The Financial Times magazine has one of the most interesting stories about money and digital identity that I have read for a long time. It is a story about supermodels and billionaires and lawyers and fraud, so I cannot resist drawing attention to it and noting the connection between Naomi Campbell and Larry Fink.
Digital Identity And Digital Credentials
The essence of the story is that the famous supermodel Naomi Campbell was introduced to a woman who she thought was a lawyer, but the Solicitors Regulation Authority (SRA) said that the woman in question had never been a solicitor in England and Wales, so I assume that Ms. Campbell (just like the rest of us) had never thought to check whether the woman really was a lawyer or not.
Ms. Campbell is quoted as saying “I trusted her, as she was presented to me as a lawyer”.
(Rather interestingly, the SRA also noted that “the term lawyer is not a protected term”, something that had not occurred to me, so that unregulated individuals working in the law can refer to themselves as such.)
The “lawyer” became a trustee of Ms. Campbell’s Fashion for Relief charity and managed the charity’s day-to-day operations. She went on to conduct a variety of transactions, which eventually included engaging expensive actual lawyers to act on Ms. Campbell’s behalf.
Or, at least, that is what the actual lawyers thought.
They had verified Ms. Campbell’s identity by requesting a copy of her passport (which was sent to them) and confirmation of the engagement. This confirmation came in the form of an email, and from then on the lawyers communicated with “Ms. Campbell” via this email address, not noticing that the address that purported to be Ms. Campbell’s personal email address was in fact different from her actual address by a single character.
This fascinating story illustrates rather well two different problems that need to fixed if we are to benefit from an efficient online economy. The first is that of fraudulent identity (is this Naomi Campbell?) and the second is that of fraudulent credentials (is this a lawyer?). We (society) need both of these problems to be solved, and we need them to be solved soon.
(And please note, even if you do not care that much about supermodels being ripped off by bogus lawyers, that this is not only money, it is also about lives. Here in the UK we have just had the example of a man accused of signing off fire safety certificates for flats in high-rise blocks using the credentials and signature of qualified engineer.)
Digital Identity Verification
At the same time that I was reflecting on Ms. Campbell’s experiences, I noticed that Larry Fink, the billionaire CEO of Blackrock (which has some $10 trillion in assets under management) wrote in his 2025 letter to investors that “One day, I expect tokenized funds will become as familiar to investors as ETFs—provided we crack one critical problem: identity verification… If we’re serious about building an efficient and accessible financial system, championing tokenization alone won’t suffice. We must solve digital verification, too”.
I interpret Mr. Fink’s plea as a demand to tackle both problems, fraudulent identification and fraudulent credentials, and I could not agree more with his prioritisation of the issue.
I’ve been saying the same thing for years, arguing that that there is no way forward in fintech (or, in fact, pretty much any other sector) without the development of digital identity infrastructure, but now that supermodels and billionaires are saying it, hopefully something will get done. The good news is that the technologies we need to address those challenges are well-known and well-understood.
At the recent Secure Technology Alliance summit in San Diego, Mobile driver’s licenses (mDLs) and verifiable credentials (VCs) took centre stage—and for good reason. With millions of mDLs already out there in the US (and soon in the UK too) we are perhaps close to tackling the identification problem. Simon Curry, VP of EMV at Visa, said at that summit that “mDLs offer the best option we have today in the arms race we’re in to combat the ever-evolving world of threat and fraud from bad actors and AI — and it’s a significant leap forward”.
Take California as an example. They held a hackathon last fall, where companies including Fime, Mitek, MATTR, Ping Identity, Incode and others showed some of the possibilities. Just to illustrate a few of these possibilities: A team from Cisco won “Most Promising” for an application of mDLs as a root digital identity for passwordless authentication; Developers from Block won “Best Privacy and Security Design” for an in-person age check application for merchants using Square; And a team from U.S. Bank won “Most Scalable” for an in-person identity verification implementation for bank branches to carry out high-risk transactions.
Practical Digital Identity
The building blocks of the next generation financial market infrastructure are here, but we need some kind of verification framework to make them work. Going back to the issue of the lawyer who was not a lawyer. While mDLs might help with identity, the DMV does not know whether you are a lawyer or not, but bar associations, including those in California, do. They have been exploring the idea of digital or verifiable credentials for legal professionals. Such credentials could streamline identity verification, improve security, and facilitate interstate practice by providing a standardised way to verify a lawyer’s qualifications and standing.
Once you have you driving licence in a digital wallet, it does not test the boundaries of human imagination to forsee the California bar association having a a service whereby lawyers can go online, identify themselves using their mDL and then obtain their licence to practice as a verifiable credential to be stored in the same wallet.
(After all, the American Bar Association already allows lawyers to download their membership cards into those digital wallets.)
Since the consumer’s digital wallet would be able to check the digital signature on the credential presented by the lawyer and know for sure that it was valid, issued by the relevant bar association to the person in possession of the mobile phone, we should be able to take out a fraud vector and in doing so reduce the overall cost of intermediation. Of course, as Jan Vereecken, the CPO over at meeco, points out in an interesting piece about trust in digital identity infrastructures, digital signatures are evidence of origin and not evidence of trust (in itself a complex topic).
It might be time consuming and inconvenient for Ms. Campbell to find out whether someone is a lawyer or not, but digital identity should mean that her iPhone could do it in a couple of seconds. Whether she should trust the lawyer or not… well, that’s another story.
- Full disclosure: I am a paid (part-time) employee at Fime. ↩︎
Read the full article here
