financial identity – Bredemarket

Government Anti-Fraud Efforts: They’re Still Siloed

When the United States was attacked on September 11, 2001—an attack that caused NATO to invoke Article 5, but I digress—Congress and the President decided that the proper response was to reorganize the government and place homeland security efforts under a single Cabinet secretary. While we may question the practical wisdom of that move, the intent was to ensure that the U.S. Government mounted a coordinated response to that specific threat.

Today Americans face the threat of fraud. Granted it isn’t as showy as burning buildings, but fraud clearly impacts many if not most of us. My financial identity has been compromised multiple times in the last several years, and yours probably has also.

But don’t expect Congress and the President to create a single Department of Anti-Fraud any time soon.

Stop Identity Fraud and Identity Theft Bill

As Biometric Update reported, Congresspeople Bill Foster (D-IL) and Pete Sessions (R-TX) recently introduced H.R. 7270, “To establish a government-wide approach to stopping identity fraud and theft in the financial services industry, and for other purposes.”

Because this is government-wide and necessarily complex, the bill will be referred to at least THREE House Committees:

“Referred to the Committee on Oversight and Government Reform, and in addition to the Committees on Financial Services, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.”

Why? As I type this the bill text is not available at congress.gov, but Foster’s press release links to a preliminary (un-numbered) copy of the bill. Here are some excerpts:

“9 (9) The National Institute of Standards and
10 Technology (NIST) was directed in the CHIPS and
11 Science Act of 2022 to launch new work to develop
12 a framework of common definitions and voluntary
13 guidance for digital identity management systems,
14 including identity and attribute validation services
15 provided by Federal, State, and local governments,
16 and work is underway at NIST to create this guid
17 ance. However, State and local agencies lack re
18 sources to implement this new guidance, and if this
19 does not change, it will take decades to harden defi
20 ciencies in identity infrastructure.”

Even in the preamble the bill mentions NIST, part of the U.S. Department of Commerce, and the individual states, after mentioning the U.S. Department of the Treasury (FinCEN) earlier in the bill.

But let’s get to the meat of the bill:

“3 SEC. 3. IDENTITY FRAUD PREVENTION INNOVATION
4 GRANTS.
5 (a) IN GENERAL.—The Secretary of the Treasury
6 shall, not later than 1 year after the date of the enactment
7 of this section, establish a grant program to provide iden
8 tity fraud prevention innovation grants to States.”

The specifics:

The states can use the grants to develop mobile driver’s licenses “and other identity credentials.”
They can also use the grants to protect individuals from deepfake attacks.
Another purpose is to develop “interoperable solutions.”
A fourth is to replace vulnerable legacy systems.
The final uses are to make sure the federal government gets its money, because that’s the important thing to Congress.

But there are some limitations in how the funds are spent.

They can’t be used to require mDLs or eliminate physical driver’s licenses.
They can’t be used to “support the issuance of drivers licenses or
identity credentials to unauthorized immigrants.” (I could go off on a complete tangent here, but for now I’ll just say that this prevents a STATE from issuing such an identity credential.)

The bill is completely silent on REAL ID, therefore not mandating that everyone HAS to get a REAL ID.

And everything else

So although the bill claims to implement a government-wide solution, the only legislative changes to the federal government involve a single department, Treasury.

But Treasury (FinCEN plus IRS) and the tangentially-mentioned Commerce (NIST) aren’t the only Cabinet departments and independent agencies involved in anti-fraud efforts. Others include:

The Department of Justice, through the Federal Bureau of Investigation and the new Division for National Fraud Enforcement.
The Department of Homeland Security, through the Secret Service and every enforcement agency that checks identities at U.S. borders and other locations.
The Federal Trade Commission (FTC).
The Social Security Admistration. Not that SSNs are a national ID…but they de facto are.
The U.S. Postal Inspection Service.
The Consumer Financial Protection Bureau.

These agencies are not ignored, but are funded under mandates separate from H.R. 7270. Or maybe not; there’s an effort to move Consumer Financial Protection Bureau work to the Department of Justice so that the CFPB can be shut down.

And that’s just one example of how anti-fraud efforts are siloed. Much of this is unavoidable in our governmental system (regardless of political parties), in which states and federal government agencies constantly war against each other.

What happens, for example, if the Secret Service decides that the states (funded by Treasury) or the FBI (part of Justice) are impeding its anti-fraud efforts?
Or if someone complains about NIST listing evil Commie Chinese facial recognition algorithms that COULD fight fraud?

Despite what Biometric Update and the Congresspeople say, we do NOT have a government-wide anti-fraud solution.

(And yes, I know that the Capitol is not north of the Washington Monument…yet.)

Google Gemini. Results may not be accurate.

Not Only Amazon Stale (not Fresh), But Also Amazon Zero (not One)

With all the news about Amazon Fresh closing and more Amazon layoffs taking place, I missed a bit of news about the Amazon One palm-vein technology. But first a bit of history.

Amazon One in 2021

I believe I first wrote about Amazon One back in 2021, in a “biometrics is evil” post.

In that year, TechCrunch loudly proclaimed:

“While the idea of contactlessly scanning your palm print to pay for goods during a pandemic might seem like a novel idea, it’s one to be met with caution and skepticism given Amazon’s past efforts in developing biometric technology. Amazon’s controversial facial recognition technology, which it historically sold to police and law enforcement, was the subject of lawsuits that allege the company violated state laws that bar the use of personal biometric data without permission.”

Yes, Amazon was regarded as part of the evil fascist regime even when Donald Trump WASN’T in office.

Amazon One in 2025

Which brings us to 2025, when Trump had returned to office and I enrolled in Amazon One myself to better buy things at the Upland, California Amazon Fresh. But the line was too long so I went to Whole Foods, where my palm and vein may or may not have worked.

Amazon One in 2026

From https://amazonone.aws.com/help as of January 29, 2026.

And pretty soon we’ll ALL be going to Whole Foods since Amazon Fresh is rebranding or closing all its locations.

And when we get there, we won’t be using Amazon One.

“Amazon One palm authentication services will be discontinued at retail businesses on June 3, 2026. Amazon One user data, including palm data, will be deleted after this date.”

You know the question I asked. Why?

“In response to limited customer adoption…”

Of course, in Amazon’s case, “limited” may merely mean that billions and billions of people didn’t sign up, so it jettisoned the technology in the same way it jettisoned dozens of stores and thousands of employees.

The June date may or may not apply to healthcare, but who knows how long that will last.

So what now?

In my 2021 post I mentioned three other systems that used biometrics for purchases.

There was the notorious Pay By Touch (not notorious because of its technology, but the way the business was run).

There was the niche MorphoWave.

But the third system dwarfs them all.

“But the most common example that everyone uses is Apple Pay, Google Pay, Samsung Pay, or whatever ‘pay’ system is supported on your smartphone. Again, you don’t have to pull out a credit card or ID card. You just have to look at your phone or swipe your finger on the phone, and payment happens.”

And they’re so entrenched that even Amazon can’t beat them.

Or as I said after the latest round of Amazon layoffs:

“This, combined with its rebranding or closure of all Amazon Fresh stores, clearly indicates that Amazon is in deep financial trouble.

“Bezos did say that Amazon would fail some day, but I didn’t expect the company to fall apart this quickly.”

Updates on Hungary’s FaceKom and “Beneficial Ownership”

Masha Borak of Biometric Update is writing about FaceKom again.

I discussed Borak’s previous article on FaceKom, which noted the alleged ties between FaceKom and the Hungarian government. The whole thing is a classic example of BENEFICIAL ownership, in which someone who is not the legal owner of a company may still benefit from it.

Borak returned to the theme in the current post:

“FaceKom, the identity verification company used by the Hungarian national digital identity program, has been acquired by major local IT and telecom group, 4iG Informatikai (4iG IT). The deal is now attracting attention among media outlets and political watchers due to the companies’ relationship with Prime Minister Viktor Orbán….

“Recent 4iG’s purchases, however, have been raising questions over the company’s reported links to the Hungarian government, which has been accused by critics of enriching political allies, family, and loyalists through state resources and public contracts.”

The details are in Borak’s post, including:

“4iG chairman and majority investor Gellért Jászai is known for his ties to Orbán and was invited as part of his entourage to Donald Trump’s Mar-a-Lago resort after the 2024 U.S. presidential election.”

“[FaceKom’s] previous owner is Equilor Fund Management, owned by the Central European Opportunity Private Equity Fund (CEOM)….While CEOM has no direct links with Orbán, local media investigations have discovered links with companies owned by the Prime Minister’s son-in-law, István Tiborcz.”

Mere links do not necessarily indicate illegal activity, and Hungarian law may differ from laws in other countries, but FaceKom is being watched.

Three Takeaways From Carey Ransom’s Presentation on Banking Technology

Another SoCal Tech Forum presentation on Saturday, this one on banking technology from Carey Ransom of BankTech Ventures.

Only a small reference to financial identity, but excellent nonetheless. While I live-posted the event here on my personal LinkedIn account, I wanted to summarize my three main takeaways from Bredemarket’s perspective.

One: Differentiate

Yes, community banks need to differentiate. Perhaps back in the 1980s before the advent of national banks, community banks could offer a standard suite of services for their communities. But now they’re competing against national banks that do business in their prospects’ communities, and in their prospects’ phones. (We will get to phones in a minute.)

One example Ransom gave: why do community banks offer credit cards? Are their credit cards better than the credit cards from the Really Big (Banking) Bunch? Probably not.

But unlike the Capital Ones and Chimes of the world, community banks know their communities. And they know what local businesses need, and are ideally suited to deliver this. (We will get to services in two minutes.)

Yes, I know that Bank of America may have someone attending and sponsoring your local events, but that person is not Brian Moynihan. And if you don’t know who Moynihan is, your prospects don’t know him either.

Two: Mobilize

Some time ago I wrote a post about shifts in the banking industry, most notably from imposing branch buildings to locations within grocery stores to your mobile phones.

But John, you may be saying to yourself, you can’t bank on a phone. How do you deposit checks? And how do you get cash?

Well, let’s look at this:

Bredemarket hasn’t received a check in over three years, but when one of my clients was paying me by check, I would use my phone to take a picture of it and deposit it.
And as for cash, this is needed less and less, especially since many merchants take Apple Pay and Google Pay.

In fact, bank branches are so irrelevant to today’s—and tomorrow’s—bank prospects and customers that Ransom referred to a $3 million dollar bank branch as a really expensive billboard. Probably none of the people who are reading this post WANT to go into a bank branch.

And those that do? Here’s a little secret: if the average age of the people who bank at your bank is in their 70s, they will…um…not be long-term bank customers. The 18 year olds that will bank for decades? They’re opening accounts on their phones. Can they use a phone to open an account at your bank? And why would they do so? (See the differentiation discussion above.)

Three: Supplement

One way a bank can differentiate is via the services they offer.

At the most basic level, a bank can make money by loaning the funds they receive from deposits.

But they can offer many more services to 21st century clients, thanks to legislation such as the Gramm-Leach-Billey Act that allow financial holding companies to own financial or complementary firms.

And not just investments and wealth management.

Ransom provided an illustrative example: cybersecurity.

Banks need to have expertise in cybersecurity to stay alive, and to comply with Know Your Customer and other financial regulations.

So why not offer cybersecurity services to their customers?

This not only gives the banks another revenue stream, but also reduces the risk that their own customers will experience fraud from hacks.

Four: Market

I know I said there were three takeaways. I lied.

Ransom also noted that CapitalOne spends 20% on marketing, including everything from TV ads to cafes. Your typical community bank spends much less, maybe 1%.

How are your prospects going to know what differentiates your bank if they don’t have awareness of those differentiators?

Perhaps you need content such as case studies or white papers. Even blog posts help ensure that your firm comes up in LLM answers. Your prospects aren’t watching ABC, CBS, or NBC commercials.

Or perhaps you need proposal or analysis services.

Bredemarket, a provider of content, proposal, and analysis services to technology (and identity) firms, can work with you to create the words you need. Learn about my offerings and book a free meeting here.

Stop losing prospects! Use Bredemarket content for tech marketers

Upcoming SoCal Tech Forum Presentations at FoundrSpace Rancho Cucamonga

During Saturday’s monthly meetup, the SoCal Tech Forum displayed a list of upcoming events.

January 3rd’s “Fraud Detection in FinTech” presentation looks promising.

Details here.

And on Monday I will have more to say on the meeting I attended yesterday.

Bredemarket Identity Assurance Level 3 (IAL3) Posts Over the Years

I’m preparing to promote four of my Identity Assurance Level 3 (IAL3) Bredemarket blog posts on my social media channels. You know, the posts that discuss in-person and remote supervised identity proofing. But I said to myself, “Self, why not re-promote them on the blog also?”

12/3/2020 IAL3 post

From the Bredemarket blog, December 2020:

“The U.S. National Institute of Standards and Technology has defined ‘identity assurance levels’ (IALs) that can be used when dealing with digital identities. It’s helpful to review how NIST has defined the IALs.”

“Identity assurance levels (IALs) and digital identity”: https://bredemarket.com/2020/12/03/identity-assurance-levels-ials-and-digital-identity/

7/19/2023 IAL3 post

From the Bredemarket blog, July 2023:

“If we ignore IAL1 and concentrate on IAL2 and IAL3, we can see one difference between the two. IAL2 allows remote, unsupervised identity proofing, while IAL3 requires (in practice) that any remote identity proofing is supervised.”

“The Difference Between Identity Assurance Levels 2 and 3”: https://bredemarket.com/2023/07/19/ial2-vs-ial3/

8/11/2025 IAL3 post

From the Bredemarket blog, August 2025:

“I’ve talked about Identity Assurance Levels 1, 2, and 3 on several occasions…..But as usually happens, IAL2 is yesterday’s news. Because biometric tech always gets harder better faster stronger.”

“Identity Assurance Level 3 (IAL3): When Identity Assurance Level 2 (IAL2) Isn’t Good Enough”: https://bredemarket.com/2025/08/11/ial3-when-ial2-isnt-good-enough/

9/17/2025 IAL3 post

From the Bredemarket blog, September 2025:

“Governments aren’t the only entities that need to definitively know identities in critically important situations.

“What about banks and other financial institutions, which are required by law to know their customers?

“Now the bank assumed a level of risk by [accepting a Bredemarket client check in a remote unsupervised manner] especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.

“But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check.

“What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do?

“It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers.”

“Unlocking High-Value Financial Transactions: The Critical Role of Identity Assurance Level 3 (IAL3)”: https://bredemarket.com/2025/09/17/financial-ial3/

Unlocking High-Value Financial Transactions: The Critical Role of Identity Assurance Level 3 (IAL3)

(Picture designed by Freepik.)

I’ve previously discussed the difference between Identity Assurance Level 2 (IAL2) and Identity Assurance Level 3 (IAL3). The key differentiator is that IAL3 requires either (1) in-person identity proofing or (2) remote supervised identity proofing.

Who and how to use IAL3

Who can provide remote supervised identity proofing?

“NextgenID Trusted Services Solution provides Supervised Remote Identity Proofing identity stations to collect, review, validate, proof, and package IAL-3 identity evidence and enrollment data for CSPs operating at IAL-3.”

And there are others who can provide the equivalent of IAL3, as we will see later.

How do you supervise a remote identity proofing session?

“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times.”

But that doesn’t matter with me now. What matters to me is WHEN we need remote identity proofing sessions.

Mitek Systems’ Adam Bacia provides one use case:

“IAL3 is reserved for high-risk environments such as sensitive government services.”

So that’s one use case.

But there is another.

When to use IAL3 for financial transactions

Governments aren’t the only entities that need to definitively know identities in critically important situations.

What about banks and other financial institutions, which are required by law to know their customers?

Now it’s one thing when one of my Bredemarket clients used to pay me by paper check. Rather than go to the bank and deposit it in person at a teller window (in person) or at an ATM (remote supervised), I would deposit the check with my smartphone app (remote unsupervised).

Now the bank assumed a level of risk by doing this, especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.

But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check. Actually, none of my clients has ever written me a million dollar check. (Perhaps I should raise my rates. It’s been a while. If I charge an hourly rate of $100,000, I will get those million dollar checks!)

So how do financial institutions implement the two types of IAL3?

In-person

Regarding IAL3 and banks, in-person transactions are supported in certain cases, even with the banks’ moves to close branches.

“If you need to initiate a funds transfer payment, an authorized signer for your account may also initiate funds (wire) transfers at any Chase branch.”

Note the use of the word “may.” However, if you don’t want to go to a branch to make a wire transfer, you have to set up an alternate method in advance.

Remote supervised

What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do? Every breath you take? And every move you make? Etcetera.

It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers. For example, Incode’s Developer Hub includes several references to a video conference capability.

To my knowledge, Incode has not publicly stated whether any of its financial identity customers are employing this video conference capability, but it’s certainly possible. And when done correctly, this can support the IAL3 specifications.

Why to use IAL3 for financial transactions

For high-risk transactions such as ones with high value and ones with particular countries, IAL3 protects both the financial institutions and their customers. It lessens the fraud risk and the possible harm to both parties.

Some customers may see IAL3 as an unnecessary bureaucratic hurdle…but they would feel differently if THEY were the ones getting ripped off.

This is why both financial institutions and identity verification vendors need to explain the benefits of IAL3 procedures for riskier transactions. And do it in such a way that the end customers DEMAND IAL3.

To create the content to influence customer perception, you need to answer the critically important questions, including why, how, and benefits. (There are others.)

And if your firm needs help creating that content, Underdog is here.

View this post on Instagram

A post shared by John Bredehoft (Bredemarket) (@bredemarket)

I mean Bredemarket is here.

Visit https://bredemarket.com/mark/ and schedule a time to talk to me—for free. I won’t remotely verify your identity during our videoconference, but I will help you plan the content your firm needs.

Who or What is Evaluating Your Proposal?

As I’ve said before, you should write a proposal that resonates with the people who read it. In marketing terms, you write for the key personas in your target audience.

But what if your target audience never reads your proposal?

Diella, Albanian Minister of Procurement

In Albania, it’s possible that no person will read it.

“A new minister in Albania charged to handle public procurement will be impervious to bribes, threats, or attempts to curry favour. That is because Diella, as she is called, is an AI-generated bot.

“Prime Minister Edi Rama, who is about to begin his fourth term, said on Thursday that Diella, which means “sun” in Albanian, will manage and award all public tenders in which the government contracts private companies for various projects.”

The intent is to stop corruption from “gangs seeking to launder their money from trafficking drugs and weapons.”

When people evaluate proposals

But how savvy is Diella?

Let me provide a proposal evaluation example that has nothing to do with corruption, but illustrates why AI must be robust.

A couple of years before I became a proposal writer, I was a Request for Proposals (RFP) writer…sort of. A Moss Adams consultant and I assembled an RFP that required respondents to answer Yes or No to a checklist of questions.

When the consultant and I received the proposals, we selected two finalists…neither of whom responded “Yes” to every question like some submissions.

We figured that the ones who said “Yes” were just trying to get the maximum points, whether they could do the work or not.

The two finalists gave some thought to the requirements and raised legitimate concerns.

Can Diella detect corruption?

Hopefully Diella is too smart to be fooled by such shenanigans. But how can she keep the gangs out of Albania’s government procurements?

Certainly on one level Diella can conduct a Know Your Business check to ensure a bidder isn’t owned by a gang leader. But as we’ve seen before in Hungary, the beneficial owner may not be the legal owner. Can Diella detect that?

Add to this the need to detect whether the entity can actually do what it says it will do. While I appreciate that the removal of humans prevents a shady procurement official from favoring an unqualified bidder, at the same time you end up relying on a bot to evaluate the bidders’ claims to competency.

Of course this could all be a gimmick, and Diella will do nothing more than give the government the aura of scientific selection, while in reality the same procurement officers will do the same things, with the same results.

Let’s see what happens with the next few bids.

My Continuing (Positive) Experiences With Wildebeest Bank

(CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=245337.)

The names and identification numbers have been changed to protect my PII.

Early this morning, I received an email from my bank, Wildebeest Bank.

Your Wildebeest Bank debit card transaction was declined.

A transaction on your debit card ending in 1234 was declined.

So I went to my Wildebeest Bank app to see what company tried to charge to my card, and how much they tried to charge. But I found nothing.

Then I realized that my debit card does NOT end in 1234, but in 5678. I’ve had that debit card since…well, since May 2024, when “enron*publications us” fraudulently charged $8.28 to my card that DID end in 1234.

Wildebeest Bank cancelled that card immediately and issued a new one.

And no one tried to use that old card until today.

And Wildebeest Bank just laughed at the attempt, not even bothering to inform me of the details.

Oh Heck, I Look Like a Scammer

Scamicide recently talked about a “free piano scam” where the scammer gifts the victim a piano for free—if the victim pays delivery costs northwards of $600—in advance. Guess what never gets delivered?

The post goes on to say:

“A big indication that this is a scam is that the moving company asks for payment by Zelle or cryptocurrencies. No legitimate business asks for payment by Zelle or cryptocurrencies, but scammers often do because of the anonymity for these types of payments and the difficulty in tracing or reversing payments made in this manner.”

Well, Bredemarket doesn’t REQUIRE Zelle…but I take it. (No crypto.)