Home Industry Banking and finance The Checkout of 2030: Identity...
Banking And Finance
CIO Bulletin,
15 May, 2026
Author:
Ilya Mikin, CEO & Founder, Wall ID
Ilya Mikin spent a decade in large corporations and e-commerce before he decided to build a fintech company. The impulse came from a simple observation about an industry he had watched for years.
"The way merchants onboard and convert customers through checkout is fundamentally wasteful, and most of the industry seems content to keep it that way," he said.
The numbers bear this out. For any e-commerce business today, roughly two pence of every pound a customer spends goes to intermediaries before it ever reaches the merchant's bank account. Layer on chargebacks, declined authorisations, reconciliation overhead, and fraud losses, and the picture worsens further. The global cost of checkout friction exceeds $200 billion a year for an SME merchant operating on thin margins, that is the difference between survival and shutdown.
"Because the problem was too obvious to ignore," he said, when asked why he left corporate life to start an open-banking checkout company.
Credit and debit cards still account for roughly 80% of online transactions. They were designed for a physical world, plastic rectangles swiped across countertops, and then retrofitted for digital commerce through layers of middleware: gateways, processors, acquirers, card networks, issuing banks. Every layer takes a cut. Every layer adds latency. Every layer introduces a new failure point.
The result is a system where a merchant pays 1.5 to 2% per transaction, waits days for settlement, absorbs the cost of chargebacks they didn't cause, and has no reliable way to verify who's actually on the other end of the purchase. For high-value goods, age-restricted products, or cross-border sales, the friction multiplies.
Cards won't disappear. But they will become one option among several, and probably not the cheapest or smartest one.
The regulatory environment is finally catching up to the technology. In the UK, the FCA is expected to receive new legislative powers to set open banking rules in 2026, and the first commercial variable recurring payments went live under the UK Payments Initiative at the start of this year. Across the channel, the EU's provisional agreement on PSD3 and its companion Payment Services Regulation is set to reshape fraud liability, strengthen API access obligations, and push open finance well beyond payment accounts into pensions, insurance, and lending.
For Mikin, the excitement lies not in the regulation itself but in what it enables.
"Open banking turns a bank account into an API endpoint," he explained. "Instead of routing a payment through four intermediaries, you initiate it directly from the customer's bank to the merchant's bank. The transaction settles in seconds. There's no chargeback risk because the customer authenticated the payment in their own banking app. And the cost drops by 60 to 70%."
He concluded that this represented a structural shift, and one that opens the door to something most payment companies are still underestimating.
After three years building Wall ID, Mikin reached a conclusion that reframed the entire problem.
"The payment itself is only half the problem," he said. "The other half is identity."
When a customer pays by card, the merchant knows almost nothing about them, not their real name, not their age, not whether their billing address matches their delivery address. All of that has to be collected separately, verified separately, stored separately, and reconciled separately. It is expensive, it is clunky, and it is the reason merchants spend a fortune on fraud prevention tools that still miss roughly $48 billion in losses every year.
Open banking changes this equation. With the customer's consent, the data already sitting in their bank account, name, date of birth, address, transaction history, can flow alongside the payment. Identity becomes part of the payment rail.
He decided to turn that principle into a product: an identity-linked pay-by-bank checkout for ecommerce merchants that verifies who the customer is, pre-populates their details, and enables personalised offers, all in a two-tap flow with no sign-ups or new accounts required, installable in minutes via plug-and-play plugins on main platforms.
"The most interesting fintech opportunities right now sit at the intersection of payment rails and data layers," he said. "Moving money and verifying identity in the same flow reduces cost and unlocks conversion, personalisation, and trust that card networks can't match."
There is, however, a hard question embedded in this identity-linked model. If personal data is being pulled from a customer's bank account to verify them at checkout, where does that data live, who controls it, and what happens when the customer wants it deleted?
Under GDPR, every piece of PII processed creates exposure. The processor becomes a data controller, subject to consent management, retention policies, breach notification procedures, and full liability if anything goes wrong. For a checkout provider handling millions of transactions, that is a serious accumulation of risk, a point made explicit by the European Data Protection Board in its April 2025 guidelines on blockchain and personal data, which strongly discouraged storing personal data directly on-chain unless justified through a full Data Protection Impact Assessment.
This is where distributed ledger technology becomes relevant, and where Mikin observed that most people get the architecture wrong. The naive approach, writing customer data onto a blockchain, is a compliance disaster. Immutability contradicts the right to erasure. Global node distribution complicates regulatory supervision.
He decided instead on a three-layer model. Personal data stays off-chain, under user control. Open banking data is processed ephemerally and never written to a ledger. The DLT stores only cryptographic proofs and verification hashes, attestations that confirm facts like "this person is over 18" or "this address matches the bank record" without revealing the underlying information. Verifiable credentials then bridge the two layers, giving the merchant a cryptographically signed attestation of verified identity without ever exposing raw personal data.
"The merchant gets the same outcome, verified identity, pre-populated checkout, personalised offers — but neither the checkout provider nor the merchant needs to store the PII," he said. "You process it, verify it, discard it. The DLT provides the audit trail and the trust anchor. The customer's data liability surface shrinks dramatically."
Zero-knowledge proofs are what make this practical, allowing verification of specific attributes without disclosing the source data — a direct implementation of GDPR's data minimisation principle, confirmed in recent academic literature as a reasonable and enforceable option for digital identity wallets. The W3C Verifiable Credentials 2.0 standard, finalised in 2025, provides the interoperability framework across platforms and jurisdictions.
He noted the regulatory convergence as striking: by the end of 2026, every EU member state must provide a European Digital Identity Wallet under eIDAS 2.0; from 2027, regulated private sectors including banking must accept these wallets for authentication; and in March 2025, CEN/CLC established a new working group specifically to produce standards for personal data protection within DLT. Three regulatory tracks - open banking, digital identity, and DLT data protection — are arriving at the same station simultaneously.
He described the next frontier as the one occupying most of his thinking: what happens when AI is layered on top of consented open banking data.
"Imagine a returning customer lands on a merchant's site," he said. "Based on their verified purchase history and financial signals, the checkout can dynamically surface a personalised discount, adjust a loyalty offer, or flag a high-risk transaction — all before the customer clicks 'pay.' The merchant gets higher average order values and lower fraud. The customer gets a faster, more relevant experience. And because the data is consented and bank-verified, it sidesteps the privacy minefield that's made third-party cookies and tracking pixels increasingly untenable."
This is already happening. Shopify's integration with ChatGPT for product discovery, combined with open banking checkout infrastructure, is creating the conditions for AI-native commerce where the search, the recommendation, and the payment happen in a single agentic flow.
Drawing on his own experience, Mikin offered three conclusions.
He said founders should build for the platform, not around it. Wall ID grew to hundreds of merchants and 20% month-on-month app download growth largely by going platform-native from day one. Most competitors in the pay-by-bank space still route through partner integrations or middleware — a distribution disadvantage that no amount of funding can easily fix.
He decided that the right frame is the merchant's P&L, not the product's feature set. Merchants care about margin. If a product can demonstrably add three to six percentage points to a store owner's bottom line through lower fees, fewer chargebacks, higher conversion, and automated reconciliation, the sales conversation becomes very short.
And he urged founders not to underestimate regulatory timing. "The VRP roadmap, PSD3, the Data Use and Access Act, Apple opening NFC access to third-party wallets — these are commercial triggers," he said. "The founders who build for what the regulation enables, rather than what it currently permits, will own the next wave."
"The checkout has been broken for twenty years," he concluded. "The tools to fix it finally exist. The question is who moves fast enough to assemble them."
Ilya Mikin is the Founder and CEO of Wall ID (wallid.co), an identity-linked pay-by-bank checkout platform for Shopify and WooCommerce merchants. He is based in London.
 consultants ltd.jpg)
