Worldpay is partnering with Trulioo to introduce new safeguards for AI-powered agent-led commerce. At the core of this collaborative effort is the Know Your Agent (KYA) framework, powered by a Digital Agent Passport. This tamper-proof credential bundle will enable merchants to assess whether an AI agent is legitimate, authorized and acting with proper consent. The KYA framework will lay out structured guidelines for verification of the developer’s identity, code integrity, user consent and the ongoing trustworthiness of the agent in real time. Worldpay will empower merchants to leverage the KYA framework, enabling them to trust shopping agents by validating consumer intent and the authority granted to those agents. This innovation can help merchants grow sales while safeguarding against fraud and unauthorized purchases. The collaboration will help merchants and platforms unlock new experiences, from smarter checkout flows to real-time fraud detection, without sacrificing safety or visibility. Instead of blocking AI agents by default, the partnership will introduce smart controls where verified agents gain access, unknown agents encounter friction, and malicious bots are blocked. This approach will deliver measurable benefits across the entire ecosystem, including reduced fraud, smarter agent detection, and improved checkout conversion for merchants. Consumers will gain confidence that their AI assistants are acting with proper permission, while the broader commerce landscape will benefit from a shared, interoperable layer of trust that supports ongoing innovation and meets regulatory and evolving risk standards.
Banks lose 50% of applicants from complex onboarding and poor flow visibility; streamlined data capture, autofill tools, and device-switch support, raise account openings and portfolio growth
More than half of consumers who start a digital bank account application never finish it. One reason the problem persists is that many institutions lack visibility and control. They don’t know how many applications are started, where drop-offs occur, or which follow-up efforts are effective. Just as often, banks and credit unions don’t have the flexibility they need to effectively manage the information-capture sequence: what must be collected before the account is opened versus what can be deferred until after. Asking for too much, too soon — or “questionnaire creep” — can be a major source of friction — requiring applicants to complete more steps than necessary before account opening is completed. The instinct is understandable: In an effort to populate CRM systems or future-proof compliance needs, many institutions request nonessential information. The result is a longer, more cumbersome process at the very point when speed and simplicity matter most. In FICO study, nearly one-in-five respondents said they would drop out if asked five or more questions. Some steps in account opening must be completed up front — KYC, identity verification, and initial funding are required. Others, such as choosing overdraft protection or setting up companion accounts, can wait until after the account is active, when trust is higher and the customer is more likely to engage. By deferring these steps, some institutions have seen a significant increase in new accounts – upwards of up to 150% in new accounts. Giving institutions control over this sequencing allows them to front-load only what’s necessary and ultimately move applicants to completion faster. Prefill capabilities can also help streamline the experience, ensuring that every step of the workflow is as efficient as possible. Integrated scanning tools can extract and populate information directly from a driver’s license or phone number, while payment integrations can auto-fill fields using data the institution already holds. Each small efficiency matters, especially during funding. Requiring customers to verify microdeposits or complete multiple extra steps can derail momentum. To minimize friction, limit visible data entry to only what’s required and automate the rest through well-chosen integrations. Tools for identity verification, document scanning, and instant funding can eliminate redundant steps without compromising security. Unclear process flows are another culprit. Without clear visibility or a roadmap, applicants get discouraged early, especially when they’re asked for sensitive information without knowing what’s coming next. All of this compounds uncertainty. Awkward or inconsistent user interfaces can exacerbate the problem. Basic design issues — text that doesn’t wrap, buttons that don’t render properly, pages that require too much scrolling — signal to users that the institution is behind the times. And once a digital experience feels awkward, trust starts to erode. Device switching introduces another layer of friction. A user might begin the process on their phone and plan to finish later on a laptop. But if progress isn’t saved or the system can’t hand off seamlessly, they’ll have to start from scratch. In some cases, even reentering information triggers new validation errors. The customer might also wonder whether they will end up with two conflicting records in the system, leading to future errors. Some institutions may see this as a niche problem, but it can be a showstopper, especially when consumers perceive Amazon- or Apple-quality experiences as the norm. A well-executed application should offer true omnichannel support, allowing users to pause and resume across devices — or even pick up where they left off with a banker in the branch or call center. Progress saved at the field level prevents rework and confusion. When done right, these capabilities can support remarkable portfolio growth. Some institutions have reported 37% increases in loan portfolios and 35% increases in deposit portfolios since launching a more modernized application platform. The account opening workflow may span multiple platforms that weren’t built to work together. In some cases, the online application doesn’t connect to the institution’s core system in real time, requiring manual review or re-entry. Perhaps most surprising of all, many banks and credit unions simply lack visibility into where and why drop-offs occur. Without that data, continuous improvement is impossible.
Ping Identity launches Just-in-time Privileged Access in unified platform, enabling secure, passwordless, time-bound access with TPM-backed session protection across cloud and hybrid infrastructures
Ping Identity announced its new Just-in-time Privileged Access capabilities within the Ping Identity Platform, offering comprehensive capabilities across all three categories of identity: Access Management (AM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM). Using centralized identity controls in a single platform, this trifecta empowers customers with a more comprehensive suite of solutions to protect and manage their digital environments. These PAM capabilities enable more secure control over exploding cloud permissions by utilizing a Trusted Platform Module (TPM) to protect privileged sessions at the device-level, which can be both agentless and agent-based, depending on customer needs. With Ping’s privileged access offerings, customers benefit from: JIT Privileged Access: End-users can securely request and obtain time-bound access to cloud environments (AWS, GCP, Azure), as well as cloud or on-premises servers, databases, Kubernetes and other critical resources in a user-friendly portal, adhering to zero trust best practices. Passwordless Access: Authentication to all the resources (e.g. Server SSH, RDP, IAM) is handled in a passwordless manner, eliminating the need for static credentials (e.g. SSH Keys, RDP password). Ensured Compliance: Session recordings and audit logs for privileged access support compliance with regulations such as SOX, SOC2, GDPR, HIPAA, and PCI-DSS. Hybrid Infrastructure Support: JIT granular access to entitlements, roles and resources in AWS, Azure, GCP, and Kubernetes with context-aware policies and real time authorization.
Google Wallet adds support for eighth state ID: Montana; IDs can be read via NFC or by having the QR code scanned
Google Wallet for Android is now rolling out support for Montana state IDs. Open the Google Wallet app, tap the Add to Wallet FAB (floating action button) in the corner, and then Driver’s license or state ID. This reveals Montana as the eighth Google Wallet option. It joins Arizona, California, Colorado, Georgia, Iowa, Maryland, and New Mexico. In terms of card design, it’s “Montana” in the top-left with the Rocky Mountains and a mountain goat. Montana was first announced this April alongside Arkansas, Puerto Rico, and West Virginia. The set-up process involves taking photos of the front and back of your physical card, as well as a brief video of your face for verification that gets sent to the Montana MVD. It will take a few minutes (or longer) for it to be reviewed with a notification confirming once it’s available. You’ll also get an email confirmation from the agency. “Details” next to “Show code” lets you enable an “Activity history,” while “Driver’s License information” lists license number, date of expiry, address, and more. IDs can be read via NFC or by having the QR code scanned. It is accepted in some airports by the TSA. Officially, you still have to carry your ID card as the one on your phone “does not replace the requirement for individuals to carry a physical card.”
ALTA’s new title insurance endorsements set industry standards to combat forgery in property sales; offering long-term coverage to defend homeowners against costly seller impersonation and fraudulent document filings
The American Land Title Association (ALTA) has released two new title insurance policy endorsements aimed at protecting homeowners from seller impersonation fraud — in which criminals forge documents to sell property they do not own and keep the proceeds. The endorsements provide coverage for both new and existing homeowners, offering post-policy protection against forgery of a deed or mortgage. With the coverage, title insurers would cover legal costs needed to correct public records if fraudulent documents are filed against a property. Chris Morton, ALTA’s CEO. “These endorsements set the standards for forgery protection before and after closing, and build upon ALTA’s landmark Homeowner’s Policy of Title Insurance.” “EquityProtect supports the additional protections that are being introduced by the title industry,” said EquityProtect CEO Ryan Marshall. ALTA says the average title insurance fraud or forgery claim costs more than $143,000. In addition to the new endorsements, ALTA updated its Best Practices framework — recommending stronger identity verification in closings, additional training for staff, tighter controls over notary and signing agent selection and protocols for responding to suspected fraud. “These policy endorsements set a new bar for how to help consumers address these crimes,” said Elizabeth Blosser, ALTA’s chief strategy, communications and innovation officer. “If purchased, they should provide peace of mind to homeowners by offering long-term protection from a risk that is both real and increasing.”
Alanna.ai’s AI-driven digital signing capability supports title agents in meeting FinCEN’s updated AML reporting rule; reducing compliance burden with tailored e-forms and automated completion prompts.
The title agent-focused artificial Intelligence technology firm Alanna.ai has launched a digital signing capability to help title agents and companies comply with Financial Crimes Enforcement Network’s (FinCEN) new reporting requirements. The firm has made enhancements to its Smart Forms offering, which the company said will help users streamline the new data collection and reporting requirements needed to comply with FinCEN’s Anti-Money Laundering rule. The enhancements to Smart Forms, known as Alanna Sign, include a specialized form supporting the rule’s mandatory data-gathering process, which will be required of buyers and sellers. The specialized form will include automated reminders for form completion and completion of the digital signing process, according to Alanna.ai. Alanna.ai president and co-founder Hoyt Mann believes this tool will lessen the hassle many title professionals fear these new requirements create.
Microsoft launches an open‑source ZKP library that randomizes each credential presentation to ensure unlinkable, privacy‑preserving digital IDs
Microsoft has introduced Crescent, its cryptographic privacy library to address the growing privacy challenge posed by digital identities. Hidden identifiers in mobile driver’s licenses or JSON Web Tokens (a widely used app login authentication standard) can be exploited to compile detailed user profiles, even when only minimal data is shared, by linking separate activities together. Crescent is an open-source cryptographic library that integrates with existing identity formats without requiring issuers to change their infrastructure. It ensures that every presentation is randomized cryptographically so that no hidden data beyond what the user explicitly reveals can link one interaction to another, the company claims. “Zero-knowledge proofs are not as efficient as the cryptographic algorithms used in today’s credentials,” says the post. “Crescent addresses this computational challenge through preprocessing, performing the most complex calculations once in advance so that later proof generation is quick and efficient for mobile devices.” To make zero-knowledge proofs practical for mobile devices, Crescent splits proof generation into a one-time preparation stage and a fast per-presentation stage. The preparation stage computes reusable cryptographic values and stores them on the device; the presentation stage randomizes those values and produces a compact proof revealing only the necessary attributes. Crescent uses the Groth16 zero-knowledge SNARK system, which produces small proofs that can be verified quickly in a single step. Shared cryptographic parameters based on credential templates allow multiple issuers — for instance, different state motor vehicle departments — to interoperate as long as they adhere to compatible data formats and security standards.
Roblox restricts adult-minor contact by expanding selfie‑based facial age estimation to all users of voice and text chat, pairing it with ID checks and parental consent
Amid lawsuits alleging child safety concerns, online gaming service Roblox is expanding its age-estimation technology to all users and partnering with the International Age Rating Coalition (IARC) to provide age and content ratings for the games and apps on its platform. This involves scanning users’ selfies and analyzing facial features to estimate age. This age-estimation tech is combined with other systems, including ID age verification and verified parental consent, to provide a more accurate measure of a user’s age, Roblox says — especially when compared with simply having kids type in a birth year when they create an account. The company notes that it’s also planning to launch systems that will further limit communications between adults and minors on its platform. Meanwhile, the company’s partnership with IARC will see Roblox replacing its own content and maturity labels with those used by rating agencies worldwide. That means users in the U.S. will see ratings from the ESRB, while other countries will see those used by their own ratings authorities. Players in the Republic of Korea will see ratings from GRAC; players in Germany will see ratings from the USK; and players elsewhere in Europe and the United Kingdom will see ratings from the PEGI, for instance. This system is meant to help parents better understand what sort of games their kids are playing, based on factors that could raise concerns. Among its tools is Roblox Sentinel, an open source AI system designed to detect early signals of child endangerment. The company also offers parental controls, tools to restrict communications, and technology that detects when there are servers where a large number of users are breaking its rules, so it can take them down.
Strata Identity enables identity orchestration for AI agents providing identity guardrails and observability for AI agents without limiting identity provider (IDP) choice
Strata Identity has introduced a new product, Identity Orchestration for AI Agents. Built on Strata’s Maverics vendor-agnostic identity fabric and hybrid air-gap architecture, it provides identity guardrails and observability for AI agents without limiting identity provider (IDP) choice. Strata’s new product issues short-lived, scoped credentials at runtime; enforcing fine-grained, policy-as-code authorization, including human-in-the-loop approval for sensitive actions; and logging every agent decision and MCP-initiated API call for full auditability. Strata’s Maverics treats every AI agent as a first-class identity, governed by the same rigor as human users, to provide zero-trust governance for autonomous AI agents. This industry-first approach handles every agent action as a policy-enforced, observable, and auditable event in real time. Its identity-aware, MCP-native proxy enforces policy without requiring changes to existing apps or microservices. Key capabilities: Dynamic, runtime authentication for agents using delegated OAuth flows—supporting PKCE and SPIFFE/SVID to enable ephemeral, scoped trust without static credentials. Policy-driven, attribute- and context-aware authorization, through On-Behalf-Of (OBO) flows with optional human-in-the-loop verification to enforce step-up approvals for sensitive or high-risk actions. Just-in-time issuance/provisioning of agent identities into any cloud or on-premises IDP, including automatic credential rotation, lifecycle expiry, and ownership assignment. Full-stack observability through OpenTelemetry, providing near real-time, correlated traces of both human and agent interactions for forensic lineage, risk analysis, and audit through your existing reporting and analytics tools.
With Okta-powered SSO, DigitalOcean provides enterprise-grade authentication and streamlined cloud access with automated user management, role-based access, and centralized security for cloud-native teams
DigitalOcean announced support for Single Sign-On to provide digital native businesses with seamless and secure authentication to their DigitalOcean accounts. Built on the industry-standard OpenID Connect (OIDC) protocol, SSO connects your existing Identity Provider (IdP) to DigitalOcean, starting with Okta and expanding to other leading IdPs in the future. For growing, cloud-native teams, SSO provides secure, frictionless access without added complexity or cost. DigitalOcean includes enterprise-grade control and automated user management in every plan, so your team can focus on building, not managing logins. Features of Single Sign-on include: IdP integration & centralized access control: Direct DigitalOcean connection and enforcement of security policies (e.g., MFA, IP restrictions, password policies) through an organization’s existing IdP. Automated user provisioning: Automatically creates new user accounts and assigns roles within DigitalOcean based on IdP group membership upon first login. Role-based access: Aligns identity provider groups with DigitalOcean roles to simplify and automate permissions management. Automated offboarding: Supports real-time deprovisioning of user access from DigitalOcean when removed from the IdP. Enforcement options: Allows administrators to choose between enforcing SSO-only authentication or permitting a mix of SSO and traditional logins. Bratin Saha, Chief Product and Technology Officer, DigitalOcean. “Unlike other cloud providers that gate SSO and automated user management behind premium tiers, DigitalOcean includes these capabilities for every customer. By making secure authentication and frictionless onboarding a built-in part of our platform, we help growing teams spend less time managing access and more time innovating and scaling.”