By Christina Hulka, Executive Director, Secure Technology Alliance
Identity leaders have spent the last few years redefining what “sign-in” really means. Authentication is no longer a front-door step that happens once, then fades into the background. It is increasingly a continuous, context-aware decision that determines what a user can do and what an attacker can attempt.
That shift matters beyond the identity stack because the highest value actions in digital life are not logins. They are transactions. Adding a card to a wallet, initiating a pay-out, changing account details or approving a high-risk purchase all force the same question: do we trust this user enough to move value right now?
This is where the convergence of identity and payments becomes unavoidable. Payments are no longer just a financial workflow. They are one of the most consequential identity workflows, and they are happening in environments where users expect speed and attackers bring automation.
The identity zeitgeist is already pointing in this direction. Enterprise teams are pushing toward stronger factors and more resilient authenticators, then using risk signals to keep experiences low-friction. A recent sign-in trends report by Okta found that, overall, MFA adoption reached 70% of users as of January 2025. The direction is clear, and the remaining gap is meaningful.
Attackers are scaling too. Verizon’s 2025 Data Breach Investigations Report notes that about 88% of breaches in the “Basic Web Application Attacks” pattern involved stolen credentials. That reality is not confined to access. Once a session is compromised, the next objective is almost always value: a purchase, a transfer, a gift card, a pay-out, a mule account or a new credential in a wallet.
That brings payments into the identity conversation in a very practical way. In a Top Fraud Trends report, TransUnion finds that 8.3% of global digital account creation attempts in the first half of 2025 were suspected fraud, and its business leader survey found companies lost 7.7% of equivalent annual revenue to fraud on average, representing an estimated $534 billion across the 1,200 business leaders surveyed in 2025. When onboarding is this contested and fraud is consuming this much margin, the line between identity risk and payment risk stops being theoretical.
User expectations are also evolving quickly. Visa’s 2025 Spending Shift Survey reports that in the U.S., one in five shoppers prefer digital wallets, and Gen Z is as likely to prefer digital wallets as physical cards. Wallet-first commerce compresses the journey. There are fewer screens and fewer opportunities to introduce heavy prompts, so the quality of identity signals, binding and recovery becomes even more important.
For identity practitioners, this convergence shows up in familiar concepts, just expressed at higher stakes. Phishing-resistant authentication reduces the attack surface for takeover that leads directly to payment fraud. Risk-adaptive access translates to risk-adaptive authorisation, where higher assurance is requested only when context warrants it. Continuous evaluation matters because trust does not end at sign-in. It continues through checkout, payout and recovery.
The seams are where systems fail. Fraudsters do not respect internal boundaries between identity and payments teams. They exploit gaps across onboarding, session continuity, account recovery and step-up moments. When nearly one in twelve account creations are suspected fraud, identity cannot be treated as a prerequisite that happens before the “real” commerce journey begins. It is part of the commerce journey.
The hard part is implementing this reality without breaking experience or creating exclusion. Identity leaders already know friction is not a strategy. Over-challenging users drives abandonment and support costs, and it pushes organizations toward manual review that does not scale. The path forward is better orchestration: higher assurance when risk demands it, quieter journeys when it does not, and recovery that is resilient by design.
Convergence also changes the collaboration model. Merchants often see behavioural context early. Issuers see account history and spending patterns. Networks see signals at scale. Wallet providers mediate the user experience. Public sector stakeholders influence credential models, privacy expectations and interoperability. A trusted transaction depends on all of them, which means identity decisions and payment decisions must be designed to work together.
That is why the Secure Technology Alliance convenes the Identity & Payments Summit. The Summit brings together leaders from payments, identity, financial services, technology and government to focus on the practical intersection points shaping secure digital commerce, including modern authentication, fraud and risk strategy, wallets and credentials, policy direction and the role of AI in decisioning. If you are building what comes after the login screen, you are already building the future of digital trust. We invite you to attend the event March 2-4 in Houston, Texas, and join critical discussions on the convergence of payments and identity.
