By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
DenyAccept

Why ID companies are adopting biometric-bound credentials [Video + Takeaways]

Published
March 12, 2025
Table of content
This is also a heading
This is a heading

Also on Spotify and Apple Podcasts.

This session, featuring Paul Kenny (VP of Customer Success EMEA and APAC at Daon) and Pedro Torres (CEO of Youverse), took a deep dive into why identity companies are embracing verifiable credentials, how biometric-bound credentials address major security and privacy gaps, and what these technologies mean for users and the future of digital identity.

In this blog, we’ve distilled the key insights and takeaways from the conversation—covering real-world use cases, common misconceptions, and the evolving role of verifiable and biometric-bound credentials in identity verification.

Pain Points Verifiable Credentials Address

  • Reducing reliance on physical documents:
    • High friction and poor security in physical document-based onboarding.
  • Enabling Reusable ID:
  • Linking attributes to identity:
    • Beyond just proving identity—attaching additional verified data.
  • Enabling consent and data control:
    • Empower users to share only specific data for specific purposes.
  • Addressing privacy legislation needs:
    • Compliance with data-sharing restrictions.

Impact on Identity Verification Business Models

  • Disruption of traditional KYC models:
    • Current models charge per verification, often repeated unnecessarily.
    • VCs enable interoperable reusable credentials.
  • Shift towards value-added services:
    • Companies that adapt can leverage VCs as tools for broader identity verification ecosystems.
    • For companies offering multi-layered identity continuity, VCs are another valuable tool.
  • Necessity to adapt or risk obsolescence:
    • Like "Kodak with digital photography"—companies ignoring this shift risk disappearing.

User and Business Benefits of VCs

  • For users:
    • Lower friction and bureaucracy.
    • More control and consent over personal data.
    • Better privacy and security.
  • For businesses:
    • Improved onboarding speed and compliance.
    • Reduction in manual processes and verification costs.
  • Future ecosystem value:
    • Innovation catalyst: new apps and services leveraging VCs (e.g., combined credentials for renting a car, financial history for loan apps).
    • Streamlined complex processes: integrating multiple credentials in automated flows.

Need for Biometric-Bound Credentials

  • Current risks in VCs:
    • Credentials can be used by anyone who gains access to them (e.g., stolen phones).
  • Why biometrics are needed:
    • Ensure that only the rightful person can use a credential.
    • Mirror the function of a photo ID in physical credentials.
  • Problems solved by biometric binding:
    • Preventing credential misuse if stolen.
    • Ensuring credential issuance is properly bound to the right person.
  • Biometric binding process:
    • During issuance and verification, match the user's biometric data to the credential.
    • Go beyond relying on mobile device biometrics (e.g., FaceID) that are not tied to the credential itself.

Challenges and Privacy Concerns in Biometric Binding

  • Wallet compromise risks:
    • Need to assume wallets may be compromised; biometrics add a safety layer.
  • Clarification on privacy:
    • Not embedding biometrics directly into credentials—using hashes or encrypted representations.
  • Risks of over-centralization:
    • Avoid "naked biometrics" (centralized storage of facial data).
  • Layered approach to fraud prevention:
    • Combining biometrics, injection attack detection, and device intelligence.
  • Use case risk levels:
    • Apply biometric-bound checks based on transaction risk (e.g., high-value actions).

Industry Use Cases for Biometric-Bound Credentials

  • Age verification:
    • Critical for regulated sectors (e.g., alcohol, gambling, social media under 16 in Australia).
    • Preventing misuse by others (e.g., older person sharing "over 18" credential with a minor).
  • Government-issued identities:
    • Digital equivalents of passports, national IDs—must be biometrically bound for trust.
  • Banking and high-value transactions:
    • Reducing risk in large financial transactions or account openings.
  • Travel:
    • Seamless border crossing and boarding processes.

Integration and Migration to VCs

  • Challenge of legacy systems:
    • Existing apps and systems aren't VC-ready.
  • Phased approach required:
    • Systems must accommodate:
      • Physical documents.
      • National eID schemes.
      • Fully decentralized wallets.
  • Ongoing complexity:
    • Global variation will prevent "one size fits all."
  • Necessity of orchestration platforms:
    • Tools like Daon’s TrustX to manage identity journeys flexibly.
  • Hybrid ecosystems:
    • Legacy and modern systems must coexist for a time.

Final Thoughts

  • Urgency to act:
    • Companies delaying VC adoption risk losing relevance.
  • Ecosystem growth:
    • Emerging opportunities for new apps, services, and business models.
  • Biometric-bound credentials as critical:
    • Ensure secure, private, and trustworthy identity use cases.
  • Privacy and usability balance:
    • Systems must be user-friendly while protecting sensitive information.

Create your first Verifiable Credential today

Truvera enables IDV providers and IAM systems to verify the same person across multiple businesses or siloed systems. It enables them to easily confirm that a user has been verified before, create a consistent view of that user’s identity and significantly reduce onboarding friction.

Sign up for free
Talk to sales

Ready to get started?

Sign up to TruveraContact us

Company

Truvera Platform

Developers

Industries

Resources

Copyright © 2024 Dock Labs AG