If I understand correctly, the bank API you are using makes a call back to your application after processing a user payment. If the bank is making an HTTP callback then an empty user identity is expected because the user did not make the call back (HTTP request), the bank made the call back.
I recommend reading the payment API documentation that you are using. I assume the call back has user information that you can use to lookup the user.
If this does not answer your question then provide minimal information about your payment provider and logic flow.