American financial institutions have invested heavily in digital authentication — biometrics, two-factor verification, and behavioral analytics. Yet a critical gap persists: in-person, in-branch account access remains largely unprotected by these advances. Any individual who presents a stolen or forged government ID can walk into a branch and access another person's account.

With AI-generated synthetic identities now accessible to everyday criminals, this vulnerability is no longer theoretical. Sixty percent of financial organizations reported an increase in fraudulent account activity over the past 12 months (Alloy, 2025 State of Fraud Benchmark Report), and synthetic identity fraud losses surpassed $35 billion in 2023 alone — a trend the Federal Reserve Bank of Boston has identified as accelerating with generative AI.

The Financial Identity Photo Protection Act (FIPP Act) requires all federally insured banks, credit unions, and credit card issuers to maintain a current, verified photograph of each account holder and to display that photograph during every in-person account access event.

• Photo Collection Covered institutions must collect a verified photograph at account opening or next branch visit. Photos are re-verified every five years and may be updated at any time by the account holder at no charge.
• Mandatory Display at Verification Events At any in-person transaction, the attending banker must retrieve and visually compare the Account Profile Photo against the presenting individual before completing any account action. Material discrepancies must be escalated to a branch manager.
• Credit Card Integration Credit card issuers must maintain profile photos linked to primary cardholder accounts and make them accessible to affiliated branch personnel upon any in-person account access request.

This legislation is strictly scoped to fraud prevention. Account Profile Photos may not be sold, transferred, or used for advertising, facial recognition databases, or law enforcement purposes absent a valid court order. All photographs must be stored in encrypted, access-controlled systems compliant with the Gramm-Leach-Bliley Act. Account holders retain the right to access, update, and receive notice of any non-standard access to their photo.