Digital Identity Won’t Stop Fraud — And That’s Okay

The UK Government’s plan to introduce a new digital identity won’t stop fraud – and perhaps we need to accept that.

Every barrier we build simply reshapes the path fraudsters take. Block synthetic identities, and criminals pivot to social engineering. Tighten onboarding, and they recruit money mules. Strengthen KYC, and they exploit authorised push-payment scams.  As the latest Fraudscape Report highlighted, Criminals don’t need to steal your identity if they can convince you to sell it to them at a price.

The real danger lies in pretending digital identity will eliminate fraud entirely. That mindset risks creating systems so focused on risk elimination that they exclude millions of legitimate users. We risk building a fortress that shuts out the very people it’s meant to serve.  Instead, we need to focus on how digital identity can be part of the solution, rather than pretend it’s the solution.

Whether it’s accessing benefits, opening a bank account, or applying for housing, identity is the first step. And for too many, that step is blocked by outdated systems, inaccessible verification methods, or lack of documentation.

What we need are layered controls, smarter detection, and identity systems designed for inclusion, not exclusion.

Governance matters too. Whether centralised under a government department or federated across providers, the model is less important than the principles behind it. Identity services must be held to consistent standards, accessible to all, and protected from profit-driven motives. A public service or non-profit model is likely preferable — one that prioritises inclusion over shareholder returns. If private sector providers are involved, strong safeguards must ensure service levels remain high and profit doesn’t become the primary driver.

Portability is another key consideration. Identity shouldn’t be confined by national borders. We need to think about how UK-issued identities can be used across Europe and beyond — and how we verify people entering the country. Any future system must be digital-first, interoperable, and built for real-world use cases.

Finally, fraud controls must remain integral. Digital identity cannot become an isolated island. Providers must actively share fraud intelligence, integrate with existing detection frameworks, and help identify bad actors. This isn’t optional. Standards alone aren’t enough — cross-sector collaboration is what makes fraud prevention work. Digital identity must be part of the solution, not pretend to be the solution.