Today, the Aspen Institute Financial Security Program launched a groundbreaking National Strategy on Fraud and Scam Prevention.

The OpenID Foundation was delighted to participate as a task force member, contributing to the effort alongside more than 80 cross-sector partners. This represents the first time such a broad collection of leaders from government, law enforcement, private industry, and civil society have come together in the US to develop a strategy aimed at preventing fraud and scams.

The Foundation commends the rigorous analysis, comprehensive approach and actionable recommendations in the Aspen report. The recommendations include:

• Establishing a whole-of-ecosystem response across government, industry, and civil society
• Modernizing legal frameworks to enable faster detection, stronger enforcement, and appropriate liability protections
• Improving industry coordination to share data, strengthen defences, and reduce scam exposure – including use of standards to accomplish this goal
• Supporting victims more effectively, recognizing the real harm these crimes cause
• Treating scams as a national security and economic threat, not just a regulatory issue.

As Gail Hodges, the OpenID Foundation’s Executive Director, said, “The OpenID Foundation was delighted to participate as a Task Force member, and is impressed with the breadth of experts Aspen was able to convene to develop the National Strategy on Fraud and Scam Prevention. As a global open standards body, we hope that this report will stimulate timely policies and due diligence on standards that can deliver policy at the protocol level, such as Shared Signals, OpenID for Verifiable Presentation, OpenID for Verifiable Credential Issuance, and OpenID for Identity Assurance. These standards can play a meaningful role in delivering the digital identity infrastructure required to mitigate fraud while serving the public, the government, and the private sector alike."

Perfect timing 

This report times well with several OpenID Foundation’s achieving final status meaning they are mature and stable for scale adoption, including by complex and interconnected ecosystems like those in the US . Relevant standards to the Aspen Report include:  Shared Signals 1.0, OpenID for Verifiable Presentation 1.0, OpenID for Verifiable Credential Issuance 1.0,  and OpenID for  Identity Assurance 1.0. These standards are already playing a meaningful role in delivering digital identity infrastructure, and they are well placed to to mitigate fraud while supporting wider ecosystem objectives.

Shared Signals 1.0 Final

Shared Signals enables real-time sharing of security intelligence across platforms. Major implementers, including Apple, Google, CISCO, Sailpoint, and Okta, are already deploying these standards. The technology is highlighted on the Gartner Hype Cycle and recommended by CISA.

The momentum continues to build. Google recently announced a new enterprise platform feature using Shared Signals, and the OpenID Foundation is getting ready to conduct a fourth interoperability session during Authenticate in Carlsbad, California October 15th.

OpenID Foundation Board member and Shared Signals WG Co-chair, Atul Tulshibagwale, also participated in the Task Force. He added: “The rampant level of online scams has reached an unprecedented and significant scale, severely affecting a large number of people and businesses. The Aspen report’s findings and recommendations are extremely important to our collective defense against fraudsters. We hope that the Shared Signals Framework can serve the US community by offering an open standard that communicates near real-time updates about potentially fraudulent activity. This will enable all participants across industry sectors and between the public and private sectors to be smarter about their decisions.”  

OpenID for Verifiable Presentation 1.0 Final

This standard enables secure verification of digital credentials, like mobile driver's licenses that use the mdoc credential type from ISO/IEC SC17 18013-5 and SD-JWTs from IETF. The Foundation has partnered with NIST on the NCCoE Project on Mobile Driving Licenses for use of mDLs to “open a bank account,” co-hosting eight successful interoperability events on OpenID for Verifiable Presentation (OpenID4VP) and OpenID for Verifiable Credential Issuance (OpenID4VCI) this year before both specs were approved as final specifications this year.

Now the Foundation is actively addressing gaps identified by NIST that prevent US financial institutions from adopting and integrating the use of mobile driver's licenses into their processes to comply with CIP and other US financial regulatory requirements. The OpenID Foundation seeks to support, NIST, and the US financial ecosystem (e.g. individual banks and the American Bankers Association) to ensure financial institutions understand how mobile driver's licenses meet CIP/KYC regulations “as is,” and how issuing authorities, wallets and financial institutions can jointly increase confidence in mDLs to enable more rapid adoption by financial institutions. The OpenID Foundation is working in partnership with NIST to generate targeted proposals on how to close the gaps identified by NIST, with the expectation those proposals will help accelerate US stakeholder consensus and how some gaps could be closed by leveraging NIST’s SP 800-63-4 Digital Identity Guidelines and potential additions to the OpenID Foundation’s eKYC and IDA Working Group specifications.

The OpenID4VP standard has already been selected by Google Wallet, Android, Amazon.com, Samsung Wallet, 1Password, NIST for the NIST NCCoE project, the EU for the EU Digital Identity Wallet, Switzerland, UK, six Western Balkan countries, MOSIP for their marketplace of open source code services, and it is live in deployment by the California DMV. By the end of 2027, the OpenID Foundations anticipates 37 countries will be live with OpenID4VC. 

OpenID for Verifiable Credential Issuance 1.0 Final

This standard enables public or private sector organizations to securely issue digital credentials into a digital wallet. This OpenID4VCI specification has already been selected by major public and private sector platforms, including Google Wallet, Android, the EU for the EU Digital Wallet, Switzerland, UK, six Western Balkan countries, MOSIP for their open source marketplace, and it is live in deployment with the California DMV. 

Global impact and future deployment

The High Assurance Interoperability Profile (HAIP) will reach final status later this year. This profile will become the foundation for Europe's digital identity infrastructure by the end of next year, and looks set to be adopted by Google, Amazon, 1Password, California, and many others in the USA.

The OpenID Foundation is also preparing a major announcement with an international governmental organization in November to support large scale deployment across the global south.

The Foundation is proud to have contributed to this groundbreaking strategy alongside more than 80 cross-sector partners. Now, with the global standards finalized and gaining global adoption, the OpenID Foundation is moving from strategy development to implementation. 

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.