Agentic artificial intelligence may soon test the weakest point in a company’s identity system, but PYMNTS Intelligence data suggest the strongest defense may be a wider, better-connected verification network.
That is the central takeaway from “Identity at Scale: Where KYC/KYB Touchpoints Create (or Contain) Agent Risk,” a PYMNTS Intelligence report produced in collaboration with Trulioo. The report is based on a survey of 350 companies, and examines how digital identity systems are being used to prevent fraud and support growth. The data show that identity verification has moved well beyond account opening. Firms now use digital verification in 4.4 workflows on average, including customer login, online transactions, fraud tracking, vendor onboarding and lending. That expansion matters most in the agentic AI era because automated bots and agents can now pressure several parts of the business at once.
The encouraging finding is that more identity checks do not necessarily mean more friction. Companies that run identity checks across more workflows often report less pressure from bots, fewer control gaps and more stable operations. That suggests identity verification is becoming less of a gate at the front door and more of a control system running through the business.
Three data points show the shift:
- 63.2% of firms offering loan applications report KYA-type threats. Loan applications had the highest level of reported agent and bot activity among the workflows studied, ahead of vendor onboarding, customer onboarding, customer login and online transactions.
- 79.4% of firms use digital verification for customer login. That makes login the most common identity checkpoint in the report, followed by online transactions at 74.6%, fraud tracking at 70.6% and account openings at 67.7%.
- 98.3% of firms running KYB checks across five or more workflows say verification has become easier over the past year. The same pattern shows up in KYC, where 95.8% of higher-touchpoint firms say the process has become easier.
The agentic AI angle is important because bots are no longer limited to obvious fraud attempts. They can show up during login, account opening, transactions, lending and vendor onboarding. They can also mimic normal behavior long enough to create harder-to-spot risks. That changes the job of identity teams.
A company can no longer treat each identity checkpoint as a separate process owned by a single group.
Advertisement: Scroll to Continue
The report shows why. In high-frequency workflows such as login, online transactions, fraud tracking and account opening, roughly 60% to 65% of firms verify both businesses and customers in the same flow. That means a bad identity decision can affect more than one side of a transaction. A false positive can block a legitimate customer. A missed signal can let an untrustworthy supplier or user through.
Lower-coverage firms appear to face sharper pain. Companies using identity checks in only three to four workflows report more missed business opportunities, more customer friction and more false positives. They are also more likely to report incidents or losses tied to adversarial bots and agents.
The positive lesson is that broader identity coverage can create a better customer experience, not just a safer one. Firms using checks across five or more workflows are more likely to use a hybrid model that combines internal teams and outside partners. That operating model may help explain why they report more stability even as agentic AI raises the stakes.
As AI agents become more common in commerce and financial services, identity verification is becoming a growth tool as much as a fraud control. The firms that connect identity decisions across the business may be better able to stop bad actors while letting good customers, suppliers and partners move faster.
