Notifications
Clear all
Topic starter
22/06/2026 10:11 am
TL;DR: Verifiable credentials let users present cryptographically signed identity proof once and reuse it across onboarding, step-up checks, and account recovery, according to Transmit Security. That shifts customer identity from repeated document collection to reusable assurance, which changes how teams think about trust, privacy, and fraud friction.
NHIMG editorial — based on content published by Transmit Security: verifiable credentials and reusable identity proof
Questions worth separating out
Q: How should security teams decide where to use verifiable credentials in customer journeys?
A: Start with journeys that benefit from reusable trust and low data collection, such as onboarding, account recovery, and step-up authentication.
Q: What risks come with reusing identity proof across multiple applications?
A: Reusing proof can spread trust across many journeys, so the quality of the original issuance, wallet security, and revocation handling become more important.
Q: How do organisations reduce identity data exposure when using verifiable credentials?
A: Use selective disclosure so the verifier receives only the attribute needed for the transaction, and avoid storing full identity evidence unless there is a clear business or regulatory need.
Practitioner guidance
- Map reusable proof to specific trust tiers Define which journeys can accept a previously issued verifiable credential, which require fresh proofing, and which need a higher assurance presentation for sensitive actions.
- Separate issuer trust from data retention decisions Keep the verification decision focused on signature validity, issuer policy, and revocation status, while reducing how much identity evidence your systems store after onboarding.
- Set explicit rules for selective disclosure Identify the minimum attribute set needed for onboarding, account recovery, and step-up checks, then reject workflows that ask for full identity records when they are not required.
What's in the full article
Transmit Security's full article covers the operational detail this post intentionally leaves for the source:
- A practical walkthrough of issuance, storage, presentation, and verification flows for verifiable credentials.
- Concrete examples of how reusable credentials support onboarding, account recovery, and step-up authentication.
- The user and verifier experience details behind wallet-based presentation and selective disclosure.
- The article's own framing of where VCs reduce friction without removing assurance requirements.
👉 Read Transmit Security's analysis of verifiable credentials for customer identity →
Verifiable credentials and customer onboarding: what changes for IAM teams?
Explore further
22/06/2026 10:59 am
Reusable identity proof changes the control point in customer identity programmes. The central question is no longer how often a user can be re-verified, but where assurance should be issued, stored, and re-presented. That shifts governance from repeated evidence collection toward trust lifecycle management, selective disclosure policy, and verifier acceptance rules. Practitioners should treat reusable proof as a governance pattern, not just an experience improvement.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to The 2024 Non-Human Identity Security Report.
A question worth separating out:
Q: What should customer identity teams watch before rolling out reusable credentials?
A: They should check issuer trust policy, wallet support, revocation handling, and fallback paths for users who cannot present a credential. If any of those pieces are missing, the programme may reduce friction in one place while creating gaps in recovery or high-risk verification elsewhere.
👉 Read our full editorial: Verifiable credentials are reshaping customer identity and onboarding
