Beyond the Mandate: Why Strong Digital Identity is Essential—With or Without Executive Order 14144

In an era where cyber threats are advancing at an unprecedented pace, the security of digital identities has become a national imperative. From AI-driven deepfake attacks, as addressed in the recent Executive Order (EO) M-25-21, to identity fraud and nation-state cyber campaigns, the vulnerabilities in digital identity are a persistent threat. The Executive Order (EO) 14144 on cybersecurity underscores the critical need for improved digital identity verification, fraud prevention, and secure authentication measures.

What happens if EO 14144 is rescinded? Does that mean these initiatives are no longer necessary? Absolutely not. These initiatives embody best practices to combat threats today and in the future.

The threats persist no matter what happens to the EO. Cybercriminals and adversarial nations do not wait for regulatory changes to exploit weaknesses in identity systems. Organizations that prioritize cybersecurity today will be far better equipped to defend against evolving threats, protect data, and maintain trust in their digital interactions.

Ping Identity recognizes that strong identity security is not just a compliance requirement — it is a fundamental necessity for digital trust. Our solutions align with key mandates in the EO while providing long-term security, privacy, and fraud prevention benefits that transcend government regulations.

Let’s explore how Ping’s solutions map to the EO’s cybersecurity mandates and why they remain crucial regardless of policy shifts.

The Threat Landscape

Cybercriminals have weaponized artificial intelligence (AI) to create highly convincing deepfake videos, synthetic identities, and fraudulent documents that bypass traditional security measures. In 2023 alone, AI-generated fraud cost businesses and government agencies billions of dollars in losses, with fraudsters successfully opening bank accounts, applying for loans, and even infiltrating secure networks using AI-powered identity manipulation.¹

How the EO Addresses This Threat

The EO emphasizes the need for secure digital identity verification methods, including mobile driver’s licenses (mDLs), passports, and other digital identity credentials, to reduce fraud risks and enhance authentication security across agencies and other critical infrastructure.

Ping Identity’s Digital Identity Credential Solutions

Ping Identity is accelerating the adoption of mDLs and cryptographically secure digital identity credentials that are difficult to forge or manipulate. These identity solutions:

• Ensure that individuals can prove their identity using a government-issued digital credential that is cryptographically protected.

• Reduce reliance on passwords and knowledge-based authentication (KBA), which are vulnerable to phishing and social engineering attacks.

• Protect against AI-generated deepfakes by providing reusable verified identity verification that includes optional liveness detection and selfie matching to stored photos or photos in MDLs.

Why It’s Critical Regardless of the EO

Even if the EO is withdrawn, the need for robust digital identity verification remains urgent. AI-powered fraud is evolving faster than regulatory responses, making it imperative for organizations to adopt secure identity proofing now rather than wait for mandates. By strengthening identity assurance today, organizations can future-proof their security strategies against adversarial AI and deepfake attacks that will only become more sophisticated.

The Privacy-Security Dilemma

One of the greatest challenges in digital identity verification is balancing security with individual, personal privacy. Traditional identity verification methods often require individuals to disclose sensitive personal information—such as Social Security numbers, addresses, and full birth dates—leaving them vulnerable to identity theft and fraud.

How the EO Addresses This Challenge

The EO mandates that agencies adopt privacy-enhancing identity verification technologies that reduce data exposure while maintaining security. This includes privacy-preserving attribute validation services, which allow individuals to prove specific credentials (e.g., “I am over 21” or “I am a U.S. citizen”) without revealing full identity details.

Ping Identity’s Verified Credentials Solutions

Ping Identity enables privacy-preserving identity verification and attribute validation, allowing individuals to verify credentials without exposing excessive personal information. Our solutions:

• Utilize cryptographic proofs to verify attributes without sharing raw data.

• Allow organizations to confirm identity claims (e.g., age, employment status, residency) with a simple “yes” or “no” response.

• Reduce identity fraud by ensuring data authenticity while minimizing privacy risks.

Why It’s Critical Regardless of the EO

Regulations such as the see in the states, i.e. the California Consumer Privacy Act (CCPA) already demand stricter data privacy protections. Even if the EO is pulled back, privacy concerns will continue to drive the need for secure, low-exposure identity verification solutions. By adopting privacy-first identity verification today, organizations not only comply with existing and future regulations but also enhance user trust by safeguarding sensitive data and removing large amounts of user data that are targets for cybercriminals and nationstate threats globally.

The Rising Cost of Identity Theft

Fraudulent use of stolen and synthetic identities is a growing problem, particularly in government benefits programs, financial services, and healthcare. The Federal Trade Commission (FTC) indicated that consumers reported losing more than $10 billion to fraud in 2023, marking a 14% increase over reported losses in 2022. This can only get worse over time.

How the EO Addresses This Issue

The EO requires agencies to develop an early warning system that alerts individuals when their identity is being used fraudulently allowing them to act before damage occurs.

Ping Identity’s Fraud Solutions

Ping Identity’s real-time fraud detection and user session evaluation  solution provides early indications of potential new account fraud or account takeover:

• Session evaluation: Analyzes behavioral anomalies, bot activity, IP reputation, and more to detect identity fraud in real-time and ensures identity proofing across a variety of attributes, signals, and verification processes. It wraps all of the user session digital DNA into a sophisticated risk-scoring engine.

• Robust mitigation: A wide-array of techniques allow you to customize response strategies based on the severity of the risk and probability of fraud. It includes many options like step-up to selfie matching, MDL credential verification, physical passport or license document authentication, step-up MFA, forbidding a user from proceeding, or launching an education series for the user about identity credential compromise or identity theft.

• Orchestrated risk and fraud services: Our journey-time orchestration engine gives you a path for incorporating all your risk and fraud services with your top-level mitigation strategies and verification services. 

Why It’s Critical Regardless of the EO

Identity fraud costs taxpayers and businesses billions each year. Even without government mandates, organizations must proactively monitor identity threats to protect users from financial loss, account takeovers, and reputational damage. By implementing a robust fraud detection and mitigation solution, businesses and agencies can craft a real-time warning system to stay ahead of identity fraud trends and prevent costly security breaches.

The Problem with Centralized Identity Systems

Many identity verification systems rely on centralized databases, which are prime targets for cybercriminals. Large-scale breaches at major institutions have exposed billions of personal records, leading to identity theft, financial fraud, and nation-state espionage.

How the EO Supports a Zero Trust Approach

The EO directs agencies to adopt Zero Trust architectures and minimize reliance on centralized identity repositories, reducing the risk of large-scale data breaches.

Ping Identity’s Decentralized Identity Solutions

Ping Identity supports the decentralization of identity systems:

• mDL credential verification ensures identity assurance without the need to capture and store personal data

• Identity verification that meets IAL2 requirements and is coupled with reusable verifiable credentials that allow for repeated identity verification at any point in the user journey and for continuous, verified trust 

• Cryptographically secure credentials stored in digital wallets that reduce and restrict data sharing with third-parties or within your organization

Why It’s Critical Regardless of the EO

Cybercriminals target centralized identity stores because they offer a treasure trove in one, single location. Organizations that adopt decentralized identity architectures:

• Reduce attack surfaces and improve overall security.

• Enhance compliance with privacy regulations.

• Increase user trust by giving individuals more control over their data.

Regardless of the EO’s status, decentralizing identity remains one of the best long-term strategies for securing digital identities and mitigating large-scale cyber threats.

While the Executive Order provides a much-needed framework for strengthening cybersecurity, the reality is threats will persist regardless of government policy. Cybercriminals, deepfake technology, and nation-state adversaries will continue evolving their tactics, making constant vigilance and continuous verified trust a necessity. Organizations that take proactive steps now will:

• Reduce identity fraud and cyber risks before they escalate.

• Comply with global security and privacy regulations, ensuring long-term success.

• Enhance citizen and internal agency/employee trust in an era of increasing digital threats.

At Ping Identity, we are committed to securing the future of digital identity—whether mandated  by government policies or driven by the need for a safer, more resilient digital ecosystem.

Cybersecurity isn’t a checkbox—it’s a continuous battle. The question isn’t whether to act—it’s how soon. Are you ready?

^1. Joel R. McConvey, Jun 17, 2024  Deloitte predicts losses of up to $40B from generative AI-powered fraud, BioMetricUpdate.com, https://www.biometricupdate.com/202406/deloitte-predicts-losses-of-up-to-40b-from-generative-ai-powered-fraud.