The State of Identity - December 20, 2024
In case you missed it, here’s a recap of some exciting news and developments this week impacting identity and fraud, cybersecurity, trust and safety, financial crimes compliance, and privacy and consent management.
🪄Innovation and New Technology Developments
Switzerland Unveils Plans for Privacy-Focused National E-ID 'Swiyu,' Launching in 2026
Switzerland is set to implement a national electronic ID, Swiyu, prioritizing privacy and security. The rollout will occur in two stages, starting with a secure trust infrastructure using EU technology, with testing planned for early 2025. The second stage will enhance privacy, ensuring e-IDs remain untraceable. The government has allocated 1 million Swiss francs for research and is seeking collaboration. Public consultations earlier this year highlighted the importance of stringent privacy and international compatibility, with the e-ID expected to launch in 2026 using OpenID Federation or a Swiss trust protocol. (Source)
Cyprus Launches Digital Citizen App for Secure Digital IDs and Official Document Storage
Cyprus has launched the Digital Citizen app, allowing citizens to store official documents like biometric ID cards and driving licenses in digital format for legal use. Featuring QR code scanning, this app is part of Cyprus’s digital transformation initiative. The IDMe.cy program enables identity verification and document signing, managed by JCC Payment Systems under the Ministry of Research, Innovation, and Digital Policy. Users must create a CY Login with two-factor authentication to access services, in line with the EU’s eIDAS 2.0 regulation, which requires a digital wallet by 2026. The government encourages organizations to accept digital IDs, with more information available on the Digital Citizen website. (Source)
DoorDash Strengthens Security with AI-Powered Identity Verification and Real-Time Checks
DoorDash is improving its identity verification process by implementing frequent re-verifications and advanced machine learning technology to confirm the identities of Dashers. Currently, over 150,000 Dashers undergo weekly selfie re-verifications, and real-time identity checks during deliveries enhance security. These measures have led to a doubling of monthly deactivations of inauthentic accounts, blocking over 4,600 attempts by previously deactivated Dashers each week. DoorDash's machine learning models identify suspicious accounts, prompting re-verification and human review for failed attempts, aiming to enhance fairness, customer trust, and safeguards against fraud. (Source)
Puerto Rico Leads U.S. in Mobile Driver’s License Adoption with TSA Integration at SJU Airport
Puerto Rico is at the forefront of mobile driver’s license (mDL) adoption, launching its virtual license through the CESCO app in 2020. In partnership with the TSA, passengers at Luis Muñoz Marín International Airport (SJU) can now use mDLs stored in Apple Wallet for identity verification at security checkpoints, ensuring minimal data sharing and requiring user authorization. While a physical ID is still necessary, mDLs are becoming more accepted, with SJU among 27 U.S. airports implementing them. By the end of 2025, over half of U.S. states are expected to adopt mDLs, indicating a shift toward full adoption in the coming years. (Source)
Lissi Advances in Competition to Develop Germany's EU Digital Identity Wallet Prototype
Lissi GmbH has reached the final phase of Germany's competition to develop a prototype for the European Union Digital Identity (EUDI) Wallet. Organized by the Federal Agency for Leap Innovation (SPRIND), competitors include both state-funded and non-funded companies, such as Samsung and Google. Lissi's focus is on the EUDI-Wallet Connector, which facilitates interaction with the German EUDI-Wallet for issuing and verifying digital credentials in sectors like banking and public administration. During the competition's second stage, Lissi tested use cases with the Potential consortium and established partnerships with municipal authorities and banks. The German government plans to gradually roll out the digital wallet by 2027, starting with identification and digital document signing using qualified electronic signatures (QES). (Source)
💰 Investments and Partnerships
Bureau Secures $30M to Revolutionize Global Fraud Prevention with AI-Powered Solutions
Bureau has raised $30 million in a Series B funding round led by Sorenson Capital, with participation from PayPal Ventures and others. This funding will aid Bureau's product innovation and expansion as global fraud losses rise to $486 billion annually. Bureau tackles advanced cyber fraud such as money mule accounts and deepfake identities using proprietary Graph Neural Networks and integrates device intelligence, behavioral AI, and predictive modeling for real-time fraud prevention. With over half a billion identities mapped, it provides risk intelligence while ensuring privacy. The funding will enhance Bureau's focus on Asia and other global markets. (Source)
LexisNexis Acquires IDVerse to Strengthen AI-Driven Fraud Prevention and Digital Identity Verification
LexisNexis Risk Solutions has announced its acquisition of IDVerse, an AI-powered provider of document authentication and fraud detection solutions, aimed at enhancing digital identity verification. Founded in Australia, IDVerse uses neural network technology to verify over 16,000 types of identity documents and employs biometric algorithms for identity verification and liveness checks. This acquisition will integrate IDVerse’s solutions with LexisNexis’ platform to strengthen defenses against fraud and promote financial inclusion. Expected to close in early 2025, it highlights the role of AI in tackling advanced fraud tactics while ensuring customer experience and compliance. (Source)
U.S. Firm AE Industrial Partners Acquires Israeli Spyware Maker Paragon in a Deal Valued Up to $900 Million
Israeli spyware maker Paragon was acquired by U.S. private equity firm AE Industrial Partners for $500 million, potentially reaching $900 million with future growth, according to reports. The $450 million upfront payment is divided among Paragon's employees, co-founders, and investors Battery Ventures and Red Dot. Founded by former Israeli intelligence officers, Paragon's spyware product Graphite competes with NSO Group's Pegasus. The company has faced scrutiny, including a $2 million contract with U.S. Immigration and Customs Enforcement to ensure safeguards against misuse. This acquisition reflects a trend of Western investments in Israeli spyware firms. Paragon's stakeholders have largely declined to comment on the deal. (Source)
BlackBerry Sells Cylance to Arctic Wolf for $160M in Cash and Shares to Streamline Operations and Boost Cybersecurity Offerings
BlackBerry has agreed to sell its Cylance endpoint security business to Arctic Wolf for $160 million, with $80 million paid at closing and the rest a year later, plus about 5.5 million Arctic Wolf shares. CEO John Giammatteo described the deal as a "win-win," allowing BlackBerry to continue reselling Cylance products while alleviating financial pressures due to Cylance’s declining market share and a $51 million loss last fiscal year. Arctic Wolf plans to integrate Cylance’s AI-powered security into its platform, marking its sixth acquisition and reinforcing its growth in cybersecurity. Following the announcement, BlackBerry’s stock rose nearly 16%. (Source)
SoftBank Pledges $100 Billion U.S. Investment in AI and Emerging Tech, Aiming to Create 100,000 Jobs
SoftBank Group Corp. CEO Masayoshi Son and President-elect Donald Trump announced a $100 billion investment in U.S. projects over the next four years, focusing on artificial intelligence and emerging technologies. This initiative aims to create 100,000 jobs by the end of Trump's presidency in 2029. During the announcement at Mar-a-Lago, Trump urged Son to consider raising the commitment to $200 billion. While SoftBank has $30 billion in cash, it remains unclear how the funding will be secured, especially after setbacks from its Vision Fund. Son’s focus on AI and technology aligns with the investment pledge, which serves as a boost for Trump’s economic growth agenda, but it raises concerns about follow-through on such large commitments. (Source)
Flare Secures $30M Series B to Drive Innovation in Threat Exposure Management and Cybersecurity Intelligence
Flare , a leader in Threat Exposure Management (TEM), raised $30 million in Series B funding led by Base10 Partners, joined by Inovia Capital, White Star Capital, and Fonds de solidarité FTQ. The company has seen triple-digit growth in 2023 and 2024, aiming to expand in North America and Europe. Flare’s platform offers actionable threat intelligence, helping security teams address evolving threats. The funding will enhance Flare’s innovation in generative AI and data science, particularly its Threat Flow module, which provides highly accurate dark web activity reports. This investment strengthens Flare’s position in cybersecurity intelligence, equipping organizations to combat cybercrime more effectively. (Source)
⚖️ Policy and Regulatory
Indian Leader Modi Meets Sri Lankan Counterpart for Agreement on DPI Roll Out
India's Prime Minister Narendra Modi and Sri Lanka's President Anura Kumara Dissanayake met in New Delhi to enhance Sri Lanka's digital public infrastructure. They agreed to accelerate the Sri Lanka Unique Digital Identity (SLUDI) project and extend India's Unified Payments Interface (UPI) for digital transactions. Both leaders committed to sharing insights from India's digital platforms like Aadhaar and GeM, and also planned to introduce DigiLocker in Sri Lanka, while discussing digital taxation systems. This meeting followed Sri Lanka's focus on digital ID rollout and its digitization efforts during the COVID-19 pandemic. (Source)
Nebraska Sues Change Healthcare Over Security Failings that Led to Medical Data Breach of Over 100 Million Americans
Nebraska has sued Change Healthcare over a major data breach affecting the health information of over 100 million Americans. The attorney general claims that inadequate security measures, including a lack of multi-factor authentication, allowed hackers to access systems, steal data, and create privileged accounts. The breach went undetected for over nine days, with hackers installing malware and exfiltrating large amounts of data. Nebraska also accuses Change Healthcare of delaying notification to affected individuals, including at least 575,000 Nebraskans, increasing their risk. (Source)
New Zealand Releases Biometrics Code for Public Consultation
New Zealand plans to issue a Biometrics Code in 2025 and has released a 124-page draft for public consultation. The proposed Code aims to fill regulatory gaps by establishing requirements such as proportionality tests, privacy safeguards, and restrictions on intrusive biometrics use. It mandates transparency, clear notification, and fair use limits to assure public confidence. The initiative aligns with other digital identity frameworks and remains open to feedback until March 2025. (Source)
Bugs in a Major McDonald’s India Delivery System Exposed Sensitive Customer Data
A security researcher found several vulnerabilities in McDonald’s India (West & South) delivery system APIs, which exposed personal information of customers and drivers, including names, emails, phone numbers, and locations. Although McDonald's claimed no data was compromised, they acknowledged and addressed the issues by late September. This follows a similar incident in 2017 that compromised data of around 2.2 million customers. (Source)
TTUHSC Ransomware Attack Exposes Data of 1.4 Million Patients, Leaked by Interlock Group
The Texas Tech University Health Sciences Center and its El Paso counterpart experienced a ransomware attack in September 2024, affecting 1.4 million patients. The breach, occurring between September 17 and 29, exposed sensitive information such as names, Social Security numbers, medical records, and financial details. The Interlock ransomware group claimed responsibility, leaking 2.1 million files (2.6 TB) on the dark web. Affected individuals are being notified and offered free credit monitoring, with warnings to stay alert against phishing. Interlock targets FreeBSD and Windows servers, demanding substantial ransoms. (Source)
Irish DPC Fines Meta €251M for Mishandling 2018 Facebook Data Breach Affecting 50M Users
Meta Platforms has been fined €251 million by the Irish Data Protection Commission for mishandling a 2018 data breach that affected over 50 million Facebook accounts, including 3 million in the EU. The breach exposed sensitive data due to the exploitation of user tokens. The DPC cited failures in breach notification, documentation of actions, privacy-by-design principles, and data processing limitations. Meta plans to appeal the fines. (Source)
UAE Establishes General Secretariat to Strengthen Anti-Money Laundering and Financial Crime Combat Efforts
The UAE has established the General Secretariat of the National Anti-Money Laundering and Combatting Financing of Terrorism and Illegal Organisations Committee (NAMLCFTC), replacing the previous Executive Office. This new body will coordinate compliance efforts among authorities and the private sector as part of the UAE National Strategy for AML/CFT/CFP 2024–2027, aligning with FATF standards. Its duties include overseeing money laundering risk assessments, monitoring financial threats, and building global partnerships against financial crimes. Secretary-General Hamid Saif AlZaabi highlighted this initiative as part of the UAE’s commitment to economic protection and its Economic Vision 2031, aiming to position the country as a leader in combating financial crimes and enhancing stability. (Source)
Irish Media Regulator Puts Meta Under Watch for Failing to Prevent Terrorist Content on Facebook
Ireland’s media regulator, Coimisiún na Meán, is monitoring Meta for failing to sufficiently prevent the spread of terrorist content on Facebook. This comes after similar actions against Meta’s Instagram, TikTok, and X under the EU’s Terrorist Content Online Regulation, which requires removal of such content within one hour and can impose penalties of up to 4% of global annual turnover for non-compliance. The regulator's decision is based on Meta's history of final removal orders over the past year. Meta claims it removed over 99% of this content proactively last quarter. (Source)
🔗 More from Liminal
Access the Market & Buyer's Guide for Third-Party Risk Management in Link for insights to strengthen compliance and tackle emerging risks as the TPRM market nears $19.9 billion by 2030.
We’re thrilled to share the 2024 Digital Identity Landscape, the leading framework trusted by business leaders and industry experts globally.
Our award-winning Link™ platform empowers you to monitor trends, access benchmark research reports, explore use cases, and more.
Interested in attending? Request an invite to our 4th annual exclusive CEO event, which will be held in Laguna Beach, California.