Tag: featured

Shaping the future of finance: key insights from M2020 USA.

18th November 202518th November 2025by Consult HyperionLeave a comment

Howard Hall, Vice President Growth at Consult Hyperion, consulting by Fime, summarizes the key discussions and insights from Money2020 USA 2025, one of the leading payments industry conferences.

Fime and Consult Hyperion was out in full force at Money 20/20 Las Vegas, with Dave Birch, Xavier Giandominici, Ben Potter and Nick Norman all on the ground. Over three packed days we met with dozens of clients, partners and industry friends, both old and new. We came away inspired by how fast the world of payments, identity and digital trust is evolving.

The era of agentic AI.

Agentic AI was everywhere this year. Dave Birch’s session, supported by leaders from Mastercard explored how intelligent, autonomous agents will reshape the way money moves and decisions get made. These aren’t just chatbots; they’re systems capable of acting on our behalf, initiating payments, verifying identity and managing risk. The question everyone is asking now is: how do we trust the agent? What are the new signals, frameworks and governance models that let us verify that an AI acting for us is doing the right thing?

This conversation dovetails perfectly with our heritage in digital identity and trust frameworks. It’s one thing to build an agent; it’s another to ensure that it’s secure, compliant and grounded in real-world identity. That’s where we come in.

Stablecoins and the future of money.

Stablecoins and tokenized money continued to capture attention across panels and side discussions. There’s a growing sense that programmable value, whether through stablecoins or digital fiat will be the natural companion to agentic AI. If agents are going to act, they’ll need a medium of exchange that is fast, programmable and secure.

We heard repeatedly that firms want help bridging the gap between experimentation and production. This is the kind of challenge Consult Hyperion thrives on combining technical insight with regulatory understanding to make the next generation of payment rails real.
Insights from dozens of client conversations.

Our one-to-one meetings revealed a lot about what’s on the minds of our clients and partners:

Platform resilience and optimization came up again and again — from large fintechs re-evaluating their processing infrastructure to global brands seeking help rationalizing fragmented payment systems across multiple geographies and logos.
Digital identity and trust frameworks were top of mind. Organizations across banking, payments and big tech are exploring how to extend KYC into the world of Know-Your-Agent (KYA) and mDL.
Tokenization and security continue to present both opportunity and friction. Several firms are revisiting their existing implementations and seeking a path toward scalable, interoperable solutions.
Go-to-market alignment remains a challenge. Many companies are looking for help in shaping adjacent services, workshop and partnership strategies are areas that were top of mind.
Sector-specific certification and standards are shifting. We heard updates from trusted partners working to reshape digital-identity assurance around specific industries rather than one-size-fits-all frameworks.

These conversations reaffirmed what we already know: clients value practical, implementation-level understanding of the complex ecosystems that connect identity, payments and technology.

Why this matters.

For nearly three decades, Consult Hyperion has helped organizations around the world navigate the intersection of trust, technology and financial inclusion. Whether it’s designing new tokenization schemes, building digital-identity frameworks or testing payment systems with Fime, our work sits at the core of where the industry is heading.

Money 20/20 was a reminder that we’re entering a new chapter, one where human and machine actors coexist in digital ecosystems that demand security, privacy and interoperability from the start.

Let’s continue the conversation.

If you’d like to explore how agentic AI, stablecoins or next-generation identity can be built safely and responsibly into your business, we’d love to talk. Reach out to our team and let’s turn these conference insights into real-world strategies and implementations.

Trust, innovation and interoperability: key insights from AAMVA conference.

10th October 202510th October 2025by Consult HyperionLeave a comment

Phoenix, Arizona – October 2025 – Fime participated in the AAMVA Relying Party Showcase and the AAMVA International Conference, reinforcing its leadership in advancing secure, interoperable, and scalable digital identity solutions.

The Showcase gathered issuers, wallet providers, reader providers, DMVs, and technology companies under one roof to demonstrate real-world mobile driver’s license (mDL) use cases. Fime’s delegation, including Marcelo Bellini, VP Digital Identity at Consult Hyperion, Consulting by Fime, Gregory Tierno, Business Development Director, Jerrin Thomas, Service Line Manager, and Gaurav Manchanda, Product Manager, participated in both the showcase and conference sessions.

Panel: ensuring trust in digital credentials.

As part of the panel “Ensuring Trust in Digital Credentials in North America and Beyond,” moderated by Tim Roufa Portfolio Director for Identity Credentialing at AAMVA, thought leaders came together to share their perspectives on scaling digital identity. Panelists included Luis Felipe Segura, Field CTO at Incode, Christopher Goh, International Advisor at Valid8 Advisory and Marcelo Bellini.

Marcelo emphasized the role of testing and certification in building trust within the mDL ecosystem, drawing lessons from the payments industry, where testing and certification enabled global scale. He highlighted global digital identity deployments across the EU, Japan, and Australia. Marcelo also underlined the importance of a Digital Trust Service (DTS), such as the one operated by AAMVA, in supporting adoption and scalability.

Demo highlight: two taps to trust.

One of the showcase highlights was the collaboration between Consult Hyperion and Zebra Technologies presenting a live demo, which illustrated how identity verification and payments can be seamlessly managed on a single handheld Contactless Payment ready mobile device (COTS).

The demo featured:

Identity verification using a production Georgia mDL stored in Apple and Google Wallets.
Payment transactions with production Mastercard and Visa EMV contactless cards.
Public key retrieval from the AAMVA Digital Trust Service, enabling the relying party to securely trust the mDL.
A COTS contactless payment device that scans product barcodes, triggers an ID check for age restricted items (e.g., alcohol) and processes payment – all in just two taps: one for identity and one for payments.

The demonstration was praised by attendees for its simplicity, practicality, and potential to transform multiple industries, from stadiums and public transport to law enforcement, alcohol retail, and grocery stores.

“This use case really shows the power of convergence between identity and payments,”

said Greg Tierno, Business Development Director at Fime.

“Having both functions on a single, easy-to-use handheld device makes life simpler for merchants, law enforcement, and consumers alike. It’s a practical, scalable solution that lowers friction and raises trust – exactly what the ecosystem needs to accelerate adoption.”

Building ecosystem momentum.

Following the Showcase, Fime also took part in the broader AAMVA International Conference, engaging with issuers, wallet providers, reader providers, biometric solution companies, and technology vendors. The event offered an unparalleled opportunity to network, exchange insights, and accelerate collaboration towards a trusted digital credential future.

“Our successful demonstration with Zebra underscores the transformative potential of combining digital identity and payments in a single, trusted device,”

added Marcelo Bellini, VP Digital Identity at Consult Hyperion, Consulting by Fime.

Acknowledgement

Fime extends its gratitude to AAMVA and its organizers for hosting a world-class event that continues to drive meaningful dialogue, collaboration, and innovation across the digital identity ecosystem.

Work with an expert partner for a secure digital future.

mDLs are moving quickly from pilots to real deployments, and relying parties must be prepared. At Consult Hyperion, we help organizations bridge the gap between initial awareness and production-level implementation.

Our support spans the full journey: from masterclasses and tailored workshops to build understanding, through business case development to justify investment, and market and vertical analysis to identify opportunities. We assist with use case definition, technical requirements, and RFI/RFP support, helping you select the right vendors and solutions and provide implementation support. And through thought leadership collaborations, we share insights that keep you ahead of the curve.

Our goal is simple: to give you a clear strategy, a strong business case, and a trusted path to deploy mDLs with confidence.

Learn more about Digital identity: a new frontier for payment terminal vendors.

Contactless is evolving. Here’s why C-8 matters more than you think.

23rd July 20259th October 2025by Gary MunroLeave a comment

We all love the convenience of ’Tap to Pay’. It’s fast, intuitive, and is widely accepted as part of everyday life. But behind that simple tap is a surprisingly complex ecosystem that’s starting to show its age.

One of the key challenges with the infrastructure supporting contactless payments, is that it’s far more fragmented than it should be. Today, there are more than 20 different contactless kernels in use globally. Each card scheme has its own proprietary version, and this means that every payment terminal has to carry the full suite of multiple kernels to ensure broad acceptance. For merchants, vendors and card schemes alike, this approach is expensive, difficult to maintain, and slows down innovation.

Then there’s the issue of security. Most contactless cards still rely on RSA encryption, a standard that is beginning to look vulnerable beyond ~2035 due to developments in standard computing as well as quantum. Issuers need to migrate to Elliptic Curve Cryptography (ECC) by 2030 to stay ahead of evolving threats. On top of that, current contactless cards still transmit sensitive data in the clear, raising concerns around data privacy, data harvesting and fraud.

So what do we do about it?

Enter C-8.

EMVCo’s C-8 specification is designed to solve these problems. It’s a single, unified contactless kernel that replaces the fragmented, brand-specific approach we’ve been working with for years. Think of it as the contactless equivalent of the chip card kernel: one common foundation that works across all card brands.

C-8 isn’t just about consolidation and cost saving. It’s a major upgrade in security and functionality:

Encrypted cardholder data using AES to protect sensitive information.
ECC-based authentication for a more secure, scalable cryptographic foundation
Support for loyalty, transit, and closed-loop schemes, enabling new use cases.
Simpler POS integration, reducing time-to-market and cost for merchants and vendors.
Better compatibility for smaller issuers and domestic card schemes trying to scale.

What we’re seeing in the market.

C-8 adoption is already underway. POS vendors like Ingenico and PAX have certified C-8 kernels on their devices. Card schemes are actively developing specifications. And there’s real interest from merchants, transit authorities, and fintech innovators.

At Consult Hyperion we’re at the heart of this next wave of innovation. We’re working with card schemes to develop their C-8 specifications, for both cards and mobile. We’re helping to define and produce test plans, and we’re guiding clients as they prepare for certification and rollout.

We’re seeing a clear shift in thinking. Stakeholders are no longer asking if C-8 will happen. They’re asking how they can ready themselves, rapidly, to be at the forefront of this evolution.

Strategic complications for payments & product teams.

If you’re in payments innovation, product development, or infrastructure strategy, C-8 should be on your radar now. It impacts how fast you can scale, how much you spend on certification, and how well you can support new use cases like Tap-to-Phone, in-transit payments, or loyalty-integrated cards.

For issuers, now is the time to plan your ECC migration, ideally before you’re boxed into a rushed reissuance cycle.

For acquirers and terminal vendors, C-8 reduces the cost and complexity of kernel management, helping you get to market faster and support more card types.

For emerging schemes, it offers a path to acceptance that doesn’t require fighting the kernel deployment battle.

Risks of standing still.

RSA has a limited life. The window to migrate contactless portfolios narrows. Waiting too long means you could end up trying to reissue millions of cards in a short timeframe, which is not an ideal scenario.

There’s also a competitive risk. As larger players roll out C-8 compatible cards and terminals, they’ll expand their acceptance footprint faster and more efficiently. Falling behind risks missing that window.

Our experience.

We’ve supported every major wave of EMV innovation from the beginning, and C-8 is among the most important shifts we’ve seen.

At Fime, We’re:

Actively working with global schemes on specification development.
Supporting test tool creation and certification workflows.
Helping clients understand what C-8 means for them, both technically and strategically.

C-8 isn’t just a tech upgrade. It’s a chance to reset the contactless ecosystem, reduce friction, and set the stage for faster innovation.

Let’s talk.

If you’re thinking about how C-8 fits into your product roadmap or want help navigating the next steps, we’re here.

Simpler, smarter contactless is coming. Let’s build it together.

Strategic readiness in Payments and Identity: building the digital economy’s bullet train.

10th July 202518th November 2025by Consult HyperionLeave a comment

The very notion of “strategic readiness” in payments and identity has evolved far beyond routine system upgrades or incremental tweaks. We’re no longer simply replacing the boiler in a Victorian banking house—we’re laying track for the bullet train of the digital economy. This seismic shift demands a fundamental rethink of infrastructure, ideology, and strategic vision.

At this inflection point, identity, reputation, and tokenized value are no longer discrete elements—they are converging into a seamless, dynamic ecosystem. The future of payments is about more than speed or scale; it’s about embedding trust, context, and programmability into every transaction. This is a call to action for payment providers, technology architects, and financial institutions: it’s time to prepare not just for the next upgrade, but for a new paradigm.

1. Tokenization: the new grammar of value

Tokenization is often misunderstood as merely a technical means of wrapping assets digitally. Tokenization represents a profound shift: money that understands us. Tokens are not just containers of value; they encode conditions, context, and control into the very fabric of money itself.

This is programmable money—value with an API. It can carry rules about who can spend it, when, where, and under what conditions. It can embed compliance, privacy, and even reputation directly into the token. This new grammar of value is rewriting the rules of payments, loyalty, and identity.

Strategic imperatives:
The readiness challenge goes beyond adopting standards like ISO 20022 or C-8. It requires building platforms capable of handling multi-asset token models—fiat currencies, CBDCs, stablecoins, loyalty points, and reputation tokens—simultaneously. These tokens must interoperate across chains, jurisdictions, and regulatory frameworks.

Tactical considerations:

Can your platform manage multi-asset token models?
Are your tokens programmable with embedded policies, metadata, and rules?
Can tokens interoperate across different blockchain networks and regulatory environments?
Do you treat tokens as carriers of identity and entitlement, not just value?

Inspiration:
The future belongs to platforms that treat tokens as flexible, composable building blocks—not static assets.

CBDCs: Central banks worldwide are exploring programmable digital currencies that embed monetary policy and compliance rules at the token level.

Stablecoins and Loyalty Tokens: Brands are experimenting with tokens that combine value with customer reputation and engagement metrics.

2. Global standards: strategic alignment beyond interoperability

Standards like ISO 20022, ATICA, and C-8 are often viewed narrowly as technical interoperability tools. They represent strategic battlegrounds for influence and alignment.

Money is becoming more abstract and global, making cross-jurisdictional alignment essential. Standards are the rails on which the digital economy’s bullet train runs. Getting them right means seamless connectivity; getting them wrong means fragmentation and isolation.

Strategic imperatives:
True readiness means engaging proactively in standards governance. It means seeing standards not as a compliance checklist but as a diplomatic and strategic game. Just as 19th-century railway gauges determined economic dominance, modern standards will determine who controls the rails of digital payments and identity.

Tactical considerations:

Have you mapped your organization’s position in evolving standards?
Are you investing in interoperability by design, bridging legacy and emerging systems?
Are you actively participating in standards bodies and governance forums?

Inspiration:
The winners in the next decade will be those who shape standards, not just follow them. Open banking initiatives worldwide demonstrate how early movers in standards governance gain competitive advantage and market influence.

3. Digital identity: the strategic spine of future payments

Identity is shifting from a static presentation to a dynamic performance. It’s no longer a simple credential shown at a single point in time, but a persistent, evolving construct that draws from social, legal, and behavioral data streams.

This shift has profound implications for payments. Authentication is no longer about passwords or PINs—it’s about a rich tapestry of biometric signals, device fingerprints, and behavioral biometrics that collectively redefine trust. This isn’t just a technical upgrade; it’s a wholesale redesign of how trust is established and maintained in digital interactions.

Strategic imperatives:
Because identity is the foundation upon which all payments rest. Without a robust, flexible, and user-centric identity layer, payments remain vulnerable to fraud, friction, and exclusion. But when identity becomes fluid, portable, and programmable, it unlocks new possibilities: seamless onboarding, frictionless authentication, and privacy-preserving data sharing.

Embedding a context-aware identity layer is no longer optional—it’s foundational. This means integrating verifiable credentials, decentralized identity (DID) frameworks, and self-sovereign identity (SSI) principles directly into payment platforms. Identity must be treated as a living asset that travels with the user across ecosystems, rather than a siloed attribute locked inside a single institution.

Tactical considerations:

Infrastructure readiness: Does your system support verifiable credentials and decentralized identity frameworks?
Contextual authentication: Have you deployed multi-factor, behavioral, and device-bound authentication methods?
Portability: Can users carry their identity credentials across platforms and services?
Privacy controls: Are privacy settings granular, user-centric, and programmable to adapt to different contexts?

Inspiration:
The institutions that lead the next wave will be those that treat identity not as a compliance hurdle but as a strategic asset—one that enables trust, inclusion, and innovation.

Nordic BankID: A leading example of a national digital identity platform enabling seamless authentication across banking, government, and commerce.

India’s Aadhaar: A massive biometric identity system that powers a range of financial inclusion initiatives and digital payments.

4. The future-proofing mandate: architecting for ambiguity and agility

Future-proofing is often mistaken for predicting the next big thing. In reality, it’s about designing systems that thrive amid uncertainty and change. The real currency of the next decade is optionality—the ability to pivot, adapt, and compose new solutions rapidly.

Monolithic architectures and tightly coupled ecosystems are liabilities in this environment. Instead, the future belongs to modular, composable platforms that can integrate new identity models, token types, and regulatory requirements without wholesale rewrites.

Strategic imperatives:
Build with composability and modularity at the core. Adopt open token standards, modular identity stacks, and orchestration layers that enable dynamic rule enforcement. Embrace cloud-native, API-first, and event-driven architectures that support rapid innovation.

Tactical considerations:

Is your architecture truly composable and plug-and-play?
Are your systems event-driven and cloud-native?
Is your data layer decoupled from service layers to enable seamless migration?
Have you invested in orchestration tools for dynamic policy enforcement?

Inspiration:
Look at the tech giants who thrived in the internet era: they weren’t oracles predicting trends—they were architects building platforms that could evolve. The same mindset is essential for payments and identity today.

Final thought: lead with vision, not nostalgia

The opportunity to lead this transformation is immense—but only if leadership embraces a new mandate. The goal is not to preserve legacy systems or replicate old models digitally. It’s to reimagine what payments, identity, and value can become in a connected, programmable world. Digital infrastructure is no longer a compliance burden; it’s a civilizational substrate. The future belongs to those who treat it as such—building with courage, curiosity, and a refusal to mistake digitization for transformation. Remember: the payments game is being played by actors who have no interest in being banks. The disruptors, platforms, and protocols are rewriting the rules. Are you ready to lead?

The Norman Blockchain.

24th June 202518th November 2025by David G.W. BirchLeave a comment

From a mechanism for deferred payment, to a store of value and then a medium of exchange. Stablecoins? We’ve been here before, as I explained to our guests at Money20/20 in Amsterdam this year.

A ledger technology, a means for recording transactions, needs to be fit for purpose. It needs to be cost-effective, convenient, appropriate for its users, immutable (of course), long lasting and so on. We’ve been here before, by the way, with the tally sticks. To begin at the beginning, then, what are tally sticks? Well, here is an article I wrote about them for the Financial Times Virtual Finance Report almost three decades ago (FTVFR, Vol. III, No. 5, May 1998)…

Tally Ho!

Tally sticks came into use in England after the notorious war criminal William the Bastard’s illegal invasion and regime change of 1066. Tax assessments were made for areas of the country and the relevant sheriff was required to collect the taxes and remit them to the crown. To ensure that both the sheriff and the king knew where they stood, the tax assessment was recorded by cutting notches in a wooden twig and then splitting the twig in two, so that each of them had a durable record of the assessment. When it was time to pay up, the sheriff would show up with the cash and his half of the tally to be reckoned against the King’s half. As the system evolved, the taxes were paid in two stages: half paid up front at Easter and the rest paid later in the year at Michaelmas when the “tallying up” took place.

Medieval English split tally stick (front and reverse view). The stick is notched and inscribed to record a debt owed to the rural dean of Preston Candover, Hampshire, of a tithe of 20d each on 32 sheep, amounting to a total sum of £2 13s. 4d.

The technology worked well. The tally sticks were small and long–lasting (after all, they still exist, you can go and see some in the British Museum), were easy to store and transport, and easily understood by those who couldn’t read (which was almost everyone).

As a new technology, however, they soon began to exhibit some unforeseen (in the context of their record–keeping function) characteristics. During the extended period of use of any technology, creative people come along and find new ways to use the technology in different times, in different cultural contexts. Tally sticks were a form of distributed ledger to record debt, and were soon being used as money.

From Deferred Payment to Store of Value

By the reign of Henry II (who died in France in 1189), the Exchequer was already a sophisticated and organised department of the king’s court with an elaborate staff of officers. The use of tallies to enable this operation had an interesting consequence. Since the king (as is generally the case) couldn’t be bothered to wait until taxes fell due, and could not borrow money at interest, he would sell the tallies at a discount. The holder of the tally could then cash it in when the taxes fell due, making it (in effect) a fixed–term government bond. Since paying interest was forbidden by the church, selling tallies at a discount became a key means for the Crown to borrow money without God noticing what was going on.

The discount on the tallies, being equivalent to the interest rate for government debt, varied just as one would expect. As economic circumstances changed, so did the discount rate. Adam Smith noted that in the time of King William the discount reached 60% when the Bank of England suspended transactions during a debasement of the coinage. Clearly, then, the tally system could be (and was) abused by the Exchequer selling tallies which they would not redeem, but the Crown soon learned not to renege on tallies, since the discount on future tallies would be increased and the Exchequer would be hit hard.

To summarise: by middle of the twelfth century, there was a functional market in government debt centred on London. No wonder the London money markets are so sophisticated. I often fall into the trap of thinking that there’s never been a revolution in monetary technology before, so I forget how rapidly previous significant developments were co–opted by the financial ‘establishment’ and taken for granted or just how old some aspects of the apparently modern financial infrastructure are.

From Store of Value to Means of Exchange

The market for tallies evolved quickly. Someone in (say) Bristol who was holding a tally for taxes due in (say) York would either have to travel to collect their due payment or find someone else who would, for an appropriate discount, buy the tally. Thus, a market for tallies grew, arbitrating various temporal and spatial preferences by price. It is known from recorded instances that officials working in the Exchequer helped this market to operate smoothly. The distributed ledger technology of the tally had been used to convert a means for deferred payment into a store of value and then into a means of exchange, and the sticks remained in widespread use or hundreds of years.

The Bank of England, being a sensible and conservative institution naturally suspicious of new technologies, continued to use wooden tally sticks until 1826: some 500 years after the invention of double–entry bookkeeping and 400 years after Johann Gutenburg’s invention of printing. At this time, the Bank came up with a wonderful British compromise: they would switch to paper, but would keep the tallies as a backup (who knew whether the whole “printing” thing would work out, after all) until the last person who knew how to use them had died!

Thus, tally sticks were then taken out of circulation and stored in the Houses of Parliament until 1834, when the authorities decided that the tallies were no longer required and that they should be burned. As it happened, they were burned rather too enthusiastically and in the resulting conflagration the Houses of Parliament were razed to the ground, which is why they are now a Victorian gothic pile rather than a medieval palace, in an incident so loaded with symbolism about the long–term impact of innovations in the technology of money that had it occurred in a novel no–one would believe it.

The Burning of the Houses of Lords and Commons is the title of two oil on canvas paintings by J. M. W. Turner, depicting the fire that broke out at the Houses of Parliament on the evening of 16 October 1834. Turner himself witnessed the burning of Parliament from the south bank of the River Thames, opposite Westminster.

Stable

The tally sticks, just like USDC, were backed by government debt. Just as USDC is backed by US Treasury Bills, so the tally sticks were backed by the tax-raising power of the monarch. Nothing much has happened in a thousand years, has it!

Digital Identity: A new frontier for payment terminal vendors.

23rd June 202518th November 2025by Consult HyperionLeave a comment

Due to their seamless user experience and secure design, payment terminals have become the gold standard for brick & mortar merchants. As the world becomes more digital, merchants need to embrace new and innovative ways to keep up with evolving consumer expectations while maintaining, or even improving, security.

One key digital advancement is digital identity which has quickly become a cornerstone of multiple industries including retail, healthcare, transportation and more. Terminal vendors therefore face a strategic choice: Stick to payments, or evolve into access points for identity too?

Why this matters now

Digital identity is a virtual representation of the user. It securely stores and presents personal information, which can be used to verify the identity of the user anywhere, anytime. By passing this verification process, users can gain access to services, without needing to provide a physical identity document.

Digital identity is a trend, driven by convenience, fraud prevention, data privacy and security. Standards are already in place and are being followed closely by technology vendors. Acceptance must follow, now that digital identity is becoming available to many users.

Due to its convenience, governments and schemes are launching digital identity systems. Examples include Singpass Mobile App in Singapore, Aadhaar in India with over 1.3 billion registered citizens, and the United States of America’s Mobile Driver License (mDL).

Digital ID isn’t just about online services. Citizens can also use them to verify themselves physically. For instance: in pharmacies, when collecting a parcel or at a government help desk. But these places have not yet deployed payment terminals and there’s no common de facto interface for that.

The power of payment terminals

With security chips, authentication capabilities, and a place on every retail counter, terminals are already built for trust. Vendors that move early can help shape the role of identity at the physical edge — and become indispensable to this next layer of infrastructure.

Payments and identity: naturally aligned

The payments and digital identity ecosystems already share key components of critical infrastructure, which makes them compatible and able to support overlapping use cases. Both systems rely on cryptography and secure hardware – components that are already embedded in payment terminals. These elements are essential for securely storing cryptographic keys and executing sensitive operations.

Both ecosystems also utilize similar user interfaces and input methods. Whether it’s a PIN pad, a touchscreen on a POS terminal, or a biometric scanner used for identity verification, the technology used to interact with users is easily adaptable between the two domains.

Standards and certification frameworks also provide a strong foundation for integration. For example, global standards such as EMVCo for payments and FIDO Alliance for identity authentication help ensure interoperability and security across different devices.

Finally, both ecosystems are built on trust relationships between the key stakeholders, banks, acquirers, and service providers in the payment’s world. These relationships are critical for ensuring that transactions and identity verifications are accepted across networks and ecosystems. Institutions that already support secure payment acceptance are well-positioned to extend their role into digital identity verification.

This overlap makes the payment terminal a natural candidate for identity authentication at the edge, especially for services that require face-to-face verification or hybrid customer journeys where digital and physical interactions are blended.

The risk of standing still

A new market, not just a new feature

Digital identity does not just expand what terminals can do — it also expands where they can go. By entering non-payment environments through identity use cases, terminal vendors could open doors in entirely new markets, including public sector offices, healthcare providers, or access-controlled locations. Once deployed, these terminals may later enable payments too, making identity a strategic wedge into previously untapped areas.

Terminal vendors must be ready for market threats, such as technology players that are already enabling terminals, new players and mobile vendors.

It’s also important to remain open minded to upcoming opportunities, like helping to shape new infrastructures, incorporating new payment requirements, participating in new types of payment initiation and defining new use cases and services.

The risk of standing still

While terminal innovation has focused on sleek form factors and value-added apps, few vendors have strategically explored how digital identity can reshape their market.

By not engaging early, vendors risk:

Becoming sidelined as mobile-first ID platforms set the standards.
Allowing newcomers to enter the ID market and later capture payment market share.
Missing opportunities to influence national and regional schemes.
Losing relevance in ecosystems that increasingly value multi-function interfaces.

The integration of identity into terminals is no longer a technical challenge – it’s a strategic imperative.

The opportunity for first movers

There is a growing space for vendors who can demonstrate how digital identity and payments converge on a single device.

Some key use cases are already emerging:

Age verification in retail or hospitality — a fast-growing use case in the EU, US, and across APAC. For example, in Australia, regulation for age verification with digital identity when buying liquor is already in place.
Prescription collection in pharmacies — where identity verification and payment occur together and a unified experience could improve efficiency and the customer journey in-store.
Subsidies or tax refunds at the point of sale — where proof of entitlement and transactions converge.
Transit discounts and concessions — enabling the system to verify eligibility without tracking individuals directly.

These use cases are not theoretical. In several markets, pilots are already underway, often without terminal vendors in the room. Some of these pilots involve two separate terminals, one for payments and one for digital identity, opening space for newcomers to bring solutions not yet explored by traditional terminal vendors.

Terminal vendors are in a unique position

Terminal vendors are well-placed to support both payment and digital identity use cases due to their expertise. Their devices are already embedded in the payment flow, which allows them to seamlessly optimize the user experience by unifying identity verification and transactions. Because these terminals are already integrated with retail sales systems, they offer a natural extension point for identity-based workflows without requiring duplication of infrastructure.

Additionally, terminals come with built-in user interfaces and authentication mechanisms like touchscreens or PIN entry pads, the devices are already trusted and deployed at scale and vendors are already familiar with certification, compliance and standards processes. Finally, vendors already have strong, established relationships with acquirers.

These strengths position vendors perfectly to bridge the physical and digital identity worlds.

The bottom line

Payment terminals don’t have to be limited to payment transactions. In a digital-first world, they can become trusted touchpoints for identity, but only if terminal vendors act now.

The opportunity is there. Whether you seize it, or let others redefine the edge of identity, is up to you.

Terminal vendors thinking about digital identity should consider six strategic questions:

Which identity roles could your terminals support? (credential verification, authentication)
What standards are relevant? (ISO 18013 mDL/mDoc, W3C VC)
Can you integrate identity (UX and technology) with minimal redesign?
What partnerships will help you scale fast?
Where are the first viable pilots?
What are you doing to be compliant with new regulations for all regions?

By adopting digital identity solutions, payment terminal vendors can seize opportunity and build stronger relationships with customers. Contact Fime if you’re interested in gaining a competitive edge in this ever-changing market.

Making Digital Identity work: The path to interoperability.

17th June 202518th November 2025by Steve PanniferLeave a comment

At the end of February, important interoperability test events took place for Mobile Driver’s Licenses (mDL) in Utrecht, The Netherlands.

The vision and the challenge

The vast majority of mDL solutions are being developed to align with the ISO 18013 series of specifications. This is essential. Like passports, driver’s licenses have utility way beyond their basic function and it is reasonable to assume the same expectations for mobile versions of driver’s licenses. They have the potential to support access to services in travel, hospitality, financial services and many more.

The specifications are not limited to driver’s licenses either. The broader mDoc concept allows any other document or credential type to be defined, such as for identity cards, health cards, travel permits, loyalty and anything else you can think of.

The vision is that in the future we will have digital wallets, accessible from our personal devices, that allow us to present credentials (or assertions derived from credentials) in all manner of online and offline contexts. Globally that could mean hundreds of wallet providers needing to support credentials issued from thousands of issuers and be accepted at millions of locations. That is a lot of potential combinations of issuer, wallet and verifier. When a student from Japan turns ups at a liquor store in Australia, will their mDL just work?

For that to be possible solutions will need to be interoperable from a regulatory, commercial and technical perspective. Achieving that at global scale is a big challenge but not one that is insurmountable. It is something the card payment industry achieved as it evolved over the past decades and provides great learnings for mDL interoperability.

Learning from payments

Focusing on technical interoperability, a key standard in the payments space is ISO 7816. The first part was published in 1987 defining the physical characteristics of “identification cards”. You see, even back in 1987 the connection between identity and payments was evident. This first part was followed by several other parts defining things such as electrical interfaces, transmission protocols, application-level command structures, security and so on. On top of this, the EMV standards emerged to define how card payment transactions between cards and readers would be performed.

Standards were a vital step in enabling payment ecosystems to operate at scale. But standards are always open to some level of interpretation or misinterpretation. To ensure that technologies work in the real world, it is essential to test them thoroughly. For card payments, any card from any issuer must work seamlessly at any terminal from any acquirer – every time. That means a LOT of testing and in particular testing everything against established and approved reference equipment. So, alongside the evolution of standards the payment networks created and formalized certification programs that ensure that cards, readers, hosts, and so on, function consistently and reliably in line with those evolving specifications.

Testing mDLs

So what has this got to do with test events in Utrecht?
Those events brought together dozens of organizations from around the world who are building mDL solutions and need to ensure that they will work in the real world. Those solutions are being built alongside the evolution of the standards. It is very similar to what happened in payments although the timeframes are much more compressed. mDLs will emerge as a key mass-market digital identity technology within years, not decades.

During those events we tested new features in the ISO 18013 specifications with a large number of vendors. And it was not smoke and mirrors. Fime was there with its Digital Identity Test Suite that provides a reference implementation of the specifications and can act as either a wallet or a relying party. We were able to conduct tests with many vendors, performing real transactions (with test data of course), helping those vendors assess the gaps and issues in their implementations of the standards.

I think you can view these test events as the beginnings of the formal certification that will be necessary to ensure interoperability for mDL – and for digital identity more widely.

Who will own the scheme?

Perhaps the single biggest interoperability question today is – who will own the certification scheme?
In payments, the answer to that question is straightforward (at least it is now). The payment networks (especially the international ones) set their rules that apply within the large ecosystems that they own. The mDoc ecosystem will be more fragmented with no obvious single organization with the authority to set rules at a global level.

In the EU, the eIDAS legislation makes member states responsible. Of course, there will need to be a lot of work to gain alignment and we expect ENISA to play role there. For our part, Fime is delighted to be part of the WE BUILD consortium that will be delivering a large-scale pilot for the European Commission. In our role there, we will be making sure that the topic of interoperability is given priority. It is an essential requirement for the ecosystem to be successful.

Learn more how Fime can help deliver a interoperable and international mDL solutions.

Trust in the Future of Finance: Key insights from M2020 Asia.

17th June 202518th November 2025by Steve PanniferLeave a comment

Steve Pannifer, Senior Vice President of Digital Identity at Fime, summarizes the key insights and discussions from Money 20/20 Asia in Bangkok, Thailand – a prominent event that brings together the Asia-Pacific payments ecosystem to delve into the latest opportunities within the industry.

One of the main themes at Money 20/20 Asia this year was “Trust in the Future of Finance”. It is an important topic. Many of the pain points in the digital economy are related to trust, not least the rampant fraud occurring within an ever-increasing number of digital spaces such as social media. People get scammed because they trust people who they shouldn’t. The internet is over 30 years old and yet it still has no trust layer. This is essentially the problem that digital identity is trying to solve.

Alongside colleagues from Fime and Consult Hyperion, I was delighted to be able to contribute to a number of trust related sessions at the event:

Building Digital Trust with Modern Identity Security and Orchestration
Navigating Compliance and Security in Digital Identity
Selling to Robots: The Digital Identity Imperative in Agentic Commerce
Brainstorm: Building Trust with AI in Digital Identity
It Takes a Village – Making Digital Identity Work
Your Face Becomes Your Wallet of Everything: Personalization vs Security

Here are some of my key takeaways:

More friction does not necessarily mean more security

I’ve sometimes heard it said that people are lazy when it comes to online security, and it is this that results in them not taking the steps necessary to protect themselves online. I’m sure there is some truth in that, but I also believe a big part of the problem is to do with the ways systems are designed. If we put a lot of friction into the customer experience, that will also encourage poor behavior. For example, asking a customer for a memorable word is a terrible idea. They will inevitably choose something so obvious that the smallest amount of social engineering will reveal it.

Building a good customer experience is an essential part of creating a trusted service – a point that Linden Dawson, Senior Product Manager of Customer Digital Identity at National Australia Bank (NAB), made during the session “Building Digital Trust with Modern Identity Security and Orchestration”. It’s not that we need to design services with no friction. Some friction can be reassuring to customers and is an important element of building trust.

Regulation needs to address the root cause

In the same session, Natalie Reed, Director at Deloitte, described Australia as the “scam capital of the world”. I think the UK could give Australia a run for its money. Her point was that it is out of control. This report, published by the United Nations’ Office on Drugs and Crime in April 2025, highlights the level of industrialization of the scam business, which employ “multi-lingual workforces comprised of hundreds of thousands of trafficked victims and complicit individuals”. From centers in Southeast Asia and beyond, transnational organized crime is able to target victims across the world.

In some countries (like the UK) regulators are trying to address the scam issue by making the banks pick up the tab but this does little to address the root cause. It does not stop the activity of scammers. Neither does it encourage people to make sure they can trust the person to whom they are sending money. One glimmer of hope, as Natalie explained, is the new scams prevention framework in Australia which places some responsibility on the social media platforms, where many scams originate. We will have to wait to see how far the regulator can go in holding social media platforms to account.
Trust is needed across the whole lifecycle.

Too often the trust conversation has been focused on onboarding, ignoring the need for trust through the whole customer lifecycle – a point well made by Ian Sorbello, Principal Solutions Architect at Transmit Security, in the session on “Navigating Compliance and Security in Digital Identity”. Those initial checks are important but unless they are linked to strong authentication and fraud checks, weaknesses will be exploited and trust will be lost.

Anoosh Arevshatian, Chief Product Officer at Zodia Custody, took this a step further, explaining the connection between digital identity and digital assets. Ultimately digital identity boils down to the private keys under the control of the user (but likely managed by a custodian). The binding of the corresponding public keys to digital assets establishes ownership. Protecting those keys through the customer lifecycle is essential for customers to be able to trust that their assets are safe.

Trust is about to get a lot more complicated

In their session “Selling to Robots: The Digital Identity Imperative in Agentic Commerce”, Dave Birch, Global Ambassador at Consult Hyperion, Consulting by Fime and Victoria Richardson, Partner at ID Partners, highlighted how agentic AI will dramatically change the relationship between organizations and their customers. For example, AI agents will help customers find the best deals, switching as needed – meaning that businesses will no longer be able to rely on customer inertia.

Customers will of course need to trust AI agents to use them. But as Dave and Victoria explained, organizations will need to trust agents too. A key question will be whether organizations will even know that they are dealing with agents rather than actual customers?

Several emerging AI agents use screen scraping to access services through the same interface as human customers, making it difficult to distinguish between the customer and their AI agent. Frameworks such as the Model Context Protocol (MCP), which is seeking to standardize how AI agents access data sources, may help. By giving agents a different end-point to the human customer, organizations will have a better chance of working out what or who they are interacting with.

The technology and standards to deliver trusted digital identities exist. These can address the issues of fraud, friction, inclusion and privacy we see all around us today. The task of building a trusted internet may be complex, requiring the commitment of many stakeholders but it is not unachievable. Examples around the world have shown that with the right incentives, real progress can be made – the key point from my session.

Stay ahead of key market trends

Attending conferences such as Money 20/20 Asia allows us to keep our finger on the pulse of the key challenges and opportunities faced by each player in the market. It isn’t just the main conference programme that offers these insights; it’s getting the chance to speak directly with the banks, merchants, and service providers that operate within each region and finding out what matters most to them. Trust remains the cornerstone of a secure digital future. Events like Money 20/20 Asia show us that while the challenges are complex, the solutions are within reach – if we work together.

Learn more about Fime’s expertise across the digital identity ecosystem.

Biometric authentication vs AI threats: Is mobile security ready?

9th June 202510th June 2025by Jean Fang, Lead Consultant at Consult Hyperion, consulting by FimeLeave a comment

Quality biometric solutions provide outstanding security with a seamless UX. This makes it appealing for use cases ranging from state-of-the-art access control for critical government infrastructure, to something as routine as unlocking your phone. However, this diversity of use cases brings its own challenges. The varying needs of different applications, coupled with the speed with which the technology has developed, has created a fragmented ecosystem with little standardisation.

Many emerging use cases rely on the biometric capabilities of consumer’s own commercially available off the shelf (COTS) device. Android platform recognized this and has laid the groundwork to enfranchise device manufacturers and biometric solution vendors to create the next generation of state-of-the-art authentication products. And it does so just in time. Artificial Intelligence has transformed the biometric security battleground, and it is vital that stakeholders understand both the threats they face, and the steps that must be taken to meet them head on.

The changing threat landscape.

Biometric authentication is based around using an individual’s unique identifiers such as their iris, fingerprint, or face to provide an additional data point to verify identity. When launched, it was praised for the infallibility and security it provided as biometric data was, quite literally, always ‘on hand’ for users, but it couldn’t be lost or stolen.

Except now it can. Easily.

Artificial Intelligence, or AI, has unlocked a host of efficiencies in our life, specifically in data management and customer experience. However, these same AI tools are also readily available to fraudsters who can use them to execute devastating attacks. For example, photos can be taken from a user’s social media and in a matter of moments be transformed into a deepfake video to be used in an injection attack that aims to spoof facial recognition technologies and gain access to private data.

Meanwhile, AI is also being used to work through extensive data caches to locate and exploit any vulnerability in a security system. This has caused a rapid expansion in both the scale and sophistication of cyberattacks.

Stakeholders throughout the authentication ecosystem are working to adopt more robust practices. Biometrics has a key role to play in this, but only if it can be secured and trusted. The uniqueness of each individual’s biometrics, its greatest strength as an authenticator, can also be its most fundamental risk. If the data is compromised, a user cannot simply rewrite their fingerprints in the same way they change their password. It is therefore crucial the data is protected and secure. Similarly, if a biometric solution can be easily spoofed fraudsters can gain access to the user’s device, accounts and personal information.

An updated approach.

To meet the challenges posed by this evolving threat landscape, Android defined its three classes of biometric strength for devices operating under its remit. Its Compatibility Definition Documents (CDD), the requirements that each Android device must comply with should it wish to participate in the Android ecosystem, outlines the requirements for biometric security as Class 3 (formerly known as Strong), Class 2 (formerly Weak), and Class 1 (formerly Convenience).

Devices require independent third-party testing to evaluate their Spoof Acceptance Rate (SAR) along with verification of False Acceptance Rate (FAR) and False Rejection Rate (FRR) as a part of their Biometrics Compliance Report (BCR).

Android’s biometric requirement and the ISO/IEC 30107 standard also defines Presentation Attack Detection (PAD) testing to evaluate the liveness detection capability of the biometric solutions. This is a crucial step towards detecting and resisting spoofing attacks such as deepfakes and protecting the end users.

Independent testing and compliance will raise the baseline for the minimum performance and security of biometric solutions. It requires all biometric solution providers and Android device OEMs to carefully develop their offer to ensure it meets the minimum thresholds backed by impartial evidence. This means that authentication should work right first time for the verified user, while also prevent spoofing and hacks. Not only will this help mitigate the rising threat of spoofing and fraud, it also elevates the user experience, thereby increasing trust in the biometrics ecosystem and proliferating its growth into additional use cases.

Adding value with testing and 3rd party validation.

The process of 3rd party evaluation with industrial standards acts as a layer of trust between all players operating in ecosystem. It should not be thought of as a tick-box exercise, but rather a continuous process to ensure compliance with the latest standards and regulatory requirements. In doing so, device manufacturers and biometric solution providers can collectively raise the bar for biometric security.

The robust testing and compliance protocols ensure that all devices and components meet standardized requirements. This is made possible by trusted and recognized labs, like Fime, who can provide OEMs and solution providers with tools and expertise to continually optimize their products.

But testing doesn’t just safeguard the ecosystem; it elevates it. As an example, new innovative techniques like test the biases of demographic groups (blog) or environmental conditions. Using these techniques allow testers to discover any differential performances by using or simulating different demographic groups or environmental conditions. Biases detection can prevent security issue on real life deployment. This allows also solution providers to optimize the quality and inclusivity of their solutions to meet the needs of more markets and differentiate from the competition.

Building for the future.

We have reached a critical moment for the future of biometric authentication. The success of the technology is predicated on the continued growth in its adoption, but with AI giving fraudsters the tools they need to transform the threat landscape at a faster pace than ever before, it is essential that biometric solution providers stay one step ahead to retain and grow user trust. Stakeholders must therefore focus on one key question:

Can the user trust that they are not sacrificing security for convenience when using biometric authentication?

Product managers must make sure that the performance of their biometric offer balances these two seemingly contradictory demands, but if successful, there are a whole host of emerging use cases that could unlock new revenue streams for them. These include biometrics backed in store checkout, enhanced access control, augmented automotive experiences, and more.

Another significant trend on the horizon is the increasing use of biometrics in identity verification for eID and eKYC use cases. Digital identity is offering a faster, more secure way to verify identity in the online world. Biometrics can provide a simple, seamless to augment the enrollment and verification process for this, but much like in the payments ecosystem, its success depends on the implementation of state of the art solutions throughout the user journey.

Compliance and quality validation are no longer optional. They are essential to protecting end users, preserving brand integrity, enabling innovation, and safeguarding the future of biometric technology.

Breaking the Fraud Cycle: Why Payment APIs Need a Rethink.

20th March 202518th November 2025by Tim RichardsLeave a comment

Imagine you walk into a store, hand over your card and wait for your goods and then … nothing. Everyone ignores you. You shout a bit and wave your arms but eventually go home in a very bad mood and phone your bank. Who basically shrug their shoulders and suggest you be more careful about who you give your money to next time. End of story.

Wouldn’t happen … right?

Well, in a way it’s exactly what is happening with advanced push payment fraud where accountholders are being manipulated into sending their money to the accounts of fraudsters. Let’s face it, we all have to go through a bunch of onerous identity checks whenever we sign up for an account so when we send money to a fraudster, and we want it back the receiving bank should know who they are. And, of course, they do, but that’s about as far as it goes.

In card payments the scenario above doesn’t happen because of a combination of regulation and card scheme governance. If a cardholder isn’t satisfied with the service they’ve received they can complain to their bank who complains, via the card scheme, to the merchant’s acquirer. If the dispute is found in the cardholder’s favor then the merchant has to repay. If they don’t then the acquirer can withhold funds to make the refund and if that doesn’t work the acquirer themselves is on the hook for the refund.

In a similar situation in account-to-account payments the “merchant” is a fraud because the receiving bank hasn’t managed its risk correctly and the receiving bank isn’t generally liable to refund the money – or have any means of reclaiming it from the fraudster. The UK has now introduced some very heavyweight regulation to make it the sending and receiving banks’ joint responsibility to refund the money but have completely ignored the underlying issue, which is the lack of an underlying scheme equivalent to (say) Visa or Mastercard and any dispute and refund process.

Of course, the traditional response to this is that the people paying the fraudsters are idiots and need to be educated to stop them doing this. Unfortunately there’s a long trail of research that says that financial education doesn’t work and that people will continue to send fraudsters their money and then look around for someone else to blame. Human nature.

We don’t allow this in card payments, we shouldn’t allow it in account-to-account payments. The solution is straightforward – anyone can pay out of their account but only people or businesses who’ve been through an enhanced KYC process can receive payments in. The receiving bank is on the hook for fraudsters, so they will be incentivised – heavily – to make sure that people are genuine. This should all come with a proper dispute resolution service and the ability of receiving banks to control the risk of incoming payments in the same way that card acquirers do – they should charge accounts for receiving payments, have the ability to withhold payments if they’re uncertain about their authenticity and be able to demand deposits if they’re worried about the risk.

The obvious way to implement this is through Open Banking. It enables enhanced KYC processes anyway, via Account Information. Allowing people to go into their bank accounts and pay anyone they want, whenever they want, still be allowed – for free. But they shouldn’t be protected if they do that. If they go through Open Banking interfaces they should be – which is why we need a scheme, with proper governance and a proper dispute resolution process.

Sure, this would be annoying and painful to start with. I want to send money to my kids whenever I want to or pay my share of the meal with my friends. But none of that’s impossible, you just need businesses smart enough to design the services to make that work. I can pay the service, the service can pay my kids or my friends. Of course, that’ s not free but, you know what, payments aren’t free except in the world of regulators and politicians. Or, alternatively, I can just send the money to #scamyourgranny and let them get on with it.