The internet wants to see your ID. Now what?

This is a transcript of the talk I gave at the Global Age Assurance Standards Summit in Manchester on 15 April 2026. It has been lightly edited to make it easier to read.

See the slides that originally accompanied this talk.

Hello, I’m Chloe. I’m a published researcher in digital exclusion, and I’m one of the co-founders of Vouchsafe.

Vouchsafe is a trust and anti-fraud platform. Since our inception, we’ve provided inclusive, novel and broad options for people when they are proving things about themselves. This includes everything from digital ID to vouching.

Most of our customers are in financial services, where we’ve worked to offer truly flexible onboarding. The need for this has become more apparent in a post-Covid world, especially when branches are closing to save money and people who need in-person support have nowhere to go.

We’ve learnt a lot, and I’m going to share what we’ve discovered in our work with credit unions, consumer lenders and banks, against the backdrop of controversial new policy.

The Online Safety Act drastically expanded the volume and scope of age verification overnight, and the public isn’t entirely comfortable with what they see. AI-powered fraud, user distrust and digital exclusion will cause unpredictable social consequences for decades.

Using what we’ve learnt by building truly inclusive KYC for banks and lenders, I’m going to show you what we’ve found in Pandora’s box of identity verification.

This technology is everywhere now, and that is clearly starting to have some interesting social implications.

User distrust has never been higher

New legislation is forcing people to share data in order to keep accessing things they had access to before: things that have become everyday, essential communication services, or business services. That is only making that distrust worse.

Trust in big tech platforms in particular is incredibly low.

And, in a conclusion that was not surprising to anybody, it turns out that addiction is a feature, not a bug.

Ultimately, when a jury in Los Angeles recently found Meta and YouTube guilty of intentionally building social media platforms to be addictive, they brought into focus the most prominent feeling most people have towards tech: widespread, deep distrust.

In the New Yorker article The Internet Wants to See Your ID, Eric Goldman, an associate dean at Santa Clara University School of Law who has been studying online age verification, said that the Online Safety Act and similar legislation internationally are about to dismantle what remains of the open web, which was created on the philosophy that anyone should be able to access almost anything. “We’re witnessing the real-time destruction of the internet as we know it,” he said.

I included a quote from an Australian podcast about age verification for porn sites, and I’m not going to read it out in full here. But I’m showing it because this is how many people feel about the Online Safety Act and similar international legislation. It feels like a weird, puritan inconvenience. And people don’t trust that intervention, especially not at such a private moment.

And with that distrust comes temptation.

This is not like Companies House director ID verification. It’s not like applying to a bank or for a loan. It’s not like an eVisa application. The consequences of defeating an age verification process feel far more abstract and remote, so the temptation to misbehave and defeat the system and its controls is far, far greater.

So maybe what I’m saying is that the Online Safety Act has, basically, drawn a lot of attention to weaknesses that were already there. These security holes existed before. It’s a good thing attention has been drawn to them, but the identity verification market may have gotten away with it for a bit longer if it wasn’t for those meddling kids.

AI-powered fraud is on the rise

And so is your exposure to it.

Let’s talk about a slightly more high-tech type of fraud.

At our event in February, we brought together 100 fraud experts, MLROs and compliance geeks to discuss the rising tide of previously difficult, but recently very easy, AI-powered fraud, and what we are doing about it. As one of the slides showed, 59% of all fraud is identity fraud.

Everyone’s exposure to AI-powered fraud is increasing. It’s no longer just an issue that banks need to worry about. It will touch all industries that need to verify.

Due to generative AI, solely document-based verification is basically useless.

Pixel-by-pixel analysis is on its last legs. It’s easy to defeat. It’s an arms race, and being alternately one step behind or ahead, depending on the day, is no longer enough.

There’s a lot of talk about digital credentials, but remember: especially in the UK, the journey of getting a verifiable credential often starts with the scan of a document. And what if you don’t even have a document, or access to a smartphone at all?

Digital exclusion has more parts to it than you think

When you think of digital exclusion, you might think about access to a smartphone or a laptop, home broadband, and data bundles. And although that’s a huge part of it, it’s wider than that.

Let’s talk about access.

2.8 million people in the UK are not online at all, according to the Lloyds Consumer Digital Index 2023. Being online is defined as having accessed the internet once in the past three months.

Nearly 10% of UK households struggle to afford, or cannot afford, home broadband.

Millions of households in the UK have one smartphone between the whole family. In 2020, the Department for Education provided 2 million laptops to families so children could be schooled from home, because millions of families did not have a computer. At the end of 2021, they asked for them back.

Around 20% of adult internet users only have access to a smartphone, meaning they don’t have access to a laptop, tablet or computer.

Which leads me on to digital literacy.

Fourteen million adults in the UK have very low or low digital literacy skills. They lack the most basic digital skills needed to navigate phone-based online verification systems.

Twenty-seven per cent of households with children lack a parent with the critical skills to understand and manage digital risk and online safety.

Thirty-one per cent of households with children have secondary school children missing the critical skills to understand and manage digital risk and online safety.

And finally, there’s ID poverty, which has a huge overlap with digital exclusion.

When a person doesn’t have access to a good, valid photo or digital ID, we call that ID poverty. We’ve seen a hell of a lot of it, and it’s why we offer vouching.

There are nearly one billion people worldwide in this situation. In the UK, there are 11 million people without a passport or a driving licence, which are currently the two main government-issued photo IDs.

Let’s break that 11 million down a bit more.

People living in poorer areas are more impacted by ID poverty.

In Boston, Lincolnshire, 42% of people don’t have a UK passport. In Croydon, it’s 41%. In Wolverhampton, 42%.

Even in wealthier areas, there is still a disparity. In Sevenoaks, 15% of people don’t have a UK passport.

Demographically, there are three groups that are most likely to experience ID poverty: the 16 to 25 age bracket, the over-65 age bracket, and people from lower socio-economic backgrounds.

There are other good photo IDs out there, like CitizenCard, and we certainly see a lot of them. But the 11 million number is a good indicator of the number of people we are seeing struggle to access digital services.

It’s not just about who has access to photo ID. It’s about how, or even if, people can use the technology that’s being used to verify them.

The fintech world can still, in the year of our Lord 2026, be a bit of a rich boys’ club.

Some of the highest-valued fintechs right now focus on crypto and investing, which you can only really engage in if you’ve got money to spare. And don’t get me started on how close they are to gambling.

Accessibility and inclusion are often not part of the conversation.

Project Nemo are an award-winning campaign pushing to change this narrative and accelerate disability inclusion and accessibility in the fintech industry. We’ve done a fair bit of work with them over the past 12 months, and our user research findings were fascinating.

Can you guess what the most impactful design change was?

The ability to flip the camera during a video selfie so someone else can take it for you.

It’s simple stuff. It’s not hard.

A note on digital ID

It would be crazy for me to stand here and not talk about digital ID. It’s important context, and internationally it is very widespread and well used.

But I’ll be talking about it in the context of the UK, where, to much of the public, it still seems to be an alien concept.

It’s no secret that the UK government’s digital ID announcement was met with great resistance. The UK has never reacted well to the idea of a national ID, and this was no different.

But I have a theory that minds will start to change later this year. The UK mobile driving licence is currently being piloted, and I believe that as soon as people understand the ease of use of a mobile driving licence when doing online verification, public perception will start to shift.

There is a case no one is making for how digital ID can keep Brits safe from fraud.

If digital identity is built the right way, it absolutely will keep Brits safer from fraud. It’s an obvious win that I’m surprised isn’t being talked about more.

It’s much, much harder to steal someone’s identity when you’re using verifiable credentials, especially if it didn’t rely on a document scan in the first place.

Driving licences are the most fraudulently used and created documents in the UK. Passports are up there too. You can’t check with the issuer, so the checks you can run are limited.

Ultimately, if you lose your wallet with your driving licence in it, as I have done countless times, that is often all the information someone needs to apply for a loan in your name.

Whereas if you have a digital ID in a wallet on your phone, and your phone gets nicked, that verifiable credential is far easier to revoke and becomes instantly useless.

So what does the path forward look like?

It starts with a warning from the past.

This is the incredibly named Stafford Beer. He continued this tradition of brilliant naming conventions by naming his son Vanilla. Vanilla Beer.

Stafford Beer was, essentially, a systems scientist. The father of service design. He was actually a professor a couple of miles away from here, at Manchester Business School.

And he gave us a line I love: the purpose of a system is what it does.

The purpose of a system is what it does.

What we are all creating here is a system that will, and already does, have intended and, importantly, unintended social consequences.

And we will be the people who go down in history as having created them.

If we are not careful, we will create a world where only people who access the internet on their own device, that they do not share, or are able-bodied, or have enough digital literacy to verify themselves, are able to access something that was created to be decentralised, democratising, and is today an absolute utility.

And if that’s what we create, we have to remember: the purpose of a system is what it does.

The UK government has recently released an update to the snappily named UK Digital Verification Services Trust Framework.

The themes of digital ID, reusable verification, and what it all means for the financial sector in the UK all feature heavily. They’ve also updated the vouching guidance and put new emphasis on inclusion. The FCA has recently followed suit too.

For us, and mostly for our customers, this totally reframes the conversation. The purpose of this system is changing, and it must include more inclusive ways for users to verify themselves.

So what does the roadmap to that brighter future actually look like?

First, treat digital ID and verifiable credentials as the default today, not a special case.

Design onboarding so that digital ID is requested first, with documents and credit bureau data offered as inclusive fallbacks.

This immediately improves conversion and reduces exposure to synthetic and impersonation fraud, without excluding users who don’t yet have a digital ID. In many cases, people won’t even need to show their face.

Second, stop investing in better document checks.

Visual document checks are a losing battle. Improving OCR accuracy or AI tamper detection marginally increases cost without changing the attacker’s advantage.

In the long term, all these tools will lose.

Third, plan for a plurality of schemes.

There is no one thing you can implement that will work for everyone.

If you truly want to keep all your customers or users, and onboard new ones, you absolutely have to prepare for the fact that a person’s ability to prove their age or identity is inherently linked to their life circumstances. And life circumstances are hella varied.

And finally, a fourth one: think about the unintended consequences of the systems that you build.

We absolutely have the tools at our disposal to make this work, and to make it work well: to create a better future, reduce harm, and ultimately create safety without restricting access and freedom.

We just have to do it well.

Want to join the movement to make sure identity and age verification works for everyone? Connect with me on LinkedIn or book a call.