Debunking myths about reusable identity: A recap of our trust vs. fraud webinar
If identity is the foundation of trust, why do we keep rebuilding it every time someone logs in?
That’s the question we explored in our recent webinar, Trust vs. fraud: rebuilding confidence with reusable identity, featuring leaders from KeyBank, Ally, and Persona. The conversation focused on what reusable identity is (a user-owned credential that allows an individual to verify themselves across platforms, services, and transactions without requiring them to reverify each time), how reusable identity works, and what it means for trust and fraud prevention.
Below, we highlight four common myths about reusable identity and how our panelists responded.
Myth 1: Reusable identity means verify once, accept anywhere.
Reality: Reusable identity is designed to work across platforms, but companies can choose what to actually accept.
Ross Freiman-Mendel, product lead for Reusable Personas at Persona, explained that while the goal of reusable identity is broad interoperability, each organization has its own risk thresholds and verification requirements. What satisfies one company’s risk model may fall short elsewhere. As such, the right identity provider should make it easy to tailor verification steps to match those unique requirements.
Take a fintech platform and a marketplace: even if both accept the same reusable identity, they might apply it differently depending on their risk appetite and use case. A fintech might require users to complete a selfie step for added assurance, while a marketplace may be comfortable verifying users with just a government ID included in the reusable identity.
John Watkins, senior director of fraud analytics and data science at Ally, emphasized the risk of adopting a lowest-common-denominator approach: if bad actors can exploit one weak link, the entire network is at risk.
Myth 2: Less friction means more fraud.
Reality: Streamlining the experience for trusted users doesn’t have to come at the expense of security.
Reusable identity allows businesses to leverage previous verifications to streamline future interactions. That means less friction for known users and more careful evaluation of those who are new or behaving inconsistently.
“It’s not about removing all friction,” said Chris Nygard, director of client authentication at KeyBank. “It’s about using what you already know to make better decisions.”
Rather than requiring everyone to start from scratch, reusable identity enables organizations to deliver smoother, smarter interactions without compromising on trust or assurance. The key lies in evaluating the rich set of signals associated with a reusable identity.
These signals can include:
The types of verifications linked to the identity (e.g., selfies, NFC, database checks)
Where and how the reusable identity was last used
Behavioral or velocity indicators that hint at risk or legitimacy
One important nuance the speakers raised was the need to consider the original verification method. For instance, if a user went through a near-field communication (NFC) process, which typically involves device cryptography and facial recognition, that should carry more weight than a basic database check. High-assurance methods like NFC suggest a stronger level of trust and can serve as a meaningful input in future evaluations.
Think about how Mastercard and Visa networks operate: the cardholder doesn't have to start over each time they make a purchase. Instead, the network relies on a blend of historical data, card attributes, and contextual signals to make an informed, real-time decision about risk. Similarly, reusable identity allows organizations to leverage what’s already known (and already trusted) to streamline good users and scrutinize questionable ones.
As Ross called out during the discussion, in an age of GenAI, organizations should leverage every signal at their disposal, including the usage signals unlocked through reusable identities.
Myth 3: Reusable identity just works automatically — no user input needed.
Reality: Consent, transparency, and user choice are foundational.
A successful reusable identity system isn’t something that happens to users; it’s something they choose to participate in. As Ross emphasized during the discussion, organizations rolling out reusable identity must prioritize privacy, transparency, and user control from day one. The best experiences are opt-in by design, with clear fallback paths for those who prefer not to participate.
Chris pointed to Apple Pay as a model example: users make an intentional choice to opt in, and Apple earns their trust by offering clear value, sharing minimal data, and putting privacy first. Reusable identity should follow a similar model — communicating benefits clearly, giving users agency, and making it obvious what’s happening with their data.
Myth 4: It’s plug and play.
Reality: Rolling out reusable identity requires thoughtful orchestration, not just technical integration.
Reusable identity isn’t something you can simply drop into a product and expect to work. Effective implementation requires thoughtful coordination across teams and systems.
When asked, “If a business sees the value in reusable identity, what does it take to do it well?”, the panelists shared a range of practical insights.
John noted that one of the first challenges is internal messaging. Teams need clarity on what reusable credentials are, how they improve the user experience, and what trade-offs come with adopting them. It's not just a technical rollout — it also requires education and buy-in across the organization. He pointed out the importance of timely validation and fallback paths, particularly in high-touch channels like customer service, where social engineering remains a concern.
Chris shared from experience that it's crucial to understand the assurance levels of different verifications and ensure that risk engines can handle those signals appropriately. Implementation should account for auditing, revocation processes, and building the system in a way that supports future standards. He also stressed the need to make reusable identity visible and usable across all customer channels — not just the primary digital flow.
Ross emphasized the importance of graceful fallback experiences and warned against treating reusable identity as a silver bullet. Even as organizations shift toward new identity standards, strong underlying support systems, from risk evaluation to customer support and revocation handling, remain necessary.
Ultimately, introducing reusable identity is less about flipping a switch and more about aligning the people, systems, and safeguards needed to support it.
So why reusable identity, and why now?
Reusable identity is more than a fraud tool. It’s a way to turn verification into a relationship that strengthens over time.
But remember: good reusable identities aren’t static credentials. They’re flexible trust signals that adapt to each platform’s needs. As Ross noted, they’re designed to work across systems — not to erase or ignore their differences, but to help bridge them. That flexibility is what allows identity to evolve from a one-off check into a long-term relationship.
As John put it, “We have to trust the customer, and the customer has to trust us.” Reusable identity helps make that mutual trust possible without repeating the same checks over and over.
Watch the full webinar
To hear the full discussion and see how organizations like Ally and KeyBank are approaching reusable identity, watch the recording here. If you’d like to explore how Persona can help your team simplify onboarding, improve trust, and reduce fraud, contact us — we’d love to chat.