The Intricate Patterns of Identity Verification

Just add trust...to transact

Created with Sketch.

The Intricate Patterns of Identity Verification

What are identity patterns, and how can they help to establish identity best practices?

Avoco has been involved in digital identity since 2008. Over that time, we have seen many changes. Directories, once the rulers of the identisphere, have become just another component that is useful in some scenarios. As online life expanded and became part of the everyday lives of billions of people, the concept of identity grew much more nuanced and sophisticated; the technology couldn’t keep up.

The hard-working folks of the identity world, however, are builders. Over the last two decades, individuals and organizations have worked on developing solutions to the complex requirements of modern digital ID and identity verification. Protocols such as OIDC and FIDO emerged; FAPI added security to facilitate high-value transactions.  New technologies, and old ones, much improved, entered the lexicon of digital ID. Biometric liveliness, open banking and data-rich banking APIs, machine learning powered AML, identity data orchestration and decisioning, I’m sure you can add to the list, have provided capabilities that offer solutions to complex identity challenges.

Yet… the world still struggles to find a solution to prevent identity fraud from soaring. A 2025 report from the Identity Theft Resource Center (ITRC) found that identity theft, fraud, and scam reports accounted for 38.8% of consumers. This is a reduction from 2024 numbers, but over one-third of the consumer population is still at risk from identity-related fraud. Notably, one of the key trends found in the report was of repeated attacks on individuals. Vulnerable systems, exposed identities, and poorly implemented identity verification open the door to cybercriminals. Once predictable attack patterns are now sullied by cleverly evasive tactics and automation, facilitating rapid scanning and AI tools that simplify privilege escalation. Identity is a playground for cybercriminals, and identity verification is their toy.

Muddying the identity verification waters

The good folks of identity have worked diligently to create structures that handle, govern, and enforce good security and privacy practices. However, new technologies, cybercrime tactics, and consumer behavior create complex challenges, with regulations and protocols often lagging behind. The entrance of the wallet to the identity ecosystem is one such technology that creates a new channel and expands the attack surface. A wallet is only as good as the credentials it holds, and the security of the connected ecosystem it relies on. The ITRC report notes that one trend in identity security this year is the creation of identity accounts using stolen personal data. Then there is the hurtling train of deepfake identity coming down the track. iProov research highlighted a 704% increase in deepfake face-swapping attacks.

The frontline in the war of cyber-attrition is identity – perhaps somewhat ironic, considering that real-world identity, from religious alliance to nationhood, has played a central role in wars. It is then arguable that our view of digital identity is its downfall. Perhaps we should stop thinking of identity in the digital sphere and start thinking of transactions instead.

You scratch my back, and I’ll scratch yours

Taking a transactional view of digital task performance allows system developers and designers to break free from static interaction patterns. Instead of the system saying, “Give me your credentials after verifying your identity, then I’ll give you something back,” the system can be more responsive. Services based on this paradigm can break out of the prescriptive user journeys and present more appropriate and more accurate scenarios. For example, if some transactions are high-value, they may require an F2F element. Under current identity-based services, this would not only be convoluted but would pull them out of the service, adding cost and friction. When done poorly, designed and constructed as an add-on, it would also introduce potential vulnerabilities, including misconfigurations and opportunities for hijacking. Adding organic pathways to a system may appear nuanced, and it is, but by using a more dynamic way of handling a scenario, you can open the system to multiple pathways.

Organic pathways and identity patterns

The word ‘receipt’ describes how something is taken and given in a transaction. The word ‘receipt’ is also etymologically related to ‘recipe’, both derived from the Latin recipere. Today, both words take on new meanings, but in the development and design of identity-based services, they can be a powerful duo.

Recipes can represent patterns of behavior and reflect a system’s requirements. However, recipes, as anyone experienced in the kitchen will tell you, can be adjusted for flavor. An identity service, defined using an orchestration with a decisioning engine, can use recipes based on identity patterns. What does this mean?

A recipe requires multiple ingredients; similarly, an identity-based service requires multiple components to add flexibility and responsiveness. An identity and orchestration decisioning layer enables changing or weighting ‘ingredients’ based on the service’s and the consumer’s needs.

Where do receipts come in?

Each transaction forged by a recipe can generate a receipt based on the recipe’s pathway. This receipt can be used to provide feedback on recipe improvements and, importantly, to use identity orchestration and decisioning in real time to modify the service’s behavior in response to threats and improve usability.

The vital capability delivered by orchestration and driven by decisions is that any ruleset can be dynamic enough to modify the service, not fixed in stone, since it must change over time. The resulting modularity also adds new pathways, additional ways of connecting with consumers, verifying them, adding antifraud checks that can reduce the risk of deep fakes and synthetic identity, connecting offline and online transactions through vouching, and so on. All from a single code base that handles protocols and orchestrates an elegant symphony made up of identity patterns.

Receipts, used in this way, provide the governance to change the service’s requirements. New pathways open, and old pathways are closed to cyberattacks. There is a lot of talk about identity fabrics, but the patterns the fabric weaves are where we need to place focus now.

If you need an identity to fit your service, Avoco can weave an identity verification pattern for you using our identity orchestration and decisioning engine. Contact us today to discuss your identity needs.

Tags: , , , , , ,

Avoco Secure

© 2026 Avoco Secure Ltd. All Rights Reserved. Company No: 04778206

Registered Address: AvocoSecure Ltd, Kamarsan Valley Road, Swanage, BH19 3DX

Phone :

+1 415 839 9433
+44 207 078 7454

Email:
info’at’avocosecure.com

Privacy Policy: https://www.avocoidentity.com/privacy/