Security teams should treat high-risk video calls as identity checkpoints, not just collaboration sessions. Use participant verification before approving hiring, account recovery, payments, or privileged changes. The goal is to confirm the human behind the screen and the integrity of the camera source before any trust-sensitive decision is made.
Why This Matters for Security Teams
High-risk video calls are often the moment where fraud, social engineering, and privilege abuse converge. A convincing face on camera does not prove the person is authorized, and a familiar voice does not prove the request is legitimate. Security teams need to treat these calls as verification events, especially for hiring, account recovery, payment changes, executive approvals, and other trust-sensitive actions.
The risk is not limited to deepfakes. Attackers also exploit leaked meeting links, compromised devices, hijacked calendars, and weak internal approval habits. Current guidance suggests that identity proofing in live calls should be layered with out-of-band checks, because video alone is not a strong authenticator. The broader NIST Cybersecurity Framework 2.0 reinforces the need to protect high-impact decision points, not just perimeter access. NHIMG’s research on 52 NHI Breaches Analysis also shows how quickly trust breaks when credential misuse goes undetected.
In practice, many security teams encounter impersonation only after an approval has already been issued, rather than through intentional verification design.
How It Works in Practice
The most reliable approach is to turn the call into a controlled verification workflow. Before the meeting starts, define the decision being protected, the evidence required, and who is authorized to confirm it. During the call, verify the participant through multiple signals instead of relying on a single screen presence. That can include a pre-established callback to a known number, a one-time code sent through a separate channel, challenge questions tied to non-public context, or confirmation from an established approver.
Security teams should also verify the integrity of the video source. That means checking whether the account joining the call belongs to the expected person, whether the device or conferencing account has been recently changed, and whether screen-sharing or recording introduces new risk. For especially sensitive actions, the call should be treated as one control in a larger approval chain, not the final authority.
- Use step-up verification for account recovery, payroll, treasury, legal, and executive requests.
- Require a second channel for confirmation when the request involves privileged changes.
- Document identity proofing steps in the case record so audit and fraud teams can review them later.
- Flag unusual timing, urgency, or pressure tactics as risk indicators rather than normal business friction.
Where the call supports it, teams can combine identity checks with meeting controls such as authenticated joins, waiting rooms, and restricted invite distribution. For broader identity hygiene, NHIMG’s Ultimate Guide to NHIs is useful for understanding why trust decisions must be explicit and logged, not assumed. The same operational discipline aligns with NIST guidance on risk-based access decisions and with identity assurance practices described in NIST Cybersecurity Framework 2.0. These controls tend to break down when business units bypass the process for speed, because informal exceptions become the easiest path for impersonation.
Common Variations and Edge Cases
Tighter identity verification often increases friction, so organisations have to balance fraud prevention against executive convenience and customer experience. That tradeoff is especially visible in investor calls, emergency payment changes, M&A discussions, and remote onboarding, where an overly rigid process can slow legitimate work.
There is no universal standard for this yet, but current guidance suggests a risk-tiered model. Low-impact calls may only need basic participant confirmation, while high-impact decisions should require stronger proof, such as pre-registered callbacks or a supervisor witness. Deepfake risk also changes the equation: if the meeting involves a known high-value target, the baseline should assume that face and voice can be manipulated.
Teams should also plan for edge cases such as language barriers, accessibility needs, and cross-border teams working across inconsistent identity systems. In those environments, the safest option is often to move the decision out of the live call and into a controlled approval workflow. NHIMG’s Top 10 NHI Issues is a useful reference for understanding how weak verification and poor control boundaries tend to compound. The practical rule is simple: if the call can trigger money movement, access changes, or legal commitments, identity proofing should be stricter than normal collaboration settings.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST SP 800-63 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AA-01 | High-risk calls need stronger identity assurance before trust decisions. |
| NIST SP 800-63 | IAL-2 | Video calls often support identity proofing, not full authentication. |
| NIST AI RMF | AI-enabled impersonation changes the risk profile of live verification. |
Assess video-call verification as an AI-enabled trust risk and add compensating controls.
