Watch more: What’s next for Vicky Bindra on Trulioo?
However, behind the faster onboarding, faster payments, and faster approvals lurk potential threats. As fraud networks become more sophisticated and digital ecosystems become more interconnected, the lack of visibility is becoming a burden at a rapid pace.
“I think the keyword for 2026 is decentralized risk systems,” Trulioo CEO Vicky Bindra told PYMNTS during a conversation in the February edition of the “What’s Next in Payments” series “Word of the Year.”
The fragmentation of existing risk systems is not only technically inefficient; This was a strategic exposure. As fraudsters orchestrate attacks across channels, geographies and identities, organizations must respond with equally coordinated defenses.
“The inability to manage data across the entire platform, and if a bad actor gets into one place, businesses either can't stop them or reduce the bleeding on other platforms, will define risk in 2026,” Bindra said.
AD: SCROLL TO CONTINUE
His diagnosis points to structural flaws in how most organizations build their digital infrastructure. Traditionally, identity verification, transaction monitoring, supplier screening and compliance checks were often deployed incrementally as discrete solutions that met specific regulatory or operational needs.
The result can be a patchwork of tools that may perform well individually but rarely communicate effectively with each other, leaving spaces between them for fraudsters to exploit.
From checkpoint security to lifecycle intelligence
Identity in financial services, payments and commerce is no longer static. It is situational, behavioral, and temporal. In a world where a verified identity at 9 a.m. may be compromised at noon, continuous verification (rather than one-time authentication) is becoming the new benchmark.
Bindra describes this as a shift from a checkpoint mentality to what he calls a lifecycle trust approach, adding that signals collected during account opening (such as device fingerprints, behavioral data, location indicators, etc.) should not be discarded after the account is opened.
“For example, when you're attracting a customer, you can use the phone signal to know if that customer is the right customer on the right device,” he said. “There’s no reason not to use these device signals, it’s a great passive way to manage risk across platforms and throughout the lifecycle.”
The simple fact that fraud itself is rarely a single incident also has broader implications for the entire identity verification market itself, which is evolving in tandem with today’s fraud realities, expanding into broader and more dynamic issues of intent, legality and financial credibility.
We'd love to be your go-to news source.
Please add us to your preferred sources list so that our news, data and interviews appear among your sources. Thanks!
“What we want to do is help businesses answer the question, 'Is this really the customer that we interact with and that we manage on a day-to-day basis?'” Bindra said.
Synthetic identities, account takeovers, and mule networks may blur the line between identity verification and behavioral analysis. Increasingly, companies are being asked not only to verify identities but also to interpret patterns that can instantly distinguish legitimate anomalies from malicious anomalies.
Data integrity becomes the new battleground
If a fragmented system is a structural problem, then data integrity is an operational problem. A risk model is only as strong as the information provided for it, and the rapid expansion of sources creates opportunities and vulnerabilities.
“What keeps us awake at night is the integrity of the data,” Bindra said. “Making sure the data is completely reliable and that all our fraud and risk signals work optimally.”
Organizations are increasingly acting like data stewards and technology providers, he said. Keeping data sets fresh, accurate, and interoperable is not a back-office function; It's mission critical infrastructure.
Against this backdrop, it becomes critical that companies no longer view risk control as a constraint but as an enabler of sustainable scale.
“Onboarding and ongoing friction can be completely effective,” Bindra said, adding that the companies that succeed in digital markets are not those that eliminate friction entirely, but those that deploy it precisely.
“Risk controls represent good friction and help increase the number of customers you can onboard,” he adds.
While blanket verification may slow growth and frustrate legitimate users, targeted intervention may increase approval rates while filtering out risks. Consider a situation where address data or behavioral signals are inconsistent and a red flag has been raised. Requiring customers to provide additional documentation, whether it's a driver's license or selfie verification, may introduce an extra step, but it can enhance security and profile quality.
Bindra says the winners in 2026 may not be those who eliminate risk, but those who understand risk holistically by connecting signals, context and decisions to a continuous narrative of identity. The challenges businesses face are simple in concept but complex in execution. They must resolve the fragmentation problem before the attacker can resolve it first.
