Privacy-focused productivity tool company Proton released a new authenticator app today, allowing users to log in to services using dynamically generated two-factor authentication codes. The free app is available on all platforms starting today, including iOS, Android, Windows, macOS, and Linux. The app allows users to sync codes and accounts across devices. The company said that just like its other products, Proton Authenticator is open source and uses end-to-end encryption to protect user data. Users can easily import login codes from other authentication apps. Plus, the app automatically backs up codes and also works without any internet connection. “Two-factor authentication is essential for everyone – not just those who care about their privacy. Proton Authenticator is built for anyone who wants a secure, transparent, and convenient way to protect their accounts,” Eamonn Maguire, head of Account Security at Proton, said. “We believe strong security should never come at the cost of your convenience or privacy. That’s why we’ve developed Proton Authenticator: to give users peace of mind that their 2FA codes are available wherever they need them, without relying on Google or Microsoft. We’re putting users firmly in control not only over their data, but the way they access their online accounts,” he added.
Handwave’s tech uses a combination of surface palm imaging and near-infrared vein mapping to enable secure, frictionless authentication of payments, age verification and loyalty programs “with one wave of a hand” and without the need for devices, apps or wallets
Handwave has raised $4.2 million in a seed round to launch its palm-based authentication method across Europe and the United States. The company’s technology enables payments, age verification and loyalty programs to be done “with one wave of a hand.” “Using a combination of surface palm imaging and near-infrared vein mapping, Handwave creates an encrypted biometric template that never leaves your control,” Handwave said. “The result? Secure, frictionless authentication with a single gesture — no devices, apps or wallets required.” Handwave said palm biometrics provides users with greater control than facial recognition and greater security than face scans or fingerprints. While facial recognition can be triggered passively, palm biometrics requires users to extend their hand and confirm the action. Plus, the palm’s “unique network of veins, geometry and motion” is difficult to replicate and can be verified with liveness detection. The early-stage venture capital firm focused on Baltic founders said Handwave’s biometric payments and identification platform “is redefining how we pay and prove who we are — with just a palm.” “The idea that you can securely pay or verify your identity with nothing but your palm—without even taking out a phone—is not just futuristic, it’s imminently practical,” Practica Capital Partner Arvydas Bloze said.
Key for banks to offer scalable and easy onboarding for SMBs are- automated data and document workflows with configurable KYC/KYB “decision waterfalls,” digital signatures, adaptive due diligence with dynamic checklists and API-driven verification
Businesses value local connections and bespoke advice from traditional financial institutions, but busy proprietors really want easy, scalable onboarding. FOUR CAPABILITIES THAT ACTUALLY SCALE ONBOARDING 1. Automated data and document workflows Replace email chains and paper packets with configurable KYC/KYB “decision waterfalls,” digital signatures, timestamped audit logs and structured exception handling. Automation shortens cycle time and creates an auditable trail for compliance teams. 2. Adaptive due diligence SMB onboarding is not one-size-fits-all. Requirements should expand or contract in real time based on entity type, ownership structure, geography, or risk flags. Dynamic checklists prevent over-collecting (and frustrating low-risk sole proprietors) while ensuring thoroughness for complex entities. 3. API-driven verification Rather than mailing documents back and forth, tap public records, government registries, and best-in-class data providers to verify ownership, good standing, identity, and watchlists instantly. Done right, this lowers fraud and manual review without sacrificing accuracy. 4. Treat the branch as a strategic asset Empower staff to confidently onboard business accounts in-branch, while using digital tools to streamline workflows and turn both channels— online and in-branch—into profit centers.
YouTube is rolling out a new AI system that will determine whether users are 18 or not and to let users verify their age if it gets wrong by uploading a government ID, taking a verification selfie, or uploading a credit card
Youtube is rolling out a new AI system that will determine whether users are 18 or not, and it’s being put in place next week. One of the main reasons some users are heavily concerned about the new age verification system comes down to the method of determination. The content wall is still set at 18, but instead of self-reporting, users won’t have a say in how old Google’s AI model thinks they are. YouTube’s AI will likely be pretty good at guessing based on a few factors, but it’s not going to be 100% accurate. That’s where users are getting worried. If YouTube determines you’re under 18, whether that’s true or not, there will be a few changes made to the account. First, personalized ads will be turned off. This is likely one of the driving factors for the new system, as selling personalized ads for minors isn’t allowed in many regions. As most minors lie about their age on YouTube, the company could face legal trouble if it were found to be doing so. YouTube is going a step further past the legal protections, noting that digital wellbeing tool will be enabled by default. That includes “take a break” messages and bedtime reminders. The app will also warn users about privacy concerns when they comment or upload a video. Users could verify their age via other means if the AI model deemed them to be underage. That includes uploading a government ID, taking a verification selfie, or uploading a credit card. The latter option seems to be the least invasive, and most users are accustomed to linking their cards to just about any online service that asks. The former, however, are two very controversial options, and users with security concerns would like to avoid these options if possible. In reality, your options come down to letting the AI determine your age, and if it’s wrong, verifying via a method you deem acceptable. If those options aren’t reasonable to you, YouTube doesn’t seem to offer any other verification methods.
iDenfy’s API-based tool helps businesses instantly connect and verify company information such as registration details, legal status, entity type, tax ID and registered address across all 50 U.S. states using official Secretary of State records
iDenfy Secretary of State tool is the newest addition to the company’s KYB platform, offering automated access to official state records for verifying business registration and status. This new feature helps businesses instantly connect and verify company information across all 50 U.S. states using official Secretary of State records. The new API solution will strive to help high-risk companies, such as fintechs and banks, improve KYB onboarding accuracy and ensure compliance across different states. According to Domantas Ciulde, the CEO of iDenfy, streamlining access to SOS filings helps save time, as manually checking all these databases can be a hassle: “Our SOS lookup system connects to all U.S. SOS office portals and extracts relevant information about another company in seconds, which is vital for B2B partnerships and KYB compliance. Otherwise, analysts need to look up all portals manually, and it can be confusing, as some companies are registered in one state, while they actually operate in another location.” Currently, iDenfy’s SOS business search tool simplifies what has traditionally been a fragmented and time-consuming process. The system is able to automatically receive official data from the Secretary of State and compile a short but very detailed PDF report which summarizes the company’s registration details, legal status, entity type (such as LLC or Corporation), tax ID, registered address, and if any governing person or stakeholder is involved. iDenfy’s SOS tool also helps to identify potential threats such as inactive entities, missing or inconsistent registration data, and past bankruptcies. These red flags often signal shell companies and suspicious activity. By identifying these risks early, businesses can protect themselves from reputational damage or regulatory fines. Additionally, once a business’s legal data is pulled from the SOS database, it’s automatically cross-checked against other KYB criteria, including sanctions lists, adverse media, and tax ID verification directly from IRS records. For high-risk industries like crypto, this extra layer of security is essential in order to avoid bad actors from unclear companies.
Worldpay teams with Trulioo to integrate dynamic KYC and real-time risk monitoring, enabling secure agent-enabled transactions and protecting businesses in automated agentic commerce environments
Worldpay is partnering with Trulioo to introduce new safeguards for AI-powered agent-led commerce. At the core of this collaborative effort is the Know Your Agent (KYA) framework, powered by a Digital Agent Passport. This tamper-proof credential bundle will enable merchants to assess whether an AI agent is legitimate, authorized and acting with proper consent. The KYA framework will lay out structured guidelines for verification of the developer’s identity, code integrity, user consent and the ongoing trustworthiness of the agent in real time. Worldpay will empower merchants to leverage the KYA framework, enabling them to trust shopping agents by validating consumer intent and the authority granted to those agents. This innovation can help merchants grow sales while safeguarding against fraud and unauthorized purchases. The collaboration will help merchants and platforms unlock new experiences, from smarter checkout flows to real-time fraud detection, without sacrificing safety or visibility. Instead of blocking AI agents by default, the partnership will introduce smart controls where verified agents gain access, unknown agents encounter friction, and malicious bots are blocked. This approach will deliver measurable benefits across the entire ecosystem, including reduced fraud, smarter agent detection, and improved checkout conversion for merchants. Consumers will gain confidence that their AI assistants are acting with proper permission, while the broader commerce landscape will benefit from a shared, interoperable layer of trust that supports ongoing innovation and meets regulatory and evolving risk standards.
Banks lose 50% of applicants from complex onboarding and poor flow visibility; streamlined data capture, autofill tools, and device-switch support, raise account openings and portfolio growth
More than half of consumers who start a digital bank account application never finish it. One reason the problem persists is that many institutions lack visibility and control. They don’t know how many applications are started, where drop-offs occur, or which follow-up efforts are effective. Just as often, banks and credit unions don’t have the flexibility they need to effectively manage the information-capture sequence: what must be collected before the account is opened versus what can be deferred until after. Asking for too much, too soon — or “questionnaire creep” — can be a major source of friction — requiring applicants to complete more steps than necessary before account opening is completed. The instinct is understandable: In an effort to populate CRM systems or future-proof compliance needs, many institutions request nonessential information. The result is a longer, more cumbersome process at the very point when speed and simplicity matter most. In FICO study, nearly one-in-five respondents said they would drop out if asked five or more questions. Some steps in account opening must be completed up front — KYC, identity verification, and initial funding are required. Others, such as choosing overdraft protection or setting up companion accounts, can wait until after the account is active, when trust is higher and the customer is more likely to engage. By deferring these steps, some institutions have seen a significant increase in new accounts – upwards of up to 150% in new accounts. Giving institutions control over this sequencing allows them to front-load only what’s necessary and ultimately move applicants to completion faster. Prefill capabilities can also help streamline the experience, ensuring that every step of the workflow is as efficient as possible. Integrated scanning tools can extract and populate information directly from a driver’s license or phone number, while payment integrations can auto-fill fields using data the institution already holds. Each small efficiency matters, especially during funding. Requiring customers to verify microdeposits or complete multiple extra steps can derail momentum. To minimize friction, limit visible data entry to only what’s required and automate the rest through well-chosen integrations. Tools for identity verification, document scanning, and instant funding can eliminate redundant steps without compromising security. Unclear process flows are another culprit. Without clear visibility or a roadmap, applicants get discouraged early, especially when they’re asked for sensitive information without knowing what’s coming next. All of this compounds uncertainty. Awkward or inconsistent user interfaces can exacerbate the problem. Basic design issues — text that doesn’t wrap, buttons that don’t render properly, pages that require too much scrolling — signal to users that the institution is behind the times. And once a digital experience feels awkward, trust starts to erode. Device switching introduces another layer of friction. A user might begin the process on their phone and plan to finish later on a laptop. But if progress isn’t saved or the system can’t hand off seamlessly, they’ll have to start from scratch. In some cases, even reentering information triggers new validation errors. The customer might also wonder whether they will end up with two conflicting records in the system, leading to future errors. Some institutions may see this as a niche problem, but it can be a showstopper, especially when consumers perceive Amazon- or Apple-quality experiences as the norm. A well-executed application should offer true omnichannel support, allowing users to pause and resume across devices — or even pick up where they left off with a banker in the branch or call center. Progress saved at the field level prevents rework and confusion. When done right, these capabilities can support remarkable portfolio growth. Some institutions have reported 37% increases in loan portfolios and 35% increases in deposit portfolios since launching a more modernized application platform. The account opening workflow may span multiple platforms that weren’t built to work together. In some cases, the online application doesn’t connect to the institution’s core system in real time, requiring manual review or re-entry. Perhaps most surprising of all, many banks and credit unions simply lack visibility into where and why drop-offs occur. Without that data, continuous improvement is impossible.
Ping Identity launches Just-in-time Privileged Access in unified platform, enabling secure, passwordless, time-bound access with TPM-backed session protection across cloud and hybrid infrastructures
Ping Identity announced its new Just-in-time Privileged Access capabilities within the Ping Identity Platform, offering comprehensive capabilities across all three categories of identity: Access Management (AM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM). Using centralized identity controls in a single platform, this trifecta empowers customers with a more comprehensive suite of solutions to protect and manage their digital environments. These PAM capabilities enable more secure control over exploding cloud permissions by utilizing a Trusted Platform Module (TPM) to protect privileged sessions at the device-level, which can be both agentless and agent-based, depending on customer needs. With Ping’s privileged access offerings, customers benefit from: JIT Privileged Access: End-users can securely request and obtain time-bound access to cloud environments (AWS, GCP, Azure), as well as cloud or on-premises servers, databases, Kubernetes and other critical resources in a user-friendly portal, adhering to zero trust best practices. Passwordless Access: Authentication to all the resources (e.g. Server SSH, RDP, IAM) is handled in a passwordless manner, eliminating the need for static credentials (e.g. SSH Keys, RDP password). Ensured Compliance: Session recordings and audit logs for privileged access support compliance with regulations such as SOX, SOC2, GDPR, HIPAA, and PCI-DSS. Hybrid Infrastructure Support: JIT granular access to entitlements, roles and resources in AWS, Azure, GCP, and Kubernetes with context-aware policies and real time authorization.
Google Wallet adds support for eighth state ID: Montana; IDs can be read via NFC or by having the QR code scanned
Google Wallet for Android is now rolling out support for Montana state IDs. Open the Google Wallet app, tap the Add to Wallet FAB (floating action button) in the corner, and then Driver’s license or state ID. This reveals Montana as the eighth Google Wallet option. It joins Arizona, California, Colorado, Georgia, Iowa, Maryland, and New Mexico. In terms of card design, it’s “Montana” in the top-left with the Rocky Mountains and a mountain goat. Montana was first announced this April alongside Arkansas, Puerto Rico, and West Virginia. The set-up process involves taking photos of the front and back of your physical card, as well as a brief video of your face for verification that gets sent to the Montana MVD. It will take a few minutes (or longer) for it to be reviewed with a notification confirming once it’s available. You’ll also get an email confirmation from the agency. “Details” next to “Show code” lets you enable an “Activity history,” while “Driver’s License information” lists license number, date of expiry, address, and more. IDs can be read via NFC or by having the QR code scanned. It is accepted in some airports by the TSA. Officially, you still have to carry your ID card as the one on your phone “does not replace the requirement for individuals to carry a physical card.”
ALTA’s new title insurance endorsements set industry standards to combat forgery in property sales; offering long-term coverage to defend homeowners against costly seller impersonation and fraudulent document filings
The American Land Title Association (ALTA) has released two new title insurance policy endorsements aimed at protecting homeowners from seller impersonation fraud — in which criminals forge documents to sell property they do not own and keep the proceeds. The endorsements provide coverage for both new and existing homeowners, offering post-policy protection against forgery of a deed or mortgage. With the coverage, title insurers would cover legal costs needed to correct public records if fraudulent documents are filed against a property. Chris Morton, ALTA’s CEO. “These endorsements set the standards for forgery protection before and after closing, and build upon ALTA’s landmark Homeowner’s Policy of Title Insurance.” “EquityProtect supports the additional protections that are being introduced by the title industry,” said EquityProtect CEO Ryan Marshall. ALTA says the average title insurance fraud or forgery claim costs more than $143,000. In addition to the new endorsements, ALTA updated its Best Practices framework — recommending stronger identity verification in closings, additional training for staff, tighter controls over notary and signing agent selection and protocols for responding to suspected fraud. “These policy endorsements set a new bar for how to help consumers address these crimes,” said Elizabeth Blosser, ALTA’s chief strategy, communications and innovation officer. “If purchased, they should provide peace of mind to homeowners by offering long-term protection from a risk that is both real and increasing.”