---
url: 'https://www.corbado.com/blog/digital-identity-gap'
title: 'Digital Identity Gap and Authentication Telemetry'
description: 'Regulated industries face a digital identity gap that stalls digitization. Authentication telemetry explains why users fail at login and how to get them into digital channels.'
lang: 'en'
author: 'Vincent Delitz'
date: '2026-04-20T05:38:55.543Z'
lastModified: '2026-04-22T06:01:12.855Z'
keywords: 'digital identity gap, authentication telemetry, digital channel adoption, digitization strategy, login failure analysis, regulated industries digital onboarding'
category: 'Passkeys Strategy'
---

# Digital Identity Gap and Authentication Telemetry

## 1. Introduction

In 2026, digitization is the CEO priority for every regulated enterprise. Yet digital
adoption numbers come from a subset of the customer base.
[FDIC's 2023 National Survey](https://www.fdic.gov/household-survey/2023-fdic-national-survey-unbanked-and-underbanked-households-report)
reports about one third of banked households did not use online
[banking](https://www.corbado.com/passkeys-for-banking) in 2023.
[HINTS/JMIR 2025](https://jmir.org/2025/1/e60472) shows 38.7% of US adults did not access
a patient portal in the last 12 months.
[ABA Bank on It 2025](https://www.ausbanking.org.au/wp-content/uploads/2025/06/252903-Bank-on-It-Report-2025-ART-WEB.pdf)
puts Australian banks at 99.3% online interactions. The offline remainder is structurally
loss-making. Every customer who fails to sign up or log in becomes a growing cost-to-serve
problem the board can no longer ignore, and a blocker for agentic AI, embedded finance and
shrinking branch footprints.

## Key Facts

- **Digitization** is a board-level KPI in regulated industries - every customer who
    cannot sign up or log in digitally blocks it. - Reported adoption counts **active
    digital users, not the full base** - leaving a **10-40% digital identity gap**
    invisible to dashboards. - **FDIC 2023**: ~1 in 3 banked households skipped online
    banking. **HINTS/JMIR 2025**: **38.7%** of US adults never accessed a patient portal.
    - **Over 80%** of sign-up and login failures happen client-side and never reach the
    backend IdP (Corbado observability data). - **Forrester**: ~**USD 70** per
    password-reset incident; failed-login rates correlate directly with **churn and
    support cost**. - **McKinsey 2024**: a leading Asian bank cut cost-to-income for
    online customers by **50%** versus traditional ones. - **Agentic AI**, chat channels
    and embedded finance assume a fully digital customer - non-digital users become a
    product-reach problem, not just a cost one.

## 2. What is the Digital Identity Gap?

The [digital identity](https://www.corbado.com/blog/digital-identity-guide) gap is the share of a
regulated-industry customer base that exists on file but never activated or used an online
login. In US [banking](https://www.corbado.com/passkeys-for-banking), FDIC 2023 reports about one in three banked
households did not use online [banking](https://www.corbado.com/passkeys-for-banking) at least once that year. In
US [healthcare](https://www.corbado.com/passkeys-for-healthcare), HINTS/JMIR 2025 puts the never-accessed-portal
cohort at 38.7% of adults. The gap is invisible to adoption dashboards because the
denominator starts at "users with a recent session".
[McKinsey's 2024 State of Retail Banking](https://www.mckinsey.com/industries/financial-services/our-insights/the-state-of-retail-banking-profitability-and-growth-in-the-era-of-digital-and-ai)
reports branches still account for 72% of new current accounts and 92% of new
current-account balances in North America.

## 3. Customers with no Online Login at All

In banking, [healthcare](https://www.corbado.com/passkeys-for-healthcare), [insurance](https://www.corbado.com/passkeys-for-insurance),
utilities and [public sector](https://www.corbado.com/passkeys-for-public-sector), a durable segment has never
logged in online. Accounts were opened in-branch or through a broker. Patients signed
paperwork at a clinic. Policyholders bought through an agent. Utility customers inherited
a meter reading. They pay and consume products. They hold no online session any prompt can
reach.
[Bankrate's 2025 digital-banking trends summary](https://www.bankrate.com/banking/digital-banking-trends-and-statistics/)
shows 45% of non-digital customers cite branch preference and 42% cite security concerns.
The
[ONC Health IT 2024 data brief](https://beta.healthit.gov/data/data-briefs/individuals-access-and-use-patient-portals-and-smartphone-health-apps-2024/)
puts the equivalent [healthcare](https://www.corbado.com/passkeys-for-healthcare) figure at 35% of US adults who
did not access a patient portal in 2024, down from 49% in 2022.

## 4. Why the Gap is invisible on Adoption Dashboards

Adoption dashboards start the denominator at "users with a session in the last N days".
Customers outside that window are not counted as unadopted. They are counted as absent. A
headline like "68% of patients accessed a portal in the last year" can be correct and
incomplete at once. The
[ONC Health IT 2024 data brief](https://beta.healthit.gov/data/data-briefs/individuals-access-and-use-patient-portals-and-smartphone-health-apps-2024/)
shows 65% of US adults accessed a portal in 2024, up from 51% in 2022. The remaining 35%
absorb a disproportionate share of call-center volume and manual intake cost. They never
appear in portal-adoption reporting.

## 5. Difference between "has not adopted" and "cannot get in at all"

A customer who logs in with SMS OTP but never upgrades to a passkey is a conversion
problem. A customer who tries to sign up and abandons at step three is a funnel problem. A
customer with no online profile is an identity problem. Each needs a different fix and has
a different cost to resolve. Conflating them inside one adoption metric produces the wrong
roadmap. It also breaks the digitization target the CEO is tracking, because the three
segments respond to completely different interventions at different unit economics and
different support-organization load per customer.

## 6. Who these Users are: the older Demographic Assumption and its Limits

The [digital identity](https://www.corbado.com/blog/digital-identity-guide) gap is not a demographic monolith.
Four segments explain most of it: older customers with working but seldom-used logins,
field workers whose context makes smartphone login impractical, privacy-averse users who
refuse biometric binding and customers on file who never completed a digital sign-up. The
reflexive assumption is that the gap maps to older customers. The evidence pushes back.
The
[Lloyds 2025 Consumer Digital Index](https://www.lloydsbankinggroup.com/assets/pdfs/media/consumer-digital-index/2025/2025-consumer-digital-index.pdf)
reports 86% of UK adults aged 60+ are online and 93% of those online use internet banking
monthly. The
[Pew Research 2024 internet usage report](https://www.pewresearch.org/internet/fact-sheet/internet-broadband/)
shows US adults aged 65+ at 90% internet adoption. Older customers in regulated markets
have logins. They may use them less often, but they are not the absence cohort.

## 7. Field Workers, Trades and Shift Roles without Smartphones at Hand

A sizable slice of the gap sits with customers whose work context makes smartphone login
impractical. Field workers, trades, heavy-machinery operators, warehouse staff and shift
workers cannot take a personal device onto the floor. The technology is not the barrier.
The context is.
[BLS 2024 Employment Data](https://www.bls.gov/emp/tables/employment-by-major-industry-sector.htm)
puts US non-desk occupations at over 70 million workers. Any fix has to work when the
personal device is out of reach during the work day. It often has to accommodate a shared
workstation instead, with clear session isolation so credentials do not leak between users
on the same device.

## 8. Privacy-averse Users and Customers on File who never completed Sign-up

A smaller but durable segment is privacy-averse. They do not want a biometric stored on a
device they do not fully trust. They may own the smartphone. They choose not to use it for
login. This cohort responds to paths that do not require biometric binding, such as a
hardware [security key](https://www.corbado.com/glossary/security-key) or a device-bound credential unlocked with
a user PIN.

The largest segment is different. Customers are known to the enterprise through a branch,
broker, agent or clinic intake. They either never attempted a digital sign-up or tried and
dropped off. They are operationally known and digitally invisible at once. This is where
most of the digitization loss happens and where authentication telemetry has the biggest
leverage.

## 9. Why Digitization is the CEO-level Strategic Driver

Every CEO in a regulated industry is under explicit pressure to push more customers into
digital channels. Cost-to-serve compression, agentic AI, shrinking branch footprints and
disappearing paper statements all make each non-digital customer more expensive every
year.
[McKinsey's 2024 retail-banking report](https://www.mckinsey.com/industries/financial-services/our-insights/the-state-of-retail-banking-profitability-and-growth-in-the-era-of-digital-and-ai)
documents a leading Asian bank cutting its cost-to-income ratio for online customers by
50% versus traditional ones.
[UK consultancy estimates](https://techbullion.com/__trashed-88/) place the fully loaded
cost of a traditional [retail](https://www.corbado.com/passkeys-for-e-commerce) current-account customer at GBP
100-250 per year. Digital-native challengers operate at a fraction of that. The
[ABA Bank on It 2025 report](https://www.ausbanking.org.au/wp-content/uploads/2025/06/252903-Bank-on-It-Report-2025-ART-WEB.pdf)
puts Australian banks at 99.3% online interactions. The gap widens every year the offline
cohort stays offline.

## 10. Why getting Users into digital Channels is a Strategic Question

A customer who cannot sign up or log in digitally costs more to serve. They cannot be
routed through agentic AI. They are invisible to cross-sell. They produce no behavioral
data the enterprise can learn from. Regulators amplify the pressure:
[PSD3](https://www.corbado.com/blog/psd3-psr-passkeys), the
[ONC Cures Act Final Rule](https://www.healthit.gov/topic/information-blocking),
[CMS interoperability rules](https://www.cms.gov/priorities/key-initiatives/burden-reduction/interoperability)
and [eIDAS 2.0](https://www.corbado.com/glossary/eidas) all assume customers can authenticate on their own
device. The
[Baymard Institute 2025 checkout research](https://baymard.com/lists/cart-abandonment-rate)
puts account-creation friction among the top reasons for
[e-commerce](https://www.corbado.com/passkeys-for-e-commerce) abandonment. Regulated channels show the same
pattern at higher severity, because identity-binding and risk-based step-up requirements
make every extra step more likely to fail.

## 11. Why Agentic AI raises the Stakes further

[Agentic commerce](https://www.corbado.com/blog/agentic-commerce-digital-payments), chat-based banking,
AI-assisted [insurance](https://www.corbado.com/passkeys-for-insurance) claims and voice-driven healthcare triage
all assume the customer has a [digital identity](https://www.corbado.com/blog/digital-identity-guide) the system
can authenticate against. An agent calling an API on behalf of a customer cannot call it
for a customer who does not exist digitally. The
[2025 FIDO Alliance Passkey Index](https://fidoalliance.org/passkeys/) shows passkey
ceremonies succeed 93% of the time versus about 63% for password plus SMS OTP. That delta
compounds for agentic flows. Every failed step triggers a human handoff and erases the
cost advantage of automation.
[OpenAI's 2025 operator research](https://openai.com/index/introducing-operator/) and
[Anthropic's Claude computer-use release](https://www.anthropic.com/news/3-5-models-and-computer-use)
both assume an already-authenticated user session.

## 12. Why Backend Logs miss most Sign-up and Login Failures

Over 80% of sign-up and login failures happen on the consumer's device before any request
reaches the backend IdP, per Corbado
[authentication observability](https://www.corbado.com/blog/authentication-observability) data.
[Baymard's 2025 checkout studies](https://baymard.com/lists/cart-abandonment-rate)
document matching form-abandonment rates of 20-40% on mobile, often before any server
request fires. The IdP sees a healthy success rate on the requests it did receive. The
real failure rate stays hidden. Per Corbado observability data, silent failures cluster on
specific device, OS or browser combinations and hit predictable cohorts
disproportionately. The [Can I Use WebAuthn registry](https://caniuse.com/webauthn)
documents the browser-level variance that drives most failures.

## 13. Login Failures as a Revenue Metric

Sign-up abandonment and login failure are revenue metrics, not operations metrics. The
[Corbado analytics playbook](https://www.corbado.com/blog/authentication-analytics-playbook) correlates elevated
failed-login rates with churn, support volume and abandoned-session revenue loss.
[Forrester](https://www.daon.com/resource/why-strong-onboarding-eliminates-password-resets/)
places the fully loaded cost of a password-reset incident at roughly USD 70.

Questions that decide P\&L, answerable only from client-side telemetry:

- Which cohorts fail to sign up or log in, on which devices, at which point in the flow?
- Is the failure a UX, device-capability, recovery or delivery issue?
- What is the revenue-weighted cost of those failures in the last quarter?
- Which interventions pay back fastest, and for which segment?

## 14. Authentication Telemetry as the Foundation

Authentication telemetry is the client-plus-server data layer that captures every sign-up
and login event, including the ones that never reach the backend, and correlates them with
business outcomes. It is the precondition for every downstream digitization decision. A
telemetry layer captures the full ceremony on the client: which
[authenticator](https://www.corbado.com/glossary/authenticator) was available, which prompt was shown, how the
user responded, which transport failed, how long each step took and which device, OS and
browser version was in use. Correlated with the server-side outcome, it produces a
complete picture of why a session succeeded or failed, down to the cohort. The
[authentication observability](https://www.corbado.com/blog/authentication-observability) article covers the
event model and its mapping to the WebAuthn and [FIDO2](https://www.corbado.com/glossary/fido2) specifications.

## 15. Connecting Login Data to Business Outcomes

Telemetry is useful when it exposes metrics that map directly to P\&L. The starter set,
adapted from the Corbado analytics playbook and the
[authentication error rate KPI](https://www.corbado.com/kpi/authentication-error-rate):

| Metric                                         | Business Outcome it drives                                |
| ---------------------------------------------- | --------------------------------------------------------- |
| Sign-up Completion Rate                        | Digitization KPI, customer-acquisition-cost payback       |
| Login Success Rate (LSR)                       | Conversion on every authenticated page, renewal, checkout |
| Authentication Error Rate (AER) by reason code | Support-ticket volume and cost per incident               |
| Authentication Drop-Off Rate                   | Lost revenue on abandoned sessions                        |
| Reach Rate by Cohort                           | Segment-level digital-channel ceiling                     |
| Time-to-first-authenticated-Action             | Onboarding conversion and cost-to-serve                   |

Each row becomes observable only when the telemetry layer captures client-side events and
correlates them with server-side outcomes.

## 16. Telemetry as a Precondition, not a Reporting Tool

Authentication telemetry is not a reporting tool. It is the precondition for every
strategic decision about digital channels. Sign-up flow investment, agentic-AI rollout
timing, support staffing, channel-specific help content and credential strategy (SMS OTP,
passkeys, hardware keys) all depend on knowing why specific cohorts succeed or fail.

Enterprises without telemetry run three classic anti-patterns at once:

- Redesigning a sign-up flow based on aggregate conversion, when the failures concentrate
  in one browser segment
- Pushing credential upgrades to the wrong cohort, because the largest failing segment
  never reaches the prompt
- Reporting healthy success rates to the board, because client-side failures never surface

## 17. How to close the Digital Identity Gap: Instrument the Funnel first

Closing the gap starts with making sign-up and login work for the cohorts that fail.
Identity-binding layers on only where the use case requires it. Telemetry is the
precondition. The first step is visibility: capture every sign-up and login event from the
client, correlate with the backend and segment by cohort. The
[authentication analytics playbook](https://www.corbado.com/blog/authentication-analytics-playbook) covers the
minimum event model. Corbado observability data shows enterprises typically discover their
reported success rate overstates reality by 10-25 percentage points once client-side
events are captured.
[Baymard's 2025 checkout research](https://baymard.com/lists/cart-abandonment-rate)
documents the same abandonment pattern in [e-commerce](https://www.corbado.com/passkeys-for-e-commerce) at
comparable severity.

## 18. Fix Client-side Failures and match Authentication Options to the Segment

Most gap closure happens through fixing boring failure causes. Missing email
verifications. SMS OTP delivery failures. Expired sessions. Browsers without WebAuthn
support. Password managers fighting the form. Confusing prompts on older operating
systems. The [Baymard checkout research](https://baymard.com/lists/cart-abandonment-rate)
ranks account-creation friction among the top abandonment drivers; regulated onboarding
repeats the pattern at higher severity.

Different cohorts then need different options. Mobile-first customers respond to passkeys.
The
[FIDO 2025 consumer survey](https://fidoalliance.org/content-ebook-consumer-password-and-passkey-trends-wpd-2024/)
reports 69% of consumers have enabled passkeys on at least one account. Field workers need
options that do not require a personal smartphone. Privacy-averse users respond better to
hardware keys or PIN-unlocked device credentials than to biometric binding. The goal is to
maximize successful logins across the full base, not a single credential type.

## 19. Supervised Onboarding and Identity Verification

For customers who still cannot complete a digital sign-up unaided, the operational unlock
is supervised enrollment in channels they already use: branch, call center and clinic. A
staff member completes the sign-up on a tablet or via a handoff link. A credential lands
on the customer's own device using cross-device flows. The customer can log in from home
afterwards.

[Digital identity verification](https://www.corbado.com/blog/digital-identity-verification) is a separate tool
for a separate problem: binding a legal identity to a digital session when the use case
requires it. That includes new-[account opening](https://www.corbado.com/blog/digital-identity-verification) in
regulated markets, high-value transactions and regulated self-service. For most existing
customers the question is not "did we legally proof them again?". It is "can they actually
get into their account?". [NIST 800-63 rev. 4](https://pages.nist.gov/800-63-4/) and
[eIDAS 2.0](https://www.corbado.com/glossary/eidas) matter for the proofing layer when required. Most
digitization wins come from fixing sign-up and login first.

## 20. Sign-up Completion Rate by Cohort

Three segmented metrics make the digital identity gap visible. The first is sign-up
completion rate by cohort. Of customers who started a digital sign-up in the last quarter,
what percentage completed and logged in at least once, segmented by acquisition channel,
device and browser. A bank may show 85% overall but 45% on older
[Android](https://www.corbado.com/blog/how-to-enable-passkeys-android) devices or 30% on a specific browser
version. Those cohorts block the digitization KPI. They are invisible in an aggregate
number. The [authentication error rate KPI](https://www.corbado.com/kpi/authentication-error-rate) reference
covers the segment-level measurement approach, and
[Google's Core Web Vitals 2024 report](https://web.dev/articles/vitals) documents a direct
correlation between mobile-specific device variance and conversion loss.

## 21. Reach Rate and Time-to-first-authenticated-Action

Reach rate divides active digital users by the full customer base, not by the active
subset. It segments by channel of [account opening](https://www.corbado.com/blog/digital-identity-verification)
and activity recency. See [passkey analytics](https://www.corbado.com/blog/passkey-analytics) for the event
model. A bank that shows 55% aggregate adoption may show 75% in the mobile-app cohort, 35%
in the branch-acquired cohort and 0% in the never-logged-in cohort. The second and third
numbers drive the roadmap.

Time-to-first-authenticated-action measures latency from
[account opening](https://www.corbado.com/blog/digital-identity-verification) to the first strongly-authenticated
interaction. [Authentication process mining](https://www.corbado.com/blog/authentication-process-mining) explains
the measurement approach. A 7-day median indicates healthy onboarding. A 90-day median
indicates a cohort that signed paperwork and never came back.

## 22. Conclusion

Digitization is the CEO-level KPI in every regulated industry. The digital identity gap is
the single largest thing blocking it. Reported online adoption is calculated on the subset
of customers who already made it past sign-up and login. The headline hides the 15-40% of
the base who silently fail or never try. With agentic AI, [PSD3](https://www.corbado.com/blog/psd3-psr-passkeys),
[eIDAS 2.0](https://www.corbado.com/glossary/eidas) and shrinking branch footprints all assuming a digitally
active customer, that hidden cohort is a strategic problem, not a UX problem.

The unlock in 2026 has two parts. First, authentication telemetry that makes every sign-up
and login event visible and segmented by cohort, including the 80%+ that never reach the
backend. That lets the enterprise see why specific users fail and which fixes pay back.
Second, a digital channel that works for the cohorts currently failing, with
authentication options matched to the segment and supervised onboarding in branch,
call-center and clinic channels. Measured honestly, reported adoption is lower than the
headline. Addressable digitization upside is larger.

## 23. FAQ

### What is the digital Identity Gap?

The digital identity gap is the share of a regulated-industry customer base that exists on
file but never activated or used a digital login. In US banking, FDIC 2023 reports about
one in three banked households did not use online banking at least once that year. In US
healthcare, the never-accessed-portal cohort reaches 38.7% of adults (HINTS/JMIR 2025).
The gap is invisible to adoption dashboards because they count only users with a recent
digital session.

### Why is digitization a CEO-level Priority in 2026?

Cost-to-serve compression, agentic AI, shrinking branch footprints and regulatory pressure
all reward enterprises that route more customers through digital channels. McKinsey's 2024
[retail](https://www.corbado.com/passkeys-for-e-commerce)-banking report documents a leading Asian bank cutting
its cost-to-income ratio for online customers by 50% versus traditional ones. Every
customer who fails to sign up or log in directly blocks the digitization KPI the board is
tracking.

### Why is the reported digital Adoption Number misleading?

Reported digital adoption divides active users by active users, not by the full customer
base. The cohort that failed sign-up or never came back is excluded from the denominator.
That overstates reach. A 45% adoption headline over active users can map to 37% reach over
the full base. The [passkey business-case guide](https://www.corbado.com/blog/passkey-adoption-business-case)
walks through the decomposition with worked numbers.

### Why do backend IdP Logs miss most Login Failures?

Over 80% of login failures happen on the consumer's device before any request reaches the
backend IdP, per Corbado
[authentication observability](https://www.corbado.com/blog/authentication-observability) data. Abandoned
sign-ups, undelivered email or SMS verifications, browsers without WebAuthn support,
prompts that time out and popups the browser blocked - none of these events appear in the
IdP log. The backend sees a healthy success rate on the requests it did receive.
Client-side telemetry is the precondition for real visibility.

### Why is Authentication Telemetry so important?

Authentication telemetry is the client-plus-server data layer that captures every sign-up
and login event, including client-side failures. It correlates them with business outcomes
like churn, support cost and revenue. Without it, an enterprise cannot tell why specific
cohorts fail. It cannot rank interventions by payback. It cannot defend the number it
reports to the board. It is the precondition for every strategic decision about digital
channels.

### How does Identity Verification fit in?

[Digital identity verification](https://www.corbado.com/blog/digital-identity-verification) matters where the use
case explicitly requires binding a legal identity to a digital session. That includes
new-account opening in regulated markets, high-value transactions and specific regulated
self-service flows. For most existing customers, the digitization question is not "did we
proof them again?". It is "can they actually get into their account?". Most closure of the
gap happens by fixing sign-up and login before any new proofing layer is invoked.

### What should Enterprises measure instead of aggregate Adoption?

Three segmented metrics: sign-up completion rate by device and browser cohort, reach as a
percentage of the full customer base (not just active users) and
time-to-first-authenticated-action. All three depend on an authentication telemetry stack
so reliability, error and drop-off KPIs correlate with business outcomes. The aggregate
adoption number alone hides the ceiling that blocks digitization.

## 24. About Corbado

[Corbado](https://www.corbado.com/) is an authentication telemetry and
[passkey adoption](https://www.corbado.com/blog/passkey-adoption-business-case) layer that sits above existing
IdPs and onboarding stacks. The platform captures client-side sign-up and login events
that backend logs miss. It reports reach against the full customer base, not only the
active subset. It supports supervised branch, call-center and clinic enrollment flows via
cross-device credential provisioning. It integrates alongside identity-verification
vendors rather than replacing them. Corbado's
[Connect product](https://www.corbado.com/connect) provides the drop-in telemetry and
adoption layer for regulated enterprises already running an IdP such as ForgeRock, Ping,
Okta or [Keycloak](https://www.corbado.com/blog/keycloak-passkeys).