The Intricate Patterns of Identity

Just add trust...to transact

Created with Sketch.

The Intricate Patterns of Identity

What are identity patterns, and how can they help to establish identity best practices?

Avoco has been involved in digital identity since 2008. Over that time, we have seen many changes. Directories, once the rulers of identisphere, have become just another component that is useful in some scenarios. As online life expanded and became part of the everyday lives of billions of people, the concept of identity grew much more nuanced and sophisticated; the technology couldn’t keep up.

The hard-working folks of the identity world, however, are builders. Over the last two decades, individuals and organizations have worked on developing solutions to the complex requirements of modern digital ID. Protocols such as OIDC and FIDO emerged; FAPI added security to facilitate high-value transactions.  New technologies, and old ones, much improved, entered the lexicon of digital ID. Biometric liveliness, open banking and data-rich banking APIs, machine learning powered AML, identity data orchestration and decisioning, I’m sure you can add to the list, have provided capabilities that offer solutions to complex identity challenges.

Yet…the world still struggles to find a solution that prevents identity fraud from soaring. A 2025 report from the Identity Theft Resource Center (ITRC) found that in 2025, identity theft, fraud and scam reports stood at 38.8% of consumers. This is a reduction from 2024 numbers, but over one-third of the consumer population is still at risk from identity-related fraud. Notably, one of the key trends found in the report was of repeated attacks on individuals. Vulnerable systems, exposed identities, and poorly implemented identity verification open doors for cybercriminals. Once predictable attack patterns are now sullied by cleverly evasive tactics and automation, facilitating rapid scanning and AI tools that simplify privilege escalation. Identity is a playground for cybercriminals.

Muddying the identity waters

The good folks of identity have worked diligently to create structures that handle, govern, and enforce good security and privacy practices. However, new technologies, cybercrime tactics, and consumer behavior creates complex challenges, with regulations and protocols often lagging behind. The entrance of the wallet to the identity ecosystem is one such technology that creates a new channel and expands the attack surface. A wallet is only as good as the credentials it holds, and the security of the connected ecosystem it relies on. The ITRC report notes that one trend in identity security this year is the creation of identity accounts using stolen personal data. Then there is the hurtling train of deepfake identity coming down the track. iProov research highlighted a 704% increase in deepfake face-swapping attacks.

The frontline in the war of cyber-attrition is identity – perhaps somewhat ironic, considering that real-world identity, from religious alliance to nationhood, has played a central role in wars. It is then arguable that our view of digital identity is its downfall. Perhaps we should stop thinking of identity in the digital sphere and start thinking of, instead, transactions.

You scratch my back, and I’ll scratch yours

Taking a transactional view of performing  digital tasks allows system developers and designers to break free from static patterns of interaction. Instead of the system saying give me your credentials after verifying your identity, then I’ll give you something back, the system can be more responsive. Services based on this paradigm can break out of the prescriptive user journeys and present more appropriate and more accurate scenarios. For example, if some transactions are high-value, they may require an F2F element. Under current identity-based services, this would be not only be convoluted, but it would pull them out of the service and add cost and friction. Done as a poorly designed and constructed add-on, it would also open potential vulnerabilities, including misconfigurations and hijacking opportunities. Adding organic pathways to a system may appear nuanced, and it is, but by using a more dynamic way of handling a scenario, you can open the system to multiple pathways.

Organic pathways and identity patterns

The word ‘receipt’ describes how something is taken and given as part of a transaction. The word ‘receipt’ is also etymologically related to ‘recipe’, both derived from the Latin recipere. Today, both words take on new meanings, but in the development and design of identity-based services, they can be a powerful duo.

Recipes can represent patterns of behaviour and reflect the requirements of a system. However, recipes, as anyone experienced in the kitchen will tell you, can be adjusted for flavour. An identity service that is defined using an orchestration with a decisioning engine can use recipes that are defined by identity patterns. What does this mean?

A recipe requires multiple ingredients; similarly, an identity-based service requires multiple components to add flexibility and responsiveness. An identity and orchestration decisioning layer enables changing or weighting ‘ingredients’ based on the service’s and the consumer’s needs.

Where do receipts come in?

Each transaction forged by a recipe can generate a receipt based on the recipe’s pathway. This receipt can be used to provide feedback on recipe improvements and, importantly, to use identity orchestration and decisioning in real time to modify the service’s behaviour in response to threats and improve usability.

The vital capability delivered by orchestration and driven by decisions is that any ruleset can be dynamic enough to modify the service, not fixed in stone, as they must be changed over time. The resulting modularity also adds new pathways, additional ways of connecting with consumers, verifying them, adding antifraud checks that can reduce the risk of deep fakes and synthetic identity, connecting offline and online transactions through vouching, and so on. All from a single code base that handles protocols and orchestrates an elegant symphony made up of identity patterns.

Receipts, used in this way, provide the governance to change the service’s requirements. New pathways open, and old pathways are closed to cyberattacks. There is a lot of talk about identity fabrics, but the patterns the fabric weaves are where we need to place focus now.

If you need identity to fit your service, Avoco can weave you an identity pattern using our identity orchestration and decisioning engine. Contact us today to discuss your identity needs.

Tags: , , , , , ,

Avoco Secure

© 2026 Avoco Secure Ltd. All Rights Reserved. Company No: 04778206

Registered Address: AvocoSecure Ltd, Kamarsan Valley Road, Swanage, BH19 3DX

Phone :

+1 415 839 9433
+44 207 078 7454

Email:
info’at’avocosecure.com

Privacy Policy: https://www.avocoidentity.com/privacy/