Will the EUDI wallet tame the scam Wild West, or just perfect the A layer?

Rob Neely, Payments and Fraud Expert and Founder at Securely Group, tackles the adoption of the EUDI wallet under the revised eIDAS regulation, a real breakthrough for digital identity in Europe, its uses, and its limitations.

The European Digital Identity (EUDI) wallet is one of the most significant infrastructure reforms in the European digital policy in a decade. Under the revised eIDAS regulation, every EU member state must offer at least one EUDI wallet by late 2026. The wallet will allow citizens and residents to prove who they are, store government-issued credentials, and share verified attributes securely across borders.

It is a major breakthrough for digital identity in Europe.

However, the difficult question is will the EUDI wallet materially reduce scams that originate in social media and peer-to-peer environments, or will it primarily strengthen what can be described as the A layer of identity, without reshaping where most fraud actually begins?

To answer that, it helps to look at identity in three layers.

A is for attributes and authentication: where EUDI excels

On the A layer, EUDI is transformative. For the first time, Europe will have a harmonised, state-backed digital identity framework that works across all member states. Instead of fragmented national schemes and repetitive document uploads, users will hold verified credentials in a secure mobile wallet. These credentials may include personal identification data issued at the highest assurance level, along with electronic attestations such as driver licences, diplomas, or professional certificates. In this case, identity becomes reusable.

A citizen verified in one member state will be able to reuse trusted credentials to open a bank account, access a public service, or authenticate to a regulated private service in another. Deloitte has noted that this could reduce onboarding friction dramatically, potentially cutting verification timelines by up to 90 percent in financial services.

Equally important is privacy by design. The EUDI wallet supports selective disclosure and cryptographic proofs. A user can confirm they are over 18 or a resident in Germany without revealing their exact birthdate or full address. Only the minimum required data is shared. This aligns with GDPR principles and significantly reduces unnecessary data exposure.

For banks and payment providers, this is a structural improvement. It reduces reliance on static document uploads, improves consistency in KYC processes, strengthens authentication, and lowers fraud risk at the account opening stage. It also replaces fragmented national approaches with a common legal and technical framework across the EU.

On the A layer, EUDI solves real problems.

B is for bridging: where the Wild West begins

The difficulty is that most scams do not originate at the A layer.

They begin in what can be described as the B layer – the bridge between regulated identity systems and the social environments where trust is created or manipulated. These include social networks, messaging apps, online marketplaces, gaming communities, and dating platforms.

Fraud often starts with a direct message, a fake profile, a cloned listing, or a persuasive video call. These interactions usually rely on self-declared handles and easily created email accounts. There is typically no requirement for high-assurance identity at the initial point of contact.

Current fraud data underscores this. UK investigations have found that roughly three quarters of scams originate on social media, online marketplaces, or dating platforms. In the United States, consumer data indicated that approximately one in four fraud losses reported since 2021 began on social media, and after the introduction of FedNow, in 2023, it’s now three out of four.

The EUDI framework does not mandate universal identity verification across these environments. Use of the wallet is voluntary for citizens. By late 2027, Very Large Online Platforms (VLOPs) must accept EUDI authentication if a user chooses to use it. However, platforms are not required to make wallet verification mandatory for all users. This distinction matters.

A platform cannot refuse a user who wishes to authenticate via EUDI. But it does not have to require EUDI for everyday interaction. As a result, unverified or pseudonymous profiles may continue to operate at scale.

In practical terms, Europe may soon have elegant digital wallets for formal transactions, while the identities that initiate scams remain disposable. That is the structural gap.

C is for certification and consequences: the missing layer

The third layer is conceptual rather than legislated and can be described as certification and consequences.

The EUDI Wallet establishes high-assurance identity. It does not currently create a system that certifies everyday social or marketplace profiles against that identity, nor does it impose new consequences across platforms when verified identities are misused.

Creating a true C layer would require additional policy innovation and could include:

• Optional certification of online profiles against regulated identity sources under user consent, allowing platforms and users to distinguish between low-assurance and high-assurance accounts.
• Context-based rules where higher-risk actions require stronger identity. For example, listing high-value goods, initiating large peer-to-peer transfers, or contacting minors could require verified adult status.
• Alignment of liability and incentives, so responsibility for scams that originate on platforms does not rest solely with banks at the payment stage.

However, none of these measures are mandated under eIDAS 2.0. The regulation clarifies liability for wallet providers, issuers, and relying parties within the identity transaction itself. It does not extend that liability framework to broader social misuse or cross-platform fraud accountability.

As a result, EUDI perfects the A layer but does not automatically extend into B, nor does it implement C.

The hard questions for payments and fraud professionals

This leads to several difficult but necessary questions:

• What will EUDI immediately change in fraud outcomes? It will improve onboarding, reduce document forgery, and strengthen authentication. It may improve attribution where a verified identity is involved. However, if scammers avoid wallet use in unregulated channels, the impact on authorised push payment fraud or romance scams may be limited in the short term.
• Should high-impact online environments remain structurally weaker than bank account opening? A cloned social media profile can cost someone their job, their rental opportunity, or their life savings. Yet creating such a profile is far easier than opening a basic financial account. Is that asymmetry sustainable?
• Does Europe want reusable identity limited to login and KYC, or does it want identity states that carry weight in scam-prone environments? EUDI provides the technical foundation for   broader trust signalling. Whether it becomes the basis for profile certification, age-restricted communication, or cross-platform enforcement remains a political and regulatory decision.

Foundation or the final step?

The EUDI wallet is a necessary and sophisticated foundation for digital identity in Europe. It introduces harmonisation, selective disclosure, and high-assurance credentials at scale. But it does not, on its own, tame the scam Wild West.

If Europe wishes to meaningfully reduce social-originated fraud, additional measures will be required to bridge regulated identity into the environments where trust is most often exploited. The real debate is not whether EUDI is valuable. It is whether policymakers and industry are prepared to build beyond the A layer and consider how certification and consequences might reshape the broader digital ecosystem.

That conversation has only just begun.

Rob Neely will be present as a speaker on the panel session ‘ABC of digital identity’ at the MPE Berlin 2026, on 18 March. Check out MPE’s full agenda here.

 

About the author

Rob Neely is the Founder and Managing Director of Securely Group, an international award-winning fintech innovator dedicated to revolutionising secure digital payment transactions and identity verification globally. With an entrepreneurial career spanning decades, Rob has successfully built and scaled businesses globally, driven by his passion for innovation, cybersecurity, and combating online fraud. A respected thought leader, Rob leverages deep expertise and strategic vision and is considered a leader in fintech disruption.