Mobile driver's licenses are revolutionizing Know Your Customer (KYC) compliance in the financial services industry. By providing cryptographically verifiable proof of identity, mDLs enable banks to meet regulatory requirements more efficiently, with higher assurance and lower fraud risk compared to traditional document-based verification.
From Policy Question to Proven Path
For years, banks have asked the same question: will regulators accept verifiable digital credentials for KYC? That question is now being answered in practice.
The National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), is collaborating with financial institutions, state DMVs, regulators, and technology providers to demonstrate how mobile driver’s licenses can satisfy existing CIP and KYC requirements. Rather than proposing new rules, the NCCoE is building reference architectures, use case criteria, and sample bank flows that show how mDLs operate within today’s regulatory frameworks.
These efforts focus on real-world financial onboarding scenarios, where identity verification must meet strict assurance, auditability, and fraud-prevention standards. By grounding mDL verification in open standards, such as ISO/IEC 18013-7, and aligning with NIST’s digital identity guidance, the NCCoE work provides a concrete model for how cryptographically verifiable credentials can replace document scans without weakening compliance.
With that foundation established, the shift for banks is no longer theoretical. The challenge is not whether mDLs can be used for KYC, but how they improve on the legacy methods institutions rely on today.
The KYC challenge
Financial institutions face enormous compliance burdens. The Bank Secrecy Act, Customer Identification Program (CIP) requirements, and Anti-Money Laundering (AML) rules mandate that banks verify the identity of every customer. Failure to comply can result in billion-dollar penalties, reputational damage, and regulatory sanctions.
Traditional KYC processes rely on document scans, selfie matching, and manual review. Customers upload images of their driver's license, submit a photograph, and wait while compliance teams verify the documents. This process is slow, expensive, and increasingly vulnerable to fraud. Generative AI can now fabricate convincing document images, synthetic faces, and supporting documents in seconds.
Banks need a better way to verify identity, one that provides cryptographic assurance rather than relying on visual inspection of document images.
How mDL verification works
When a customer presents a mobile driver's license for KYC, the bank verifies it through cryptographic methods rather than document inspection. The process follows ISO/IEC 18013-7, the standard for online mDL presentation.
The customer initiates the onboarding process through the bank's app or website. Instead of uploading document scans, they authorize their wallet to share specific attributes from their mDL. The wallet generates a presentation containing only the requested information, name, date of birth, address, and any other fields required for compliance, along with cryptographic proof that the credential was issued by a legitimate DMV.
The bank's verification system checks the DMV's digital signature to confirm authenticity. If the signature validates, the bank knows with mathematical certainty that the credential came from the stated issuer and hasn't been altered. This provides far higher assurance than inspecting a document image, which could be fabricated.
What banks need to know
For mobile driver’s licenses (mDLs) and other verifiable digital credentials to be used in CIP and KYC workflows, banks need clarity on trust and regulatory acceptance.
On the technical side, mDLs already address the core questions banks ask during the onboarding process. Authenticity is established through cryptographic signatures from state DMVs, trusted government issuers. Integrity is ensured because any modification invalidates the signature. Binding ties the credential to the individual through device-level cryptography, typically utilizing secure hardware on the phone, thereby reducing the risk of replay and impersonation. Revocation and validity can be checked in real-time through status services, allowing banks to confirm that the credential is still active.
The remaining barrier is compliance certainty. While the Bank Secrecy Act and FinCEN’s CIP rules are largely technology-neutral, existing guidance still assumes the use of physical documents or database checks. Banks need explicit confirmation that government-issued verifiable digital credentials, including mDLs, can qualify as acceptable “documentary” methods when they meet defined assurance thresholds, such as alignment with NIST SP 800-63 IAL2 or higher.
This is where the NCCoE initiative (mentioned earlier) becomes essential. The project demonstrates, in a practical and real-world context, how banks can utilize mobile driver’s licenses to verify a customer’s identity when opening an account. It achieves this through a reference architecture built on widely accepted standards, providing banks with a concrete foundation they can rely on and point to during regulatory examinations.
Want to keep learning?
Subscribe to our blog.
