Belgium's largest telecom provider serves millions of customers while balancing a critical tension: protecting against rising phishing and credential-stuffing attacks without losing users to friction. Legacy systems and inconsistent customer data had made onboarding increasingly complex. The result was a fractured experience where new users dropped off during registration, and existing users struggled with passwords.
Proximus fundamentally rethought the approach. Together with itsme®, the company rebuilt onboarding and authentication around verified digital identity. Forms, credentials, and manual checks were replaced with identity certainty from the first interaction.
For Proximus, digital onboarding had become a paradox. To protect its millions of customers against phishing, fraud, and credential stuffing, the provider kept increasing its security requirements. But every added check – invoices, activation codes, SMS verifications – introduced more friction. They ended up with a 10-step registration flow where many users dropped off before completion. The biggest friction point occurred when users were asked for invoice credentials – data most customers didn't have readily available.
The challenge was compounded by Proximus' diverse customer base and data quality issues inherited from legacy systems. Over the past 2 years, credential stuffing and phishing attacks had surged, making password-based logins increasingly vulnerable despite SMS-based one-time passwords being added as an extra layer.
Proximus had first integrated itsme® seven years earlier, but only as a secondary login option. Users still had to create accounts manually before linking their identity. In January 2026, the team launched a fundamentally different approach: identity comes first and everything else follows. Instead of asking users to prove who they are step by step, Proximus now starts every journey – whether signing up or signing in – with a verified digital identity.
The new flow removes entire verification steps while increasing certainty about every account:
Identify the user with itsme®
Link that verified identity to the correct Proximus account
Authenticate without passwords
To enable identity-first onboarding across legacy systems, Proximus built a Personal Identification and Authentication Service (PIAS). PIAS acts as the secure bridge between itsme® and Proximus' customer data. It collects verified attributes and automatically matches them to the correct customer record across multiple service lines – even where email addresses or phone numbers were historically incomplete or inconsistent.
The architecture was designed to be modular: "Because itsme® is completely OpenID Connect-based, we could build PIAS as a centralized identification point," notes Dusty Saman. "We can now plug in new endpoints without breaking existing flows. The result is a future-proof identity foundation that scales across platforms and use cases.”
Technical highlights
Standards-based integration using OpenID Connect (OIDC)
Centralised identification layer replacing multiple legacy flows
Strong authentication tokens instead of password dependencies
Phased rollout: registration first, followed by migration of existing accounts
Unified identity layer across the MyProximus customer platform and Proximus+, Pickx and Doktr apps
What changed for users
Before itsme®, everyday interactions were slowed down by small but frequent obstacles: forgotten passwords, misplaced usernames, error messages, and mobile-unfriendly password resets that often led to abandonment. This unified identity approach eliminated friction points for both new and returning subscribers:
No searching for invoices or activation codes
No manual form filling or profile creation
No passwords to remember or reset
No device-switching mid-flow
By starting every journey with verified digital identity, Proximus replaced fragmented verification steps with a single, trusted identification moment.
Registration flows shortened from up to 10 steps to a streamlined identity-based process
Manual verification, SMS codes, and password dependencies removed
Identity certainty established before accounts and services are linked
This resolves the long-standing trade-off between usability and security.