ISO 18013-7 mDLs in Bank Onboarding and KYC (2025)

60-page Enterprise Passkey Whitepaper:
Learn how leaders get +80% passkey adoption. Trusted by Rakuten, Klarna & Oracle

Get free Whitepaper

For years, remote bank onboarding has relied on cumbersome Know Your Customer (KYC) processes that typically require users to scan a physical ID or driver's license, often combined with a liveness check or a live video call. This method is high-friction and exposed to new AI-based security vulnerabilities.

However, a major shift is occurring. Over the next few years, these legacy processes will be replaced by secure, user-centric digital credentials. Central to this transformation is the mobile driver's license (mDL), which has already started to spread across different regions. The ISO/IEC 18013-7 standard is the key enabler, providing a secure framework for presenting these digital IDs online.

While our previous article on the Digital Credentials API (2025): Chrome & Safari covered the broader technology, this analysis focuses specifically on how ISO 18013-7 compliant mDLs are being adopted in banking. We will examine the current early state in three key markets, the United States, Australia, and Europe, to understand how financial institutions are starting from early pilots to the first live production systems.

In the U.S., the adoption of mobile driver's licenses for remote KYC is moving from government-led pilots to concrete implementation plans by major financial institutions. A key milestone was the official publication of the ISO/IEC 18013-7 standard on October 7, 2024, which defines the protocol for securely presenting an mDL over the internet.

While no bank has launched a full-scale online mDL onboarding process as of mid-2025, the foundations are being established. An important development is Apple's "Verify with Wallet on the Web" feature, announced at WWDC 2025 alongside comparable progress on Google's Chrome browser. This feature will allow users to share verified identity information from state-issued mDLs stored in Apple Wallet or Third-Party-Wallets directly with websites, representing a significant catalyst for mainstream adoption.

Below is a summary of key initiatives in the U.S.:

Apple's announcement named a broad set of launch partners, including financial institutions U.S. Bank and Chime, and other services like Turo and Uber Eats. This indicates that later in 2025, their customers are expected to be among the first to use an iPhone's digital ID instead of uploading physical documents. The initiative is also supported by state motor vehicle agencies in Arizona, Georgia, and Maryland. Beyond Apple's ecosystem, the U.S. National Cybersecurity Center of Excellence (NCCoE) continues its project to build a reference architecture to accelerate mDL adoption for online identity proofing.

Australia has been a global frontrunner in the rollout of state-level digital driver's licences (DDLs). The financial regulator, AUSTRAC, gave its approval back in 2019 for banks to accept these digital IDs for KYC purposes. However, the market is in a phase of transition, moving from manual online checks to exploring more integrated digital identity platforms.

Many banks still rely on the classic, high-friction method for online KYC: requiring customers to take and upload photos of their physical driver's license, often paired with a "liveness" check where the user takes a selfie or short video. Stepping beyond this, some institutions have implemented intermediate solutions. For example, ANZ Bank's eVerify system digitizes part of the process, allowing customers to verify themselves by manually entering their Driver Licence Card Number (DLCN) online, which is then checked against a government database. While more streamlined than photo uploads, this does not yet constitute a fully automated mDL verification where data is exchanged securely and instantly with a single tap.

While the regulatory framework is in place, a seamless, API-driven data exchange based on ISO 18013-7 is not yet standard practice across the major banks. The industry is positioned for this shift as national digital ID frameworks mature and more states evolve their DDLs to be fully compliant with a future online standard.

In contrast to the market-driven adoption in the US and Australia, the European Union is pursuing a top-down "push" strategy. Through a regulation known as eIDAS 2.0, the EU is mandating the creation of a single, interoperable digital identity market. The cornerstone of this initiative is the EU Digital Identity (EUDI) Wallet, a mobile app that every member state must offer to its citizens by 2026/2027. This wallet is designed to hold a wide array of verified digital credentials, such as educational diplomas, travel passes, and professional certifications.

For banking and regulated industries, two credentials within the wallet are interesting: the Person Identification Data (PID), which serves as the official national digital ID, and the Mobile Driving Licence (mDL). While they serve different functions, the technical architecture for both is based on the ISO series of standards, making the mDL format discussed in this article a core component of the EU's identity framework. The wallet will allow individuals to share these government-verified attributes with banks and other private companies in a secure, user-controlled way.

This regulatory mandate is being actively defined through several Large-Scale Pilots (LSPs) launched in 2023 to test real-world banking and payment use cases. These pilots involve hundreds of public and private entities, including major financial institutions. For regulated industries like banking, participation is mandatory. The regulation requires them to accept the EUDI Wallet for customer identification and strong customer authentication (SCA) by 2027.

Below is a summary of key initiatives driving mDL and digital ID adoption in European banking:

This regulatory mandate will effectively commoditize high-assurance identity verification. When a core business process like KYC becomes a universal, government-backed utility, the competitive focus will shift from how a bank verifies an identity to what it does with that trusted identity. Banks that can leverage verified wallet attributes to deliver superior services—like instant loan approvals or seamless cross-border payments—will gain the advantage. The EUDI Wallet is not just a compliance exercise; it is a market shift forcing every financial institution in Europe to prepare for the next generation of digital banking.

The era of high-friction KYC, forcing customers to scan physical documents and perform liveness checks, is approaching its end. As this article has shown, the transition to secure, one-tap digital ID verification is well underway, but the path to adoption differs significantly across the globe. In the United States, the push is market-led, with tech giants like Apple partnering with forward-thinking banks such as U.S. Bank and Chime. In Australia, a progressive regulatory environment has prepared the ground, but adoption is more gradual as the market transitions from manual checks to truly integrated digital ID networks. Meanwhile, the European Union is pursuing a powerful top-down mandate, compelling its entire banking sector to adopt the EUDI Wallet and its underlying ISO-compliant credentials by law.

Despite these different strategies, a common technical foundation is emerging: the ISO/IEC 18013-7 standard. Whether driven by market demand or regulatory mandate, it is becoming the global blueprint for how we securely share identity online. The trajectory is clear. By late 2025 and into 2026, the first wave of ISO-compliant onboarding flows will likely go live, transforming the user experience and enhancing security through cryptographic data verification. Ultimately, the adoption of ISO 18013-7 represents a global shift towards a more secure, private, and efficient digital economy, where verified identity is no longer a barrier but a seamless enabler of trust.