Mobile identity services are maturing with the rollout of standard network APIs
Mobile identity services are moving out of the shadows and into the spotlight. With the roll out of the GSMA Open Gateway, mobile operators’ identification and fraud-detection capabilities have a much higher profile.
“Until last year, mobile identity was the industry’s best kept secret,” recalls Helene Vigue, Identity and Data Director at the GSMA. “It was something that a lot of operators were working on. But it wasn’t prevalent in every region and I felt like it really exploded on to the stage at MWC24 with Open Gateway.”
Why has Open Gateway been a catalyst? It enables enterprises to harness mobile operators’ capabilities through standardised application programming interfaces (APIs). Some of these capabilities can be used to support identification and authentication. For example, specific Open Gateway APIs enable enterprises to compare the information they have for a particular user with that held by the user’s mobile network operator, for example. A standardised API can be used to verify a mobile phone number, name, postal code, address, birthdate and email address, without returning any personal identifiable information. Other Open Gateway APIs can be used to check whether SIM cards have been swapped recently and to verify a user’s location.
“The spotlight from Open Gateway has really helped scale the supply of network APIs,” explains Helene Vigue. “The deployments are there and are happening at a quicker pace than they’ve been before.” Open Gateway has helped operators meet the growing demand for solutions to counter fraud, particularly from the financial services industry.
Trust takes centre stage
As the mobile identity ecosystem evolves, it is increasingly focused on delivering solutions that will enable different entities to trust each other.. Following the initial rollout of Open Gateway the ecosystem is increasingly exploring sophisticated propositions based on the premise of the mobile number as “a root of trust,” rather than simply providing a single piece of information, such as verifying a mobile number or a SIM swap. “There’s a lot more that can be done around helping an enterprise understand if they can trust someone based on their mobile number,” says Helene Vigue. “You could add data around this to give confidence in an individual’s identity, or that they are human or that they are over 18.”
At the Mobile Identity Summit at MWC Barcelona 2025, Helene Vigue anticipates the ecosystem will further explore this opportunity. Accessible via APIs, such solutions could bundle a number of data points together or provide an enterprise customer with a confidence score.
The Mobile Identity Summit is also set to discuss the business models required to bring both basic and sophisticated solutions to market “in terms of scaling, finding the right partnerships, and finding how the solution fits alongside a broader portfolio from the operators,” adds Helene Vigue. “This isn’t something that lives in complete isolation. Operators already sell SMS messaging. There’s interplay between these things.”
Indeed, many banks and retailers rely on SIM cards to authenticate customers. “They’ve already got an identity and access management infrastructure,” notes Helene Vigue. “So they’ve got these vendors coming to them and plugging mobile identity into that.”
Digital identity wallets take shape
More broadly, 2025 is likely to see Europe’s mobile operators progress further with the development of the digital wallets required by the EU’s revised eIDAS Regulation, which will come into force in 2026. Member states will be required to offer at least one EU digital identity wallet to all citizens, and residents. The goal is to deliver an EU-wide harmonised system that will help people access services without complications at home and across borders, securely relocate from one country to another and reduce the likelihood of fraud and identity theft.
Europe’s mobile operators are involved in large-scale pilots funded by the EU. Operators can play a key role in providing the SIM as a secure element and the reliable connectivity necessary to manage digital identities. As the pilots continue, the ecosystem is looking for greater clarity from the Member States and the European Union on the potential business models, as the digital identity wallets will be free to end users. “Sustainable business models are needed to maximise ecosystem involvement and adoption,” notes Helene Vigue.
As issuers and verifiers of robust credentials, mobile operators may be able to use the eIDAS capabilities and the EU digital ID wallet to offer value-added services. By harnessing their physical shops and existing digital processes for ID verification, operators can help deploy digital wallets at a ‘high’ assurance level. Mobile operators also bring extensive reach, expertise in authentication and compliance processes, such as know your customer (KYC), which should be of value to other businesses.
Such services represent another potential direction of travel for the expanding mobile identity ecosystem. “Again, that used to be something people only talked about, whereas now they are starting to experiment.” notes Helene Vigue. “In Barcelona, we might even see some operators trialling new services with wallets.”
Join us at the MWC25 Barcelona Mobile Identity Summit and explore how sophisticated mobile solutions are driving digital trust and strengthening digital identities. The Summit’s sessions are:
Powering trust between enterprises and users in 2025
- The session delves into the recent innovations in mobile identity, authentication, network APIs, trusted calls, and the strategic partnerships driving the mobile identity advancements.
Mobile innovations for tomorrow’s digital identity
- Our second session explores the future of mobile identity that boost digital trust, including reusable identity, and how to leverage mobile intelligence for stronger mobile device security.
You can register here.