The Future of Payment Wallets and Identity Security

A digital wallet, also referred to as a mobile wallet or e-wallet, is an application that allows for the secure storage, management, and sharing of the wallet owner’s credentials. These credentials may be identity- and/or payment-related. One or more verification mechanisms are used to confirm that the person presenting the credential is the owner of that credential.

Key Takeaways:

• Biometrics and smart phones are driving the convergence of payments and identity into digital wallets, enabled by the promise of higher security and smoother CX.
• Approaches to the biometric-enabled digital identity wallet differ, especially depending on where you live today, driven by local regulations and technical standards.
• Interoperability, coupled with identity-centric security, is key to establishing and maintaining trust in digital wallets and payments, with local and global trust frameworks underpinning inoperability globally.

Convergence of payments and identity into one digital wallet

Driven by biometrics and smart phones, the convergence of payments and identity into digital wallets is already well underway at retailers, restaurants, and entertainment venues around the globe. To date, convenience along with fraud detection and prevention have driven mass acceptance of biometrics by consumers and organizations alike.

Plus, with 31% of online shopping carts currently abandoned due to friction, biometrics offer organizations the unique opportunity to strike the right balance between seamless service and rigorous compliance.

Exponential growth in biometrics payments

Goode Intelligence forecasts that nearly half the planet will embrace biometrics payments, also known as “pay by me,” by 2030, amounting to $11.3B in revenues for biometrics suppliers. Additionally, Juniper Research estimates that mobile-enabled biometric transactions will top $3T this year, up 650% from 2020.

With identity as the root of trust for payments, biometrics has become the root of trust for identity. And biometric modalities go far beyond face and fingerprint today to include palm patterns, voice prints, and behavioral traits such as keyboard strokes and touchscreen dynamics.

Biometric privacy concerns

Using trusted biometrics as the source of trust can unlock a more connected (and seamless) user experience. However, biometrics use also presents some thorny privacy concerns. For example, one biometric enrollment has the potential to link every clothing purchase, airline ticket, and coffee order to one verified profile. This presents organizations with unprecedented opportunity for highly targeted personalization.

The mass adoption of biometric and behavioral verification comes with added complexity and regulatory oversight. For example, biometric data is classified as a “special category” under Europe’s GDPR, requiring explicit consent and protective safeguards. Also, it must be easy for data subjects to withdraw consent at any time. Severe violations of GDPR may be subject to fines up to €20M or 4% of global annual turnover, whichever is greater.

Differing approaches to digital wallets

Biometric-enabled digital identity wallets may elicit citizen privacy and national security concerns from governments depending on where the wallet is built and maintained. This was one of the primary drivers behind the European Digital Identity (EUDI) Wallet initiative – to be able to offer Europeans a digital identity wallet that isn’t reliant on private companies from Silicon Valley or elsewhere.

Plus, the EUDI Wallet is designed to facilitate digital payments with an Attestation to Pay (A2Pay) credential that links a citizen’s bank account with their digital identity. With pan-European digital identity wallets becoming a reality, the EU is now calling for international acceptance of these credentials.

In the U.S., digital identity and payment wallets are still largely on parallel paths. Payment wallets are predominantly the domain of big tech players like Apple and Google (xPays). Meanwhile, state mobile driver’s licenses (mDLs) stored in xPays are increasingly being used for age and identity verification, including DHS’s new REAL ID mandate for domestic airline travel. And President Trump’s recent cyber Executive Order (EO), Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, revoked many of the digital identity mandates of the previous administration.

With the absence of federal resolve to realize a digital identity wallet program in the U.S., Big Tech is more than happy to step up. Google recently increased its digital identity wallet use case and geographic coverage to enable age assurance and identity verification in more places. And Apple announced at this year’s WWDC25 that iOS 26 will support TSA- approved digital passports, along with the World Wide Web Consortium (W3C) Digital Credentials API to request mDocs from Safari and WebKit.

Regardless of the specific implementation, biometrics have become essential for establishing and maintaining trust in digital wallets. However, with numerous different and competing digital wallet initiatives happening around the world, interoperability – where credentials issued in one jurisdiction are seamlessly accepted in another – remains a desired yet elusive goal. And no one wants as many digital wallets as they have passwords today. Perhaps, the payments industry will be able to apply some of its hard lessons from the past to realize this vision.

Establishing and maintaining trust in digital wallets and payments

From wallet creation and sharing secure access to credentials with authorized parties, through to accessing services and transacting, identity-centric security is critical for success. These methods include:

• Know Your Customer (KYC) and Know Your Business (KYB) checks to establish who your customers are and what types of activities they are involved in to mitigate financial risk and ensure anti-money laundering (AML) compliance.
• AI-powered biometric identity verification with adaptive risk-based authentication, which provides enhanced security and accuracy with advanced pattern recognition and liveness detection to help better identify synthetic identities and deepfakes, fight account takeover (ATO) attacks, and prevent fraud.
• Identity and access management to improve your organization’s security posture with centralized visibility and control, while also streamlining and automating user management from new account creation and onboarding to ongoing access management and final deprovisioning.
• Identity orchestration that provides a method for managing consumer identities and access across different systems and applications, ensuring a unified and streamlined user experience, while also improving security with centralized policy enforcement.
• Digital signing to help establish trusted consumer identities and ensure the authenticity of digital documents and communications as users access services.
• Push provisioning to conveniently and securely push payment cards into a variety of wallets, including Apple Pay, Google Pay, and Click to Pay, as well as individual e-commerce merchant systems.
• Payment tokenization, which secures the consumer’s payment information by enabling transactions without revealing the card data or other sensitive information.
• PCI DSS compliance, which provides detailed guidelines to enhance the protection of consumer card data, including secure card display.
• Cryptographic data security, which applies a platform approach to encryption, providing organization-wide visibility and risk mitigation of consumer identities with PKI, certificate lifecycle management, key management, secrets management, and HSMs.
• Third-party risk management across the payment ecosystem including payment processors, point- of- sale vendors, and payment gateway providers. The EU’s Digital Operational Resilience Act (DORA) provides specific compliance requirements for financial institutions to manage and monitor the risks associated with their third-party ICT providers.

As businesses seek to navigate the fast-converging payments and identity landscape, Entrust is here to help with identity security and digital card solutions.