AI, DISCOVERY, PRODUCT MANAGEMENT, PRODUCT STRATEGY
Why product discovery matters more than ever in AI-accelerated teams
TLDR;
Secure, user-centric customer identity verification in Australia is evolving for the better, with two federated identity exchange systems enabling people to verify their identity once and reuse that verification across services, rather than with each new provider. This reduces the risk that encumbent document upload methods present, and provides an easier, faster experience for end-users, assisting with higher conversion rates and lower implementation costs.
For product and service providers with AML/KYC and other ID verification needs, federated identity exchange creates the opportunity to design a more secure, private and lower-friction experience.
ConnectID enables users verify their identity in another product by choosing a participating identity provider, such as their bank, authenticating with that provider, consenting to share selected information, and then returning to the business to complete the transaction.
ConnectID is supported by most Australian banks and managed by Australian Payments Plus and available for Australian businesses and institutions for age and identity verification now, with payments integration and private-sector document signing in development. Proof of identity verification is only shared with organisations that have been approved to join the ConnectID network.
The Australian Government Digital ID System (AGDIS) myID is open to government entities now and private-sector entities from December 2026. Users need to create their government digital ID first, which offers three levels of identity strength, each requiring different levels of documentation.
Why the document upload model carries risk
The widely used “take a photo of your ID” method is a poor user experience that negatively affects conversion rates and creates real risk on both sides. This method often does not meet KYC or AML regulations anyway, as it does not guarantee the documents are real, valid, or that they belong to the person who is uploading them.
Risks for users
- ■A single onboarding leaves a copy of a passport or licence on the systems of the relying party and one or more verification services. Customers have limited visibility into where those copies are held or for how long
- ■A breach at any one vendor can expose identity data the customer has shared across multiple services, and overall personal risk grows with each additional document upload
- ■Revocation is limited – once an image of a document has been shared, a customer generally cannot retrieve copies already retained by third parties
- ■Stolen document images can be used in identity fraud, including synthetic identity fraud
Risks for businesses
- ■Holding identity documents creates regulatory, security and breach exposure that scales with the volume held. The Privacy Act, sector regulations and AML/CTF obligations all matter here
- ■Forgery and synthetic document risk is high – AI-generated documents and document tampering are increasingly difficult to detect through image-based checks alone
- ■Document upload is often a major onboarding friction point: lower conversion on onboarding sites
- ■OCR misreads, lighting problems, glare and name-matching issues with document upload generate manual work
- ■Identity data breaches damage trust and attract regulatory attention and reputational exposure
Why federated identity verification is better
Moving identity verification to a reusable, broker-mediated method addresses many of these risks at once. A more well-validated identity verification from official sources is reused, without the user having to upload documents. Each new service receives only the attributes it needs, and the risks of document handling are removed.
Benefits for users
- ■Faster sign-up: verification can often complete in seconds rather than minutes, with no document photography required
- ■Less data shared – only the attributes the service actually needs are released, not a full copy of an identity document
- ■The same verified identity can be reused across many services, which reduces friction and reduces the number of places that hold the customer’s data
- ■Clear consent – each release of attributes is preceded by a consent step that names the requesting party and lists the attributes being shared
- ■Stronger regulated privacy – the systems are designed to minimise unnecessary sharing and separate roles between providers
- ■Accessibility and inclusive design – these solutions are developed for scale and ensure compliance with government digital accessibility guidelines
Benefits for businesses
For organisations integrating these systems, benefits sit across compliance, security, customer experience and operating cost.
- ■Reduced data liability – the relying party does not collect or store identity documents, which reduces breach exposure, retention obligations and future regulatory compliance work
- ■Better verification confidence – both systems anchor in stronger evidence than a single document upload
- ■Lower fraud risk – reusable verification can reduce exposure to synthetic identity attacks compared with image-based document checks
- ■Inclusion and accessibility improved: outsourced to official organisations rather than each company rolling their own
- ■Higher conversion rates as customers can complete onboarding more easily using a familiar and trusted workflow
- ■Risk-tiered onboarding – defined and reusable assurance levels that can be matched to actual product risk rather than applying the same heavy step to every customer or product
Implications for fintech
Fintech onboarding stands to benefit most directly because the gap between current friction and possible friction is large.
- ■Verification can often sit at a moderate assurance level for many consumer products
- ■Higher-risk products will continue to need step-up checks in some cases
- ■Storage of identity documents and the associated risk is removed
Implications for human services
Human services onboarding has a different shape, focused on access and equity rather than commercial conversion.
- ■Accessibility and inclusion is outsourced to the service providers
- ■myID is generally a stronger fit than ConnectID for some human services because it is government-anchored
- ■Channel parity should include assisted digital, phone and in-person verification
UX, security & privacy principles
These solutions both meet onboarding best practice principles:
- 1.Collect only what the service needs
- 2.Make the chooser screen a clear decision
- 3.Design the consent moment carefully
- 4.Plan for failure paths
- 5.Separate authentication from authorisation
Summary
Identity verification is moving from a step a service performs to a service it consumes. The benefit for users is a faster, more private and more secure experience, and the benefit for businesses is reduced data liability, lower fraud risk, higher completion rates, and a more flexible match between verification rigour and product risk.
Both the Australian Government Digital ID System and ConnectID are available now, offering a secure, accessible, high-converting solution for identity verification with lower cost, complexity and effort for integration.
