# The Identity Question: Who Owns the Customer When Wallets Replace Accounts?
*By Clint Sookermany | The AI Value Institute*
---
Banks Have Used Onboarding Friction as a Retention Strategy for Two Centuries. That Strategy Just Got Legislated Away.
For most of banking history, the barrier to switching was not inferior service at the destination. It was the cost of leaving. Onboarding a new bank took days, sometimes weeks. KYC documentation had to be submitted again from scratch. Direct debits had to be rerouted. For retail customers, it was inconvenient. For corporate clients, it was genuinely expensive -- averaging $1,500 to $3,500 per review at a major institution. Banks did not engineer this friction out of malice. But they also did not engineer it away.
That calculation is about to change. Not because banks have finally decided to compete on service, but because a legal mandate is removing the friction from the outside.
The European Digital Identity (EUDI) wallet framework, under eIDAS 2.0, requires all 27 EU Member States to provide government-issued digital identity wallets by December 2026. By December 2027, banks, payment institutions, and Very Large Online Platforms must accept these wallets for customer authentication and KYC. Instant onboarding. Portable identity. The switching cost built into document re-submission disappears by regulatory deadline.
This is not a compliance brief. I do not spend much time on compliance deadlines. What I spend time on is the strategic choice hiding inside this one.
There are two positions a bank can take in a world of portable digital identity. You can issue credentials, or you can accept them. Those two positions do not carry the same strategic weight. One owns the trust relationship with the customer. The other rents access to it. Most executive teams have not framed the question that way yet. That framing is where this edition starts.
The Mandate Is Real, the Timeline Is Tight, and Thirty Percent of the Market Is Already Behind
December 2027 is eighteen months away. For an initiative that requires changes to core onboarding infrastructure, AML systems, and customer-facing interfaces, that is not a comfortable runway.
The four large-scale EUDI pilots across 550 organisations and 27 countries have already produced data. In those pilots, 80% of participants preferred wallet-based authentication over the alternatives. Scandinavian identity-payment integrations running on similar architecture reduced fraud by 96-98%. These are not edge cases.
The architecture underneath this is mature. W3C Verifiable Credentials 2.0 achieved full Recommendation status in May 2025. Standard Chartered has deployed DID-based KYC across Singapore, Hong Kong, and the UAE, achieving 73% faster account opening and $4.2 million in annual savings. HSBC Labs is prototyping DID-based internal account opening via Polygon ID. The technology is not speculative.
However, the implementation picture is uneven. Analysis of readiness across EU Member States suggests only 30 to 50 wallets will be live by the December 2026 deadline. The Netherlands is at risk of missing it. Bulgaria had not started development as of early 2026. This matters for banks with significant operations in slower-moving markets. The mandate applies; the infrastructure enabling it does not arrive uniformly.
The practical implication: banks operating across multiple jurisdictions need a readiness map, not a single European timeline. The eIDAS mandate is the floor, not the ceiling. Early-moving Member States will create asymmetric pressure on institutions that planned around the slowest movers.
Four Contestants Are Fighting for the Identity Wallet. Banks Are Currently Losing.
The wallet that a customer uses to present their credentials is a distribution channel. Whoever controls it has a direct line to the customer at the moment of identity verification, authentication, and often payment. Understanding the competitive dynamics of that channel is more important right now than understanding the eIDAS compliance checklist.
There are four serious contestants.
Apple Pay has approximately 650 million users and $8.7 trillion in annualised transaction volume. Digital IDs are now live in more than 14 US states, embedded directly in Wallet. Apple's strategy is clear: make the iPhone the identity document for every interaction that currently requires a physical card, a government ID, or a bank-issued credential.
Google Wallet has approximately 520 million users and $5.2 trillion in annualised volume. Google is integrating zero-knowledge proofs for privacy-preserving age and attribute verification. The technical execution here is ahead of most bank equivalents.
Government wallets are a different kind of competitor, and in many ways the most important one in the EU context. India's Aadhaar covers 1.3 billion residents. Singapore's Singpass is used by 97% of residents and generates an estimated $385 million in annual economic impact from streamlined identity services. The MOSIP platform is deployed across 29 countries for 90 million users. Government wallets built on open standards are becoming the de facto identity infrastructure in high-digitisation markets.
Then there are bank wallets. The position here is honest: constrained by legacy infrastructure, narrow regulatory mandates relative to tech platform capabilities, and declining ownership of the customer interface. The bank wallet market share in identity is a fraction of what it should be, given that banks hold the most verified identity information of any private institution.
This is the competitive landscape into which eIDAS 2.0 lands. The mandate does not guarantee banks a position in the identity layer. It guarantees that a portable identity infrastructure will exist. Whether banks are on the issuing side of that infrastructure or the accepting side is a choice that needs to be made now.
KYC Economics Are Transforming, and the Cost Structure Favours the Early Movers
One argument I hear from institutions that are moving cautiously on digital identity is that the current system works. KYC processes are established. The documentation requirements are understood. The cost is a known quantity.
The cost is also a problem. Corporate KYC reviews run $1,500 to $3,500 per client. Verifiable credentials reduce that by an estimated 30-60%, based on early deployment data. Standard Chartered's DID programme is the most cited proof point, with $4.2 million in annual savings and a 73% reduction in onboarding time. The savings come from reuse: a credential verified once can be presented many times without triggering a new verification cycle.
The other side of the cost equation is attrition. A 2026 industry survey found that 70% of banks were losing clients specifically because of slow onboarding -- up from 48% in 2023. That is a significant acceleration in a three-year window. The relationship between onboarding friction and customer loss is not theoretical. It is showing up in churn data.
Then there is the fraud dimension. Deloitte has projected that generative AI-enabled identity fraud losses in the US alone could reach $40 billion by 2027. Traditional document-based KYC is particularly exposed to synthetic identity attacks, which AI makes cheaper and more convincing. Cryptographic verifiable credentials, which bind identity attributes to tamper-proof keys rather than PDF documents, are structurally more resistant.
I want to be careful with the zero-knowledge proof market projections circulating in this space. Figures suggesting rapid growth from roughly $80 million to nearly a billion dollars over seven years have appeared in several analyst reports, but the methodology behind those numbers is not fully transparent. The directional story -- that ZK-KYC is a real and growing market -- is sound. The specific figures should be treated as illustrative rather than authoritative until the underlying data is clearer. What is not in doubt is that Google, Worldcoin (which has over 17 million users with ZKP-based proof-of-personhood), and several central bank projects are integrating the technology. Regulatory acceptance lags technical deployment by two to three years, which is actually an advantage for banks that move now.
The Issuer/Acceptor Choice Is the Most Important Strategic Decision in Banking Identity
Here is the frame I keep coming back to, and the one I think is most under-discussed in the executive conversations happening around eIDAS readiness.
Every institution operating in the digital identity ecosystem will eventually occupy one of two positions: credential issuer or credential acceptor. These positions are not equivalent.
A credential issuer creates and certifies identity attributes. It controls what the credential contains, what standards it adheres to, what revocation looks like, and what audit trail it generates. When a customer uses a bank-issued credential to authenticate with a third party, the bank is present in that interaction. The trust flows from the issuer. The relationship is the bank's.
A credential acceptor processes credentials issued by others. It relies on the issuer's standards, accepts the issuer's attribute definitions, and has no direct relationship with the credential infrastructure. When a customer authenticates using a government wallet or a tech platform credential, the bank is downstream of that decision. The customer relationship exists, but the identity infrastructure is someone else's.
Most banks are credential issuers in the traditional sense: they verify identity at account opening and hold KYC records. What very few banks have done is invest in becoming issuers in the emerging sense: publishing verifiable credentials that their customers can carry into other relationships. Standard Chartered's DID deployment is one of the clearest examples of a bank making that investment deliberately. The savings are real. The strategic position is what matters more.
The cost of not deciding is also a choice. A bank that has not invested in credential issuance infrastructure by the time the eIDAS 2.0 acceptance deadline arrives in December 2027 will find itself in acceptor mode by default. The wallet infrastructure will exist. Customers will expect to use it. The bank will process government and platform credentials and thank the issuer for the privilege.
That is not a catastrophic outcome in the short term. It is a significant strategic concession in the medium term. Whoever controls the credential controls the customer's willingness to share attributes, controls the audit trail of identity verification, and sits at the centre of the trust relationship. Banks have historically owned that position. The question is whether they intend to defend it.
The framing I use with executive teams: do not think about this as a compliance question. Think about it as a positioning question. You are deciding, right now, whether your institution will be a trust anchor or a trust consumer in the next era of the customer relationship. Both positions can be commercially viable. They are not the same business.
Three Questions for Your Board
First: Is your institution positioned to issue verifiable identity credentials to your customers, and if not, what is your timeline for that capability? The December 2027 acceptance deadline is the floor. The issuer position requires investment before that date, not after.
Second: What percentage of your current customer retention is attributable to switching friction rather than genuine value delivery? If your modelling does not separate "customers who stay because leaving is inconvenient" from "customers who stay because your service is better," your attrition forecast for a portable identity world is probably wrong.
Third: Have you quantified the savings available from reusable verifiable credentials against your current KYC infrastructure costs? The Standard Chartered proof point is publicly available. If you have not run the equivalent analysis for your own institution, that is a straightforward piece of work that should be done before the next planning cycle.
These are not rhetorical questions. They have answers that will shape investment priorities for the next three years.
---
The identity layer is being rebuilt. The infrastructure is real, the timeline is fixed by regulation, and the competitive dynamics are already in motion. The institutions that take the issuer position in this next phase will own the trust relationship. The ones that drift into acceptor mode will find it increasingly difficult to recover that ground.
If you want to think through where your institution sits on this, or map out what a move toward credential issuance would require, I would welcome the conversation.
[Book a conversation with Clint Sookermany](https://valueinstituteai.com/contact)
---
*Clint Sookermany is the CEO of The AI Value Institute. He writes on the strategic implications of AI, digital money, and identity reconfiguration for banking and financial services executives.*
