Tokenization, Digital Identity and Secure Authentication
On 17 February, during Day 2 of the event, a panel discussion titled “Tokenization, Digital Identity & Secure Authentication” took place at the Radisson Blu Hotel, Dubai Deira Creek, located on Baniyas Road. The session began at 10:10 AM and brought together leading experts in payments, compliance, digital assets and financial technology to examine the future of secure digital transactions.
The discussion was moderated by Zoya Bilgrami, VP Sales MEA & SEA – Sales Leadership at Xoxoday. The panel featured Chris Smith, Founder and CEO of BLOXX; Angaj Bhandari, SVP EMEA at Fime; Akshay Dalal, Head of Regional Risk and Compliance for the Middle East, Turkey & Africa at Google (who was expected but may have been absent due to illness); and Alona Shevtsova, CEO of Sends.
How do tokenization and modern authentication technologies work together to make digital payments both secure and frictionless?
I see tokenisation and authentication as two halves of the same promise: your data is protected, and you are really you.
Tokenisation protects the payment data itself. Instead of sending real card or account numbers through every system, we replace them with tokens that are useless if stolen. That’s one reason tokenised payments already make up a large share of e‑commerce
Statistics show that tokenisation reduces payment fraud by around 30% and also significantly lowers fraud-related chargebacks for merchants.
As for the modern authentication, it protects the person behind the payment. We combine device recognition, biometrics and behavioural signals with more traditional checks, but most of this runs quietly in the background. As a result, A low‑risk, familiar transaction feels almost instant, while a risky one triggers extra steps.
At Sends, we always design the two together. Tokens travel through our infrastructure instead of raw credentials, and our risk engine decides in real time how much authentication is needed in that specific context. That’s how you keep payments genuinely secure and, from the customer’s point of view, almost invisible.
Asset tokenization is gaining traction, especially on‑chain. How does authentication work in that context, and what role does KYC or identity verification play?
With tokenised assets, especially on‑chain, it’s very easy to move value very fast – which is exactly why identity and authentication cannot be an afterthought.
There are three layers in this. First, onboarding: this is where proper KYC and AML live. Even if the asset later moves on‑chain, you still need to know who you are dealing with at the point they enter your ecosystem, particularly if you operate under UK or EU rules or want to collaborate/integrate with banks and regulated partners.
Second, account and key control. Whether a user holds their own keys or uses a custodian, authentication has to be strong: hardware‑backed security, multi‑factor checks, sensible limits and robust recovery. A beautifully designed token does not help if the account controlling is protected by a weak login.
Third, ongoing monitoring. In a tokenised environment, we still look at behaviour all the time – unusual transfers, new counterparties, high‑risk jurisdictions – and we tie that back to the verified identity we saw at onboarding.
At Sends, whenever we explore tokenised or digital‑asset use cases, we start by asking a simple question: how do we maintain a clear, auditable link between the asset, the account, and a real, verified person or business? Once that is solid, then we talk about speed and new features.
We’re hearing more about digital identity (DI) wallets. How might these change the way we authenticate payments?
Digital identity wallets can be a big step towards making authentication both stronger and more simple.
Today, every provider runs its own KYC, stores its own documents, and designs its own login flows. It’s repetitive for customers and expensive for providers. A well‑designed DI wallet would let a user carry trusted identity credentials issued by banks or governments, and present them – with consent – wherever they need to prove who they are.
For payments, that changes two things. First, onboarding becomes faster, which is beneficial for both sides, and may also result in cost savings for the provider. Second, authentication becomes cleaner: the same wallet, on a secure device and protected by biometrics, becomes your primary way of saying, “yes, this is me, and I approve this payment”.
From a Sends perspective, we’re designing our systems so they can both consume and support that model. We already combine KYC, behavioural and device signals; plugging into DI wallets would let us reuse high‑quality identity proof while still running our own risk checks. Based on that experience, I am sure that DI wallets can significantly reduce onboarding friction while empowering privacy and security. Of course, if every participant of the financial ecosystem gets the standards right.
As we connect more devices, channels and platforms, what does ‘digital identity’ actually mean in practice over the next few years – and who should own it: banks, Big Tech, governments, or the individual?
For me, digital identity is shifting from a one‑time check to a living profile that is built and updated over time. It’s not just who you are on day one; it’s how you behave across devices and channels.
I don’t think any single player should “own” that identity. If it sits only with a bank or only with a Big Tech platform, you create concentration and lock‑in, while the whole idea of using DI lies in integrated use And If it sits only with the government, we are only one step away from Big Brother conspiracy theories, but that’s another story. The direction I’d like to see is user‑centred identity controlled by the individual and shared by him under clear rules to trusted and regulated institutions only. That said, we will definitely need to teach users how to use DI. By the way, we probably don’t talk about it enough, do we?
In this ideal scenario, once users understand the basic principles of DI and share it only with trusted entities, their payments (of any kind) will become almost invisible, as I mentioned earlier.
At Sends, we’re preparing for that world. We are moving towards reusable, tokenised identity credentials that customers can present across providers while their raw data stays protected. Our systems already combine KYC, behavioural and device intelligence in a way that can plug into portable identity schemes later.
Looking ahead five years, what worries you most about the current direction of digital identity and authentication – and what gives you the most confidence?
What worries me most is that attackers are learning faster than many organisations. Deepfakes, AI‑driven phishing and synthetic IDs make identity attacks much harder to spot with traditional controls meaning that everyone should implement a “good AI versus bad AI” strategy, and that takes time and costs money. But if we keep treating identity as a one‑off KYC form and authentication as a static password or one‑time code, we will fall behind very quickly.
What gives me confidence is that identity security is finally at the top of the agenda. Many security leaders now refer to identity as “the new perimeter”, and we see growing adoption of continuous verification, stronger liveness checks and zero‑trust approaches where no device or session is automatically trusted. In regions like Europe and MENA, regulators are also pushing towards more interoperable digital identity frameworks, which will help. However, I have a feeling that this approach is currently being adopted more by B2B than by individuals, who are obviously the main participants in the DI ecosystem. So, the sooner we start teaching users how to use DI properly, the better. Otherwise, banks and fintechs may encounter a bottleneck of users who either do not want to use DI or do not understand how to use it safely.
From a Sends perspective, I’m optimistic because we made the decision years ago to treat identity, tokenisation and authentication as core infrastructure, not side projects. At first, we faced some internal resistance. After all, we already had almost ideal verification and authentication processes in place. They were familiar to everyone, well understood, and easy to follow. Sticking to the old way felt easier and faster — and to be fair, it wasn’t a bad system at all. We all remember it, right? Of course, change is never convenient, especially when what you have already works. But at the same time, we felt (I felt!) strongly that if we didn’t start implementing digital identity and tokenisation, we would quickly fall behind.
I’m genuinely proud that I have such a brave and flexible team. We managed to find the time and resources to move forward — running our existing authentication processes in parallel while gradually implementing digital identity and tokenisation. That balance wasn’t easy, but it was necessary.
