The Mobile Driver's License for Business

A few weeks ago a customer at a checkout pulled out their phone instead of their wallet, and the cashier had no idea what they were looking at.

That moment is happening across the US now, in stores and apps, and most businesses are not ready for it. The mobile driver's license — the same credential a customer keeps in Apple Wallet or Google Wallet — has quietly become real infrastructure. For any business that has to confirm who a customer is or how old they are, the mobile driver's license for business is no longer a future bet. It is a thing your customers are already carrying, and a better way to do a job you are probably doing badly today.

The job you are doing badly is this: a staff member glances at a plastic card, or your app asks a customer to photograph one. Both are easy to fool, expensive to run, and they leave you holding a database of sensitive personal data you never wanted. The mobile driver's license fixes all three problems at once. Here is what changed, and what to do about it.

What is a mobile driver's license and where does it live

A mobile driver's license — usually abbreviated mDL — is a government-issued credential that lives in a phone's wallet. Your state DMV issues it the same way it issues the plastic card, but instead of ink and a hologram, each field is signed with the DMV's private cryptographic key.

It is not a photo of a license. It is not a PDF. It is a credential built to an international standard, ISO/IEC 18013-5, that a verifier can check for authenticity without calling the DMV. When a business reads it, the customer's phone hands over signed data — and only the fields that were asked for.

This is the part worth slowing down on. A mobile driver's license is closer to a passport's chip than to a scanned document. The trust does not come from a person squinting at a face. It comes from a signature that breaks if anyone changes a single character.

Which states issue mobile driver's licenses in 2026

Adoption is real but uneven, and the honest version matters more than the optimistic one.

As of March 2026, roughly twenty-plus US states and territories issue an ISO 18013-5 mobile driver's license. Wallet support is narrower than the total, because not every state mDL has landed in Apple and Google yet. As of May 2026, about fifteen states and territories support a driver's license or state ID in Apple Wallet — Arizona, Arkansas, California, Colorado, Georgia, Hawaii, Illinois, Iowa, Maryland, Montana, New Mexico, North Dakota, Ohio, West Virginia, and Puerto Rico — with Virginia next and several more committed. Google Wallet supports around a dozen, and Samsung Wallet joined in 2026.

There is also a path for residents of states that have not shipped an mDL yet. As of November 2025, Apple, Google, and Samsung let a user create a Digital ID from a US passport — scanning the passport's photo page and its NFC chip. The TSA accepts these digital IDs and mDLs at more than 250 US airports.

Two cautions, because overselling this helps no one. Enrollment is opt-in, so not every customer in a supported state will have one yet. And a wallet ID does not replace the physical card — the TSA still asks travelers to carry one, and law enforcement does not yet accept wallet IDs at traffic stops. The passport Digital ID is for domestic use; it does not cross borders. For a business verifying customers, none of that is disqualifying. It just sets the realistic expectation: a growing share of your customers can present one, and that share climbs every quarter.

How a mobile driver's license verification actually works

There are two ways a mobile driver's license gets read, and the difference matters for how you would use it.

The first is in person, device to device — the standard built for the TSA reader at the airport or a scanner at a store counter. The customer taps or scans, the credential moves between devices, and the verifier confirms the signature on the spot.

The second is online. A newer part of the standard, ISO/IEC 18013-7, finalized in 2025, defines how a website asks a wallet for verified identity over the W3C Digital Credentials API. In plain terms: your site can request the exact attributes it needs, the customer's phone shows them what is being asked, and the wallet returns signed fields. No photographing a card. No uploading anything. This online path is still early — most verification today is in person — but it is the one that turns the mobile driver's license into something a software business can build a checkout around.

The feature that makes this genuinely different is selective disclosure. The verifier asks only for what it needs. If your legal requirement is "over 21," the customer's wallet can return exactly that — a yes — without revealing the birthdate, the address, the document number, or the photo. You get a signed answer to your question and nothing else. We wrote about why that matters for age verification without collecting IDs, and it is the single biggest shift in how this changes your risk.

Why the mobile driver's license for business beats photographing a plastic ID

Compare the two workflows side by side and the case makes itself.

When you photograph or scan a plastic card, you are trusting optical character recognition to read it correctly and a human or a model to judge whether it is genuine. There is no cryptographic proof underneath. OCR misreads. Holograms get faked. And whatever you captured, you now have to store, secure, and eventually answer for.

When you read a mobile driver's license, you are checking a signature. AAMVA — the body that coordinates US motor vehicle agencies — runs a Digital Trust Service that publishes the DMV public keys. The DMV signs each field with its private key; a verifier checks those signatures against the public key. Tampering breaks the signature. There is no live DMV lookup, no waiting, no third party to be down at the wrong moment.

For an operations team, that means fewer manual reviews. For a product team, it means a faster flow with fewer abandoned checkouts, because a tap beats fumbling a photo of a card under bad lighting. For finance, it means a verification that costs cents instead of the layered cost of a document-scan vendor plus a review queue. Higher trust, lower friction, lower cost — these usually trade off against each other. Here they move the same direction.

The fraud problem with physical IDs

The status quo is not holding, and the reason is that the tools to beat it got cheap.

As of 2025, a convincing fake ID can be generated with AI for around fifteen dollars in under thirty minutes. Sumsub, which runs identity checks at scale, reported a sharp rise in AI-driven document fraud over the year — synthetic identity document fraud up roughly 300 percent, deepfake attempts up an order of magnitude, and around one in fifty forged documents now AI-generated. Figures vary by source and method, so treat the exact percentages as directional. The trend does not vary: a check that depends on a human or a model eyeballing an image is losing ground every month.

A mobile driver's license sits on the other side of that line. You are not asking whether an image looks real. You are asking whether a government's cryptographic signature validates. A forger cannot mint the DMV's private key. The one thing a business must do is actually validate the signature rather than trusting the pretty card on screen — which is exactly the part a verification layer handles for you, and exactly the part a human cashier cannot.

What the mobile driver's license for business means for your data risk

This is the part that should get a compliance lead's attention, because it changes your liability profile, not just your workflow.

Every customer ID you store is a liability. It sits in a database that can be breached, that falls under data-protection obligations, that a regulator or a plaintiff can ask about. The old model forces you to collect full identity data to answer a narrow question — and then to guard it forever.

Selective disclosure inverts that. If all you need is an over-21 proof, that is all you receive, and there is no birthdate or document image to lose. When you do need verified attributes, you can keep the cryptographic proof of the check rather than a copy of the customer's personal data. For US electronic signatures, the same principle holds under the ESIGN Act and UETA: the output is standards-based and re-verifies offline, so you store the proof, not the PII.

The strategic point is the one we made in the pillar on why identity needs an open protocol. The rigor of verification does not have to live with a gatekeeper who hoards your customers' data. It can live with the user — in a secure enclave on their phone, anchored to a real government document. You get the strong answer. You do not get the breach risk. This is the opposite of the closed national schemes — BankID, Aadhaar — where the operator sits in the middle of every transaction. With an mDL, the proof comes from the customer's wallet and verifies on its own.

Common objections: adoption, fallback, cost

Three reasonable objections come up in every adoption conversation. None of them is a reason to wait.

Not everyone has one yet. True. Enrollment is opt-in and wallet support is still spreading. So you do not rip out your existing flow — you add the mobile driver's license as the fast path and keep your current method as the fallback. Customers who can tap, tap. Everyone else uses what they use today. Your supported share grows on its own as states ship.

What about customers without an mDL? Same answer, plus the passport Digital ID path now covers residents of states that have not issued an mDL. The fallback is not a permanent crutch; it is a shrinking minority case.

Is it expensive to adopt? This is where the protocol approach matters. There is no per-integration contract and no setup fee. An identity check runs $0.01, a hardware-backed signature starts at $0.03, and the full pricing is published rather than quoted. You are not negotiating enterprise terms to read a credential your customers already carry.

How to start accepting mobile driver's licenses

You do not need to become a cryptography shop. You need a verification layer that speaks the standards and hands you a clean answer.

That is what UIP does: government wallets, one API. You state the question — confirm this person is over 21, or return these specific verified fields — and you get back a signed result your systems can trust and store as proof. The validation of the DMV signature, the wallet handshake, the selective-disclosure request: all of that is handled. You make a decision; we handle the standard underneath it.

Because it is a protocol and not a platform, onboarding is self-serve. Read the docs, ship the same day, and start with a $20 launch credit — no card required. There is no contract to sign before you can test it against a real wallet.

The bottom line for compliance and ops teams

The mobile driver's license is not a pilot anymore. It is in millions of phones, accepted by the TSA at hundreds of airports, signed by the same agencies that issue the plastic. The status quo it replaces — eyeballing a card, photographing an ID, storing what you collect — is getting cheaper to defeat and more expensive to defend.

The decision in front of an ops or compliance team is not whether to trust an unproven technology. It is whether to keep accepting a forgeable photo when a cryptographically signed, issuer-verifiable credential is sitting in your customer's pocket. Adopt it as the fast path, keep your fallback, and let the better verification carry more of your volume every quarter.

---

The docs show exactly what a mobile driver's license check returns, and the pricing shows what it costs — cents per call, no contract, $20 to start.