By NHI Mgmt Group Editorial TeamPublished 2026-06-18Domain: Identity Beyond IAMSource: Incode

TL;DR: Identity verification vendors are converging on similar deepfake claims, but adversarial testing exposes whether fraud controls actually hold under injection attacks, synthetic identities, and edge-case policy gaps, according to Incode. In a market where 75% of enterprise buying decisions happen outside IT, buyer diligence now has to include how the system behaves under realistic fraud pressure.


At a glance

What this is: This is Incode's argument that identity verification should be judged by adversarial testing, not brochure claims, because fraudsters exploit policy gaps, injection attacks, and synthetic identities at the edges of the verification flow.

Why it matters: It matters because IAM, fraud, and identity teams need evidence that IDV controls survive real attack techniques and cross-team buying decisions, not just lab certifications or vendor narratives.

By the numbers:

👉 Read Incode's analysis of why IDV vendors need adversarial testing


Context

Identity verification fails most often at the boundary between policy, process, and attack reality. A vendor can pass certification and still miss the fraud techniques that break exception handling, re-verification thresholds, or delegated onboarding flows.

This article is fundamentally about trust validation in identity programmes, especially where fraud, KYC, and IAM overlap. The governance question is not whether a system can detect idealised spoofs, but whether it can withstand realistic adversarial pressure across teams, geographies, and channels.


Key questions

Q: How should organisations evaluate identity verification vendors for fraud resilience?

A: Evaluate them on adversarial evidence, not just certification or analyst recognition. Ask whether the system has been tested against deepfakes, injection attacks, synthetic identities, replay, and device tampering across the full workflow, including exception handling and manual review. A vendor that cannot show how controls behave under live fraud pressure has not proven operational trust.

Q: Why do certifications fail to prove real-world IDV security?

A: Certifications measure performance against defined test conditions, but fraudsters do not attack only the benchmark. Real-world failures often emerge in workflow exceptions, threshold logic, or software injection paths that are outside the certification scope. That is why organisations need adversarial testing in addition to lab validation and should treat certification as one input, not the decision point.

Q: What do security teams get wrong about deepfake detection?

A: They often assume deepfake detection is a single control, when it is actually a stack of controls. Presentation attack detection, liveness, device integrity, backend analytics, and manual review each cover different risks. If teams rely on one layer alone, attackers simply shift to the path that control does not cover, especially in high-friction onboarding and re-verification flows.

Q: Who should own adversarial testing findings in identity programmes?

A: The identity team, fraud team, and security team should share ownership, but one accountable owner must track remediation. Findings should feed product changes, policy updates, and runbook revisions, not sit in a report. That accountability is especially important when buying decisions are decentralised and the trust boundary spans multiple business functions.


Technical breakdown

Why certification alone does not prove fraud resilience

Certification tells you that a system performs against a defined benchmark, not that it resists every live attack path. In IDV, presentation attacks such as printed photos or liveness prompts are only one slice of the threat. Software injection, synthetic identity construction, and manipulated video streams can bypass controls without ever looking like a classic spoof at the camera. That gap matters because fraudsters target the parts of the workflow where trust is assumed, not just the model’s detection layer.

Practical implication: treat certification as a floor, then test for injection, replay, and synthetic-identity abuse in your own flows.

How fraud red teams test the edges of identity workflows

A fraud red team evaluates the full process under realistic attacker behaviour. That includes exception handling, KYC escalation paths, transaction-based liveness thresholds, device tampering, and document fraud combinations. The key difference from a standard penetration test is scope. A normal test looks for software flaws; a fraud red team asks whether the organisation can still make correct trust decisions when a motivated attacker is actively adapting to the process. That makes policy and procedure part of the control surface, not just code.

Practical implication: include policy exceptions, manual review steps, and regional onboarding variance in every adversarial test plan.

Why deepfakes and injection attacks are different control problems

Deepfakes delivered through a live camera feed and deepfakes injected into a video stream are not the same threat. The first is a presentation attack, where the system sees the spoof directly. The second is a pipeline attack, where malicious content enters the verification stack through software or device compromise. That distinction changes the control set. Presentation attack detection, device integrity, telemetry, and backend fraud analytics all matter, but none alone closes the gap if the trust boundary is misplaced.

Practical implication: map controls separately for camera-fed spoofing and software injection, then validate both paths independently.


Threat narrative

Attacker objective: The attacker wants to pass identity verification with a fraudulent persona and convert that trust into access, onboarding approval, or account misuse.

  1. Entry begins when attackers use deepfakes, injected video, synthetic identities, or manipulated documents to enter the IDV workflow through a channel the organisation trusts.
  2. Escalation follows when exception handling, inconsistent thresholds, or weak device and session checks let the fraudulent session progress into account creation or re-verification.
  3. Impact occurs when the attacker successfully establishes a trusted identity that can be used for onboarding fraud, account takeover, or downstream financial abuse.

NHI Mgmt Group analysis

Fraud red teaming is becoming the missing proof layer for identity verification governance. Certification and analyst recognition answer procurement questions, but they do not show how controls behave under evolving attacker tradecraft. That leaves a governance gap where organisations confuse benchmark performance with operational resilience. The right standard is whether a vendor has been tested against live adversarial behavior, not whether it can pass a static lab scenario.

Identity verification now sits inside a broader trust framework that includes fraud, IAM, and operational policy. The article is right to focus on the edges because most failures occur where teams allow exceptions, manual overrides, or inconsistent thresholds. That is also where identity governance becomes shared responsibility, which means security teams must own the trust model even when the buying decision starts outside IT. The programme implication is clear: if the control is not measurable across the whole workflow, it is not a control.

Deepfake resistance is not a single capability, it is a control stack. Presentation attack detection, liveness, device integrity, backend analytics, and human review all address different failure modes. Organisations that treat one certification as proof of end-to-end resilience create a false sense of coverage. The better model is layered assurance with adversarial testing at the top, because that is what reveals whether the stack holds under real fraud pressure.

Adversarial testing changes the accountability conversation for identity vendors. Buyers should ask for evidence of external testing, internal red-team follow-through, and how findings are fed back into product and policy. That shifts the burden from claims to repeatable assurance. For practitioners, the decision is no longer whether to buy IDV, but whether the chosen operating model can prove trust under attack.

What this signals

Adversarial assurance is becoming a governance requirement, not a procurement nice-to-have. Identity verification programmes that rely on lab certification alone will keep missing the operational edge cases that fraudsters actually exploit. The practical signal is that buyers will increasingly demand proof of full-workflow testing, auditability of exception handling, and evidence that findings were operationalised, not merely acknowledged.

Trust boundaries are moving upstream into procurement and policy design. When buying decisions happen outside IT, the security team has to influence selection criteria before implementation begins. That means documenting which controls must be testable, which exceptions are disallowed, and which evidence is required before the system enters production.

Fraud red-team output should feed identity governance metrics. Track bypass attempts, false accept rates under attack, and remediation closure time as programme indicators, not just model performance scores. For teams building identity assurance, the most useful benchmark is whether the control stack can withstand the exact attacks the business is most likely to face.


For practitioners

  • Require adversarial testing evidence in IDV evaluations Ask vendors to show how they have been tested against injection attacks, synthetic identities, replay, rooted devices, and document fraud across full onboarding and re-verification flows.
  • Test policy exceptions as part of the control surface Include manual review paths, exception handling, regional threshold differences, and transaction-based liveness logic in red-team scenarios so process drift does not become a bypass path.
  • Separate presentation attacks from software injection risk Validate camera-fed spoof resistance and backend pipeline integrity independently, because controls that stop one can still miss the other.
  • Ask for internal red-team follow-through Confirm that findings from external testing are tracked into product fixes, fraud rules, and operating procedures, not left as isolated reports.

Key takeaways

  • Identity verification security cannot be judged by certification alone because real fraud exploits workflow edges, not just benchmarked model behavior.
  • The evidence that matters is adversarial testing across deepfakes, injection attacks, synthetic identities, and exception handling paths.
  • Practitioners should treat fraud red teaming as part of identity governance, because proof of trust now requires operational validation under attack.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST SP 800-63 and NIST CSF 2.0 set the technical controls, while GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST SP 800-63SP 800-63AIdentity proofing and verification are central to the article's IDV focus.
NIST CSF 2.0PR.AA-01The article is about verifying identity assurance before access is granted.
GDPRArt.32The article touches biometric and identity data processed in verification flows.

Review verification workflows under Art.32 to ensure appropriate protection of identity and biometric data.


Key terms

  • Fraud Red Team: A fraud red team is an external or internal testing function that simulates real attacker behaviour against identity and fraud controls. It evaluates the full workflow, including policy exceptions, manual review, liveness checks, and onboarding logic, to see whether an organisation can still make correct trust decisions under pressure.
  • Presentation Attack: A presentation attack is an attempt to fool a biometric or liveness system with a spoof shown directly to the sensor, such as a printed image, replayed video, or mask. It targets the front of the verification process, where the system interprets what it sees as if it were a real user.
  • Software Injection Attack: A software injection attack inserts manipulated media or signals into the verification pipeline rather than presenting them naturally to the camera. This is a different control problem from physical spoofing because the attacker targets the trusted data path, not just the sensor input.
  • Synthetic Identity: A synthetic identity combines real and fabricated attributes to create a persona that can pass weak checks and build trust over time. In identity verification, it is dangerous because it can look legitimate at point of onboarding while still being engineered for later fraud.

What's in the full article

Incode's full article covers the operational detail this post intentionally leaves for the source:

  • The vendor's four-question evaluation framework for IDV buyers, including how to separate analyst recognition from adversarial proof.
  • The iBeta Level 1, Level 2, and Level 3 distinctions and why those certifications do not cover software injection attacks.
  • The SocialProof Security test setup, including the 13 attack types used against mobile verification flows.
  • The vendor's explanation of how internal fraud red teams turn external findings into product and policy changes.

👉 Incode's full article covers the fraud red team approach, certification limits, and the test results behind its claims.

Deepen your knowledge

The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, secrets management, and machine identity controls that complement identity and fraud assurance work. It is designed for practitioners who need to connect identity decisions to broader access and lifecycle governance.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-18.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org