Why You Keep Photographing Your Face for Every App — and Who's Really to Blame
You open a new app. It wants to verify you. You take a selfie, photograph your driver's license front and back, wait for the little spinner, and finally — you're in. Three weeks later, you sign up for something else and do the whole thing again. Same face. Same license. Same you. So why are you starting from zero?
Here's the thing: your phone's camera is not the problem. The face-matching software is not the problem. According to a new study from researchers at the University of Warwick and the Alan Turing Institute, the problem is that the banks, governments, and apps involved in verifying your identity simply do not trust each other's homework. And until they agree on whose ID check counts — and write that agreement somewhere binding — you are going to keep posing for selfies until the end of time.
Digital ID technology works fine — what's broken is the trust between the institutions that are supposed to accept each other's identity checks, and that's why you keep being asked to prove who you are from scratch.
The Study That Names the Real Culprit
Researchers looked at three countries that have built real, working digital ID systems: Brazil, Nigeria, and the Philippines. These aren't countries with half-baked experiments. They have sophisticated national identity infrastructure. And yet, as Biometric Update reports, even those mature systems kept running into the same wall when anyone tried to make them work across borders or across different services: the technical pieces fit together, but nobody could agree on who was responsible for checking the checker.
That's not a software bug. That's a political and institutional problem. And it's expensive — not in the obvious way, but in the way where ordinary people pay with their time, their patience, and their privacy every single time they hand over their biometric data (their face, fingerprints, or voice — the body stuff that's uniquely them) to yet another organization that refused to accept someone else's verification.
"The approach of having standalone identity programs, fragmented governance, and retrofitting interoperability — rather than designing it from the beginning — creates problems that become very difficult to fix." — University of Warwick / Alan Turing Institute study findings, as reported by Biometric Update
Read that again. They didn't say the technology failed. They said building things in isolation and then trying to stitch them together afterward is almost impossible to fix. That's worth sitting with, because it describes almost every digital ID system on earth right now. This article is part of a series — start with Face Match Not Proof Biometric Assurance Deepfakes.
What "Trust" Actually Means Here (And Why It's Harder Than It Sounds)
When a bank verifies your identity, it's not just confirming your name and birthday. It's also making a legal bet — a commitment that, if something goes wrong, it can defend its process in court. That's why they can't just say "oh, that other app already checked this person, we're good." Because if fraud happens later, the question becomes: who is on the hook? Who audited the original check? What rules did they follow? What happens if those rules don't match ours?
This is what researchers mean by "governance" — not bureaucracy for bureaucracy's sake, but the actual agreements between organizations about who is responsible for what, who trained the auditors, and what the rules mean when things go wrong. Right now, most of the world's digital ID systems have excellent face-matching technology and almost no shared answers to those questions.
The friction isn't "do we have your document." The friction, as the study puts it, is "can we trust it quickly, safely, and in a way that stands up to our local rules." No face-matching algorithm can answer that question alone. That's a treaty problem, not a software problem.
Switzerland just delayed its national digital ID rollout specifically to sort out this kind of trust infrastructure first — because they watched other countries build the tech and then get stuck exactly here. (Smart move, honestly, even if it's frustrating for Swiss residents still waiting.)
Why This Week's Deepfake Headlines Make It Worse
Here's where it gets genuinely uncomfortable. This week, the news has been full of AI impersonation stories — deepfake videos, cloned voices, synthetic faces. And those stories connect to the digital ID problem in a way nobody is talking about loudly enough. Previously in this series: That Prove Youre 18 Pop Up Just Cost Roblox 6 7 Billion Here.
When institutions don't trust each other's identity checks, they each have to run their own. That means more systems collecting your face and your documents. More databases. More targets. Every silo of identity data that exists because two organizations couldn't agree on a shared trust framework is a new place for your biometric information to live — and potentially to be stolen, faked, or misused.
Reusable digital ID — the kind where you verify once and carry that credential like a card in your wallet — only works when every institution on the receiving end trusts the check that was done. That means trusting each other's fraud defenses, including each other's deepfake detection. Right now, most don't. So instead of one secure vault, your face lives in twenty places. The governance problem isn't just an inconvenience. It's a security risk hiding in plain sight.
Why This Matters to You Right Now
- ⚡ Every new verification is another copy of your data — each organization that won't accept another's check stores its own version of your face and documents, multiplying the number of places that data can be exposed
- 📊 The EU is the closest thing to a working model — Europe's digital identity framework (called eIDAS — basically an EU-wide rulebook for who has to accept whose digital ID) is the most advanced attempt at binding governance, but it took decades of political negotiation and still isn't fully operational
- 🔮 Big tech is filling the gap, carefully — Apple Wallet and Google Wallet now support government-issued digital IDs in select U.S. states, which works because Apple and Google negotiated the trust agreements that governments couldn't figure out themselves
- 🛡️ This is a privacy issue, not just a convenience issue — fragmented identity systems mean more organizations hold more of your most sensitive data, with less accountability for what happens to it
The Part Nobody Wants to Admit
Governance is genuinely harder than building technology. The study is careful about this. Weak institutions, internal political pressures, and low public trust in government create structural barriers that no framework document alone can fix. Some countries have every incentive to keep their systems separate — control over identity data is control over people, and not every government is eager to hand a piece of that to a supranational body.
That's the dark underbelly of this conversation. The researchers at Warwick and the Alan Turing Institute call out something specifically uncomfortable: digital ID systems in some countries carry real political risk, because the same infrastructure that makes your life easier could also make it very easy to track and exclude certain populations. That's not a hypothetical. It has happened. It's happening now in places where facial recognition technology has outpaced any law to govern it — India is one prominent example making headlines right now, where the technology is deployed and the legal framework to constrain it simply does not exist yet.
According to the Secure Identity Alliance's 2026 outlook, the organizations pushing hardest for international standardization — like the ITU, the UN's technology arm — are making progress, but the binding definitions that would actually make mutual recognition work are still being written. Meanwhile, the EU Digital Identity regulation is the world's most ambitious attempt to mandate that Member States actually accept each other's digital IDs. It's imperfect and behind schedule, but it's the only model on earth that has legal teeth. Up next: That 99 Face Match Unlocking Your Bank Fraudsters Just Found.
The analysis from RightCheck on cross-border digital credential barriers puts it plainly: the friction isn't about whether the technology can read your document. It's about whether the organization on the other end has any legal reason to believe the person who checked it before them did it right.
Your identity verification keeps starting over not because the technology is broken, but because the institutions checking you don't trust each other's rules — and until they do, every new service will ask you to prove yourself from scratch while collecting another copy of your most sensitive data in the process.
Here's the one practical thing to watch for right now: when a service asks you to verify your identity, look for whether they offer a "reuse" option — something like "verify with your existing government wallet" or a sign-in through a state digital ID. In states where Apple Wallet or Google Wallet support it, that's the governance-aligned path. It's not perfect, but it's the closest thing to "prove it once" that actually exists outside of Europe today. Fewer redundant copies of your face floating around is always better.
If you've ever paused and wondered whether handing your face to yet another app is actually necessary, or whether there's a smarter way to know that the person on the other side of a screen really is who they claim to be — those are exactly the right questions. They're the questions the entire identity industry is trying to answer. And they're the questions CaraComp exists to think hard about on your behalf.
The researchers at Warwick and the Alan Turing Institute have given the world a useful gift: a name for the thing that's been frustrating everyone. It's not a technical failure. It's a trust failure between institutions that should have figured this out before they built their silos. The technology is ready. It has been for years. The uncomfortable question now is whether banks, governments, and app platforms are willing to give up a little control in exchange for a system that actually works for the people using it — or whether you'll still be photographing your driver's license in 2030, wondering why nothing has changed.
Ready for forensic-grade facial comparison?
Full forensic reports with detailed similarity scoring. Results in seconds.
Run My First SearchMore News
That "Urgent" Call From Your Boss? The Face and Voice Are Fake — and It Just Stole $1.1 Billion
Criminals used AI to fake NatWest's CEO in a fabricated BBC interview. Deepfake fraud just drained $1.1 billion from U.S. companies in a single year — and your next fake authority figure may already be in your inbox.
ai-regulationThat "Real" Face on Your TV? ESPN Just Proved You Can't Tell Anymore
ESPN used deepfake technology to recreate Al Davis and Pete Rozelle in a documentary — and most viewers just… watched it. That casual moment is the beginning of something much bigger.
ai-regulationYour Kid Got Past the Age Check. Now Watch What the App Does to Their Brain.
A new House measure wants social media platforms to verify users' ages AND answer for the algorithms deciding what kids see once they're inside. The second part is the bigger deal — and most parents haven't heard about it yet.
