Proximus and itsme balance strict KYC compliance with frictionless onboarding

1741676969-persbeeld-jaarcijfers-2024-1

Executive summary: identity-first onboarding at telecom scale

Belgium's largest telecom provider serves millions of customers while balancing a critical tension: protecting against rising phishing and credential-stuffing attacks without losing users to friction. Legacy systems and inconsistent customer data had made onboarding increasingly complex. The result was a fractured experience where new users dropped off during registration, and existing users struggled with passwords.  
 

Proximus fundamentally rethought the approach. Together with itsme^®, the company rebuilt onboarding and authentication around verified digital identity. Forms, credentials, and manual checks were replaced with identity certainty from the first interaction. 

For Proximus, digital onboarding had become a paradox. To protect its millions of customers against phishing, fraud, and credential stuffing, the provider kept increasing its security requirements. But every added check – invoices, activation codes, SMS verifications – introduced more friction. They ended up with a 10-step registration flow where many users dropped off before completion. The biggest friction point occurred when users were asked for invoice credentials – data most customers didn't have readily available. 

The challenge was compounded by Proximus' diverse customer base and data quality issues inherited from legacy systems. Over the past 2 years, credential stuffing and phishing attacks had surged, making password-based logins increasingly vulnerable despite SMS-based one-time passwords being added as an extra layer. 

Proximus had first integrated itsme® seven years earlier, but only as a secondary login option. Users still had to create accounts manually before linking their identity. In January 2026, the team launched a fundamentally different approach: identity comes first and everything else follows. Instead of asking users to prove who they are step by step, Proximus now starts every journey – whether signing up or signing in – with a verified digital identity. 


The new flow removes entire verification steps while increasing certainty about every account: 

1. Identify the user with itsme^®

2. Link that verified identity to the correct Proximus account

3. Authenticate without passwords  

3. The build: what changed behind the scenes 

To enable identity-first onboarding across legacy systems, Proximus built a Personal Identification and Authentication Service (PIAS). PIAS acts as the secure bridge between itsme^® and Proximus' customer data. It collects verified attributes and automatically matches them to the correct customer record across multiple service lines – even where email addresses or phone numbers were historically incomplete or inconsistent. 

The architecture was designed to be modular: "Because itsme^® is completely OpenID Connect-based, we could build PIAS as a centralized identification point," notes Dusty Saman. "We can now plug in new endpoints without breaking existing flows. The result is a future-proof identity foundation that scales across platforms and use cases.”  

Technical highlights 

• Standards-based integration using OpenID Connect (OIDC)

• Centralised identification layer replacing multiple legacy flows

• Strong authentication tokens instead of password dependencies

• Phased rollout: registration first, followed by migration of existing accounts

• Unified identity layer across the MyProximus customer platform and Proximus+, Pickx and Doktr apps 

4. The impact: frictionless security at scale 

What changed for users 

Before itsme^®, everyday interactions were slowed down by small but frequent obstacles: forgotten passwords, misplaced usernames, error messages, and mobile-unfriendly password resets that often led to abandonment. This unified identity approach eliminated friction points for both new and returning subscribers:  

• No searching for invoices or activation codes

• No manual form filling or profile creation

• No passwords to remember or reset

• No device-switching mid-flow 

What changed for Proximus

By starting every journey with verified digital identity, Proximus replaced fragmented verification steps with a single, trusted identification moment. 

• Registration flows shortened from up to 10 steps to a streamlined identity-based process 

• Manual verification, SMS codes, and password dependencies removed 

• Identity certainty established before accounts and services are linked 

This resolves the long-standing trade-off between usability and security. 

Ready to remove friction from secure onboarding and login?

Discover how identity-first onboarding with itsme^® helps high-volume platforms combine security, conversion, and user trust.  

Get in touch today!