’d love to get to know you more on a deeper level—a more personal level. So would you both join me for five quickfire questions?
I’m going to ask both of you and if you can give me a quick answer, we’ll move from question to question. Are you ready?
So when choosing a digital wallet, do you go for more features or better security?
DANIEL FLOWE: Better security.
EDDIE MOXON-GARCIA: Better security.
THOMAS TARANIUK: Better security. Ok, both aligned here. What’s one thing about fraud that still surprises you even after all of your experience?
DANIEL FLOWE: The social engineering element: how many people, regardless of the barriers put in place, voluntarily, give control of their accounts to bad actors.
THOMAS TARANIUK: It does happen, doesn’t it? Eddie, are you on the same page? What else is there?
EDDIE MOXON-GARCIA: The level of sophistication. I also like to highlight digital literacy as a barrier to adopting this technology. While I consider myself fairly digitally literate, there are still times when I receive an email or message in my own banking platform that makes me pause and think, ‘Hold on a minute.’ I find myself double-checking to ensure it’s legitimate.
The sophistication of these attempts is so high that even someone like me, who’s relatively up to date with the latest scams, can be caught off guard. It’s striking how advanced the tactics are, and honestly, not in a good way.
THOMAS TARANIUK: Super scary. And I think that feeds into what Daniel was saying about the manipulative side of social engineering as well. But that takes us well into our next question. Have you ever actually been a victim of fraud yourself?
DANIEL FLOWE: Yes. I have certainly had credit card numbers stolen and abused. I almost clicked on a link. So there’s a big scam in the States right now around highway tolls. And I had just gotten back from a road trip where we drove through some States and I got a notice that I had unpaid tolls, and my thumb was hovering over the link and I’m like, how did they get my phone number?
EDDIE MOXON-GARCIA: I think the most recent example of a digital scam I encountered is actually quite common in Spain. When you’re waiting for a parcel to be delivered, you receive a text message claiming that you need to pay 5 cents to unlock the package. It seems legitimate at first.
When you’re eagerly awaiting your delivery, you’re not always thinking clearly. You just want to get your package, so you pay whatever fee is requested. But then, you land on a website that doesn’t look entirely authentic, and you realize—you’ve almost fallen for it. That’s the last scam I almost got caught in.
THOMAS TARANIUK: Okay. Well, there’s always next time. So stay safe. I also have a question on the back, which I think this flows quite nicely into. What’s one habit now that you rely on to stay safe online?
EDDIE MOXON-GARCIA: I don’t encourage anyone to do this, but when I get the iPhone message saying, your password has been compromised, or whatever, ever since that started happening, I now every three months do a full sweep and I change all my passwords.
I make sure everything is as secure as possible, or as close to ‘unhackable’ as I can get it. I’ve also consolidated my email addresses—at one point, I had around 17 different ones. One for business, another for friends, another for utilities, and so on. Now, I only use two: my personal email, which I share sparingly, and my everyday email for regular use.
I’m also focusing on reducing my exposure by being more selective about who I share my email addresses with, keeping them to a minimum.
THOMAS TARANIUK: Interesting, perhaps a critical single points of failure then as well, Eddie?
DANIEL FLOWE: We’ve been so optimistic here. I think just a constant paranoia and cynicism has served me well. If you believe everyone’s out to get you, it is certainly helpful in avoiding becoming a fraud victim.
THOMAS TARANIUK: Oh, absolutely. I think I’m on the same mindset as well. And if we’re looking towards the end of the quickfire questions as well, I’d like to ask you both a very, a very interesting one.
You might be quite pensive about it, but if you could have any other career other than the one you currently have, what would it be?
EDDIE MOXON-GARCIA: I would be a photographer. It’s the easiest answer I can give you. There’s no risk of being scammed. You’re out there in nature taking photos and that’s it. That’s, that’s what I would do.
DANIEL FLOWE: No one at five years old says “I want to work in digital identity product and prevent online scams”. It’s probably safe to say that all of us in this field had a dream of something else. I some point. I think I’m with Eddie. It would be something outside and something in the arts that I would want to do.
THOMAS TARANIUK: I think that brings us to the end of our show today.
So I would like to thank both of our guests. Eddie, Daniel, you’ve been amazing. We’ve touched on so many important topics today, and we’ve been wholly optimistic throughout, which is fantastic. So hope the audience has enjoyed, and of course taken some great pointers back. But is there anything you’d like to say before we go?
DANIEL FLOWE: Thank you for having me, and I’m glad to be working alongside and with such smart people to keep everyone safe and fraud free.
EDDIE MOXON-GARCIA: Likewise. Thank you for having me, Tom.
