Verification once concentrated almost entirely on the moment an account was opened. That model, according to Zac Cohen, chief product officer at Trulioo, no longer reflects how risk unfolds across modern financial platforms.
“What really changes over time is what breaks the verification when it’s only at sign up,” Cohen told PYMNTS during the third installment of a series examining how continuous identity checks, applied across the full customer lifecycle, turns verification from a one-time checkpoint into a dynamic, connected risk strategy.
As he noted to PYMNTS, an account that appears legitimate during onboarding may develop a different risk profile months later as user behavior evolves or control of the account shifts.
Two Ways Verification Breaks
Cohen described the problem in two broad categories. The first involves behavioral change. Customers’ activities, devices and patterns evolve—sometimes legitimately, and sometimes because someone else has gained access. In those circumstances, the initial verification check no longer reflects reality.
Account takeover frequently emerges in these conditions. As Cohen noted, behavior that once appeared routine may change abruptly when credentials are reset or access shifts to a different device.
The second category reflects how fraudsters themselves adapt. “You have to think of fraudsters as apt students,” Cohen said. “They can push and prod your systems until they learn what works, what doesn’t work, what they can understand, how to bypass the front door.”
Advertisement: Scroll to Continue
When verification occurs only once, institutions effectively allow adversaries time to learn those systems.
Monitoring the entire life cycle becomes essential.
The contrast between synthetic identity fraud and account takeover illustrates how different those patterns can be. Synthetic identities often develop gradually, layering credibility over time through incremental activity. Account takeover tends to appear suddenly, with a sharp break in behavioral continuity, such as a new device or credential reset.
Consumers expect financial institutions to detect those threats without introducing unnecessary friction. As Cohen observed, “customers want to ensure that the financial services they are using are safe, and they themselves don’t want to become victims of fraud either.”
Signals That Matter
The signals that reveal those changes increasingly come from behavioral monitoring rather than static identity checks alone. These signals can be measured across three parameters.
The first is persistence, which asks whether a user has been seen before and whether activity can be tracked across interactions, even if a device is rebooted. The second is contextual awareness, which examines whether a user’s behavior aligns with previous activity patterns and environmental conditions. The third is graph intelligence, which expands the network of signals institutions can analyze to identify coordinated fraud activity.
Together, these signals broaden the available view of risk. Instead of evaluating an isolated login or transaction, institutions can evaluate patterns across time and across networks.
Continuous Identity in Practice
These capabilities underpin what Cohen describes as “Continuous Identity.” Rather than focusing on a single checkpoint, Continuous Identity aims to maintain a persistent understanding of the customer throughout the life cycle of the account.
“At the end of the day, it’s really coming down to whether or not you have a coherent strategy and a cohesive set of tools that can provide a holistic and continual view of your customers,” Cohen noted.
In practice, this approach requires coordination across systems. Cohen cautioned that Continuous Identity does not work when teams operate in isolation or when institutions rely solely on disconnected point solutions.
Instead, organizations need an integrated framework that combines onboarding verification, behavioral monitoring and screening into a unified workflow.
Determining when to step up verification represents one of the most practical challenges. Institutions must decide when to introduce additional checks and when to continue monitoring in the background.
Cohen described that balance as a combination of internal risk posture, industry best practices and customer experience considerations. Static rules rarely succeed. Thresholds must adjust over time and vary by geography, customer type and regulatory environment.
Making Security Understandable
Even when additional verification becomes necessary, communication remains central to maintaining trust.
“People are people,” Cohen said. “They just want to understand what is happening and why.”
Explaining the reason for a step-up request often reduces frustration and helps customers complete the process. Transparency around data usage also plays a role. Institutions should clearly explain how behavioral signals are used, obtain consent and remove data when customers request deletion.
According to Cohen, institutions should focus on coordinated behavior instead of simply identifying shared data points. Legitimate customers may share an address, a wireless network or an internet service provider. Fraud rings reveal themselves through synchronized activity.
Repeated patterns such as bursts of account openings, circular movement of funds or groups of closely connected accounts may signal coordinated behavior. Identifying those patterns requires examining risk at the network level rather than evaluating each user in isolation.
Rescreening can also play a role when meaningful changes occur in a customer’s risk profile. Ownership changes, shifts to higher-risk geographies or major changes in transaction patterns may warrant renewed scrutiny.
System Must Keep Evolving
Operational discipline remains critical. Cohen said the most effective programs integrate screening tools, behavioral signals and onboarding verification into a single workflow.
The stakes continue to rise as technology accelerates both legitimate innovation and fraud tactics.
“We’re in a period of change that’s been unseen before simply because of the technology being deployed for both good and bad intent,” Cohen said. “Everyone needs to reexamine their systems today.”
