Agent AI may soon test the weakest point in a company’s identity system, but PYMNTS Intelligence data suggests the strongest defense may be a broader, better-connected verification network.
These are the central takeaways from “Identity at scale: KYC/KYB touchpoints create (or contain) agent risk“, a PYMNTS intelligence report produced in collaboration with Trollio. The report is based on a survey of 350 companies, and looks at how digital identity systems are used to prevent fraud and support growth. Data shows that identity verification has far outpaced account opening. Businesses now use digital verification in an average of 4.4 workflows, including customer login, online transactions, fraud tracking, vendor onboarding, and lending. This expansion is even more important in the age of agent AI, because bots and automated agents can now squeeze in several pieces of work at once.
The encouraging result is that more identity checks do not necessarily mean more friction. Companies that conduct identity verification across more workflows often report less stress from bots, fewer control gaps, and more stable operations. This indicates that identity verification has become less of a gate on the front door and more of a control system that runs across the company.
Three transformation data points appear:
- 63.2% of businesses submitting loan applications reported KYA threats. Loan applications had the highest level of agent and bot activity reported among the workflows studied, ahead of vendor onboarding, customer onboarding, customer login, and online transactions.
- 79.4% of companies use digital verification for customer login. This makes login the most popular identity verification point in the report, followed by online transactions at 74.6%, fraud tracking at 70.6%, and account opening at 67.7%.
- 98.3% of businesses that conduct KYB checks across five or more business streams say the verification process has become easier over the past year. The same pattern appears in KYC, where 95.8% of companies with higher touchpoints say the process has become easier.
The agent AI angle is important because bots are no longer limited to obvious fraud attempts. They can appear during login, account opening, transactions, lending, and seller onboarding. They can also mimic natural behavior long enough to create hazards that are difficult to detect. This changes the mission of identity teams.
The company can no longer treat each identity checkpoint as a separate process owned by one group.
Advertisement: Scroll to continue
The report shows why. In high-repetition workflows like login, online transactions, fraud tracking, and account opening, approximately 60% to 65% of businesses check businesses and customers in the same flow. This means that a bad decision about identity can affect more than one aspect of the transaction. A false positive can result in a legitimate customer getting banned. A missing signal can allow an untrustworthy resource or user to pass through.
Companies with lower coverage appear to experience more severe pain. Companies that use identity verification in just three to four workflows report more missed business opportunities, more customer friction and more false positives. They are also more likely to report incidents or losses associated with competing robots and agents.
The positive lesson is that broader identity coverage can create a better customer experience, not just a more secure one. Companies that use verification processes across five or more workflows are likely to use a hybrid model that combines internal teams with external partners. This operating model may help explain why they report more stability even as proxy AI increases risk.
As AI agents become more common in commerce and financial services, identity verification has become as much a tool for growth as anti-fraud. Companies that connect identity decisions across the business may be better able to stop bad actors while allowing good customers, suppliers, and partners to move faster.
