By NHI Mgmt Group Editorial TeamDomain: Governance & RiskSource: IncodePublished October 15, 2025

TL;DR: Forrester evaluated 15 identity verification providers and highlighted deepfake detection, document verification, and government data integrations as key differentiators as synthetic fraud accelerates, according to Incode’s summary of the report. The real issue for practitioners is that identity assurance now has to hold up against AI-generated deception, not just conventional onboarding fraud.


At a glance

What this is: This is an independent take on Incode’s summary of Forrester’s identity verification evaluation, which points to deepfake detection, document verification, and government data integrations as central to modern IDV.

Why it matters: It matters because IAM, fraud, and customer identity teams increasingly need controls that can distinguish real users from synthetic ones without breaking onboarding or creating brittle trust assumptions.

By the numbers:

👉 Read Incode's summary of the Forrester identity verification evaluation


Context

Identity verification is no longer just a customer onboarding problem. As synthetic identities, deepfakes, and AI-assisted fraud become more convincing, organisations need assurance that identity signals represent a real person and not a fabricated interaction.

The practical governance question for IAM teams is whether verification controls can still establish trust under adversarial conditions. That touches customer identity, KYC, fraud operations, and any workflow where the business relies on proof of personhood before granting access or completing a transaction.


Key questions

Q: How should identity teams reduce synthetic fraud without blocking real users?

A: Use layered verification rather than a single gate. Combine liveness, document checks, authoritative data sources, and behavioural signals so that one convincing artifact cannot establish trust on its own. The right balance is measured by how well the process rejects fabricated identities while keeping false rejects low for genuine applicants.

Q: Why do deepfakes change identity verification risk so much?

A: Deepfakes let attackers present realistic but fabricated identity evidence at scale. That breaks the assumption that a face, voice, or document image is inherently trustworthy. Identity programmes need controls that validate evidence against authoritative sources and context, not just visual plausibility.

Q: What do organisations get wrong about document verification?

A: They often treat document verification as proof of identity rather than proof that a document looks valid. A clean document image does not guarantee the person is legitimate. It should be treated as one input in a broader assurance model that includes data matching and risk scoring.

Q: How should teams handle identity proofing when government data is unavailable?

A: Set explicit fallback rules before you need them. If authoritative sources are missing, require alternate evidence, higher review thresholds, or manual adjudication for the riskiest cases. The main failure mode is letting weak evidence become acceptable simply because stronger sources are absent.


Technical breakdown

Deepfake detection in identity verification workflows

Deepfake detection attempts to spot manipulated face, voice, or document artefacts that mimic a real applicant during verification. In practice, it sits alongside liveness checks, document validation, and risk scoring rather than replacing them. The limitation is that adversaries can adapt quickly, especially when AI-generated media improves faster than model retraining. Verification teams therefore need layered signals, not a single point control, if they want to reduce synthetic fraud without over-rejecting genuine users.

Practical implication: treat deepfake detection as one signal in a broader risk engine, not as a standalone trust decision.

Document verification and OCR as identity evidence

Document verification checks whether a submitted ID is authentic, consistent, and readable, while OCR extracts the data for comparison against reference sources. This helps catch altered, stolen, or low-quality documents, but it still depends on the integrity of the source document and the confidence of the matched data. Where attackers use high-quality forgeries or recycled identity data, document checks need support from device, behaviour, and database corroboration to be reliable.

Practical implication: bind document checks to additional evidence sources so forged documents cannot pass as isolated proof.

Government data integrations and deterministic verification

Government data integrations provide a stronger identity anchor because they compare supplied attributes against authoritative records such as DMV or registry data. That improves determinism, but it also introduces coverage, latency, and jurisdiction constraints. The deeper governance issue is that many identity programmes still rely on self-asserted or visually plausible data, which is too weak when fraud is automated at scale. Authoritative lookups change the assurance model, but only where the data is available and properly governed.

Practical implication: use authoritative data where available, but define fallback paths for regions and attributes without government-grade sources.


Threat narrative

Attacker objective: The attacker wants to pass identity checks convincingly enough to gain trusted access, complete fraud, or establish a synthetic foothold for later abuse.

  1. Entry begins when a fraudster presents a synthetic identity, manipulated document, or deepfake during onboarding.
  2. Escalation occurs when weak verification logic accepts the false evidence and the attacker gains a trusted account or approved transaction path.
  3. Impact follows when the fabricated identity is used for account abuse, fraud, or further social engineering inside business workflows.
  • Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
  • DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

AI-driven identity verification has become a fraud containment problem, not just an onboarding optimisation problem. The article’s emphasis on deepfake detection shows that verification now has to absorb adversarial media, synthetic identities, and automated attack patterns. Traditional identity confidence models were built for honest applicants and consistent evidence. Practitioners should treat verification as a control against deception, not merely a conversion lever.

Authoritative data matching is the clearest way to raise assurance when visual evidence is no longer trustworthy. Forrester’s focus on government data integrations reflects a broader shift toward deterministic identity proofing where available. That does not eliminate risk, because source coverage and policy constraints vary by jurisdiction, but it does reduce reliance on easily fabricated signals. IAM and fraud teams should see this as a boundary-setting exercise for acceptable evidence.

Document verification remains necessary, but it is no longer sufficient on its own. OCR and document library coverage help with standardised checks, yet the control breaks down when attackers pair high-quality forgeries with synthetic personas and device-level evasion. The governance lesson is that single-signal trust decisions fail under AI-assisted fraud pressure. Practitioners should design identity evidence chains, not isolated gates.

Deepfake resistance is becoming a lifecycle issue across identity programmes. Once fraudsters can create convincing identities, the downstream problem is not only initial onboarding but also account recovery, step-up checks, and privileged customer workflows. That connects customer identity, IAM, and fraud operations into one assurance surface. Teams should align policy, detection, and review processes around the same trust standard.

From our research:

What this signals

Deepfake-resistant verification will increasingly be judged by lifecycle durability, not point-in-time accuracy. A control that works at first enrolment but fails during recovery, transaction approval, or step-up authentication is not sufficient for modern identity programmes. Teams should align verification policy with the full identity journey, then test where adversaries can re-enter the process through weaker checks.

72% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage. That figure from our research underlines a bigger truth: when identity evidence is weak or scattered, attackers can pivot from proof-of-personhood fraud into broader account abuse and access compromise. Treat verification, credentials, and trust assertions as one connected control plane.


For practitioners

  • Harden verification with layered evidence Combine deepfake detection, document verification, and authoritative data matching so no single signal can establish trust alone. Review where a positive result automatically creates an account, passes KYC, or unlocks a higher-risk workflow.
  • Map identity assurance to risk tiers Separate low-risk onboarding from high-risk transactions and recovery flows. Use stronger checks for activities that can create financial exposure, fraud loss, or privileged access later in the lifecycle.
  • Test fallback paths for missing authoritative data Define what happens when government data integrations are unavailable, incomplete, or jurisdictionally limited. Require a documented fallback process so weak evidence does not silently become the default control.
  • Review recovery and step-up controls for synthetic abuse Apply the same scrutiny to account recovery, address changes, and step-up verification that you apply to first-time onboarding. Attackers often bypass stronger front-door checks by targeting weaker post-enrolment flows.

Key takeaways

  • Identity verification now has to withstand synthetic fraud, not just ordinary onboarding mistakes.
  • Authoritative data matching and layered evidence are the clearest ways to reduce trust in fabricated identity signals.
  • The same assurance logic should protect onboarding, recovery, and step-up flows because attackers move to the weakest stage.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the technical controls, while GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-1Identity proofing and trust decisions map to access control and identity management.
NIST SP 800-53 Rev 5IA-2Identity verification supports user identification and authentication before access is granted.
NIST Zero Trust (SP 800-207)Zero trust depends on trustworthy identity signals at every access decision.
GDPRArt.32Identity verification often processes personal data and needs security by design.

Limit identity data collection, protect it appropriately, and document the security basis for verification steps.


Key terms

  • Identity Verification: Identity verification is the process of establishing that a person is real and that the evidence presented matches authoritative or trusted sources. In modern programmes it combines document, biometric, behavioural, and database checks to raise confidence without creating excessive friction.
  • Deepfake Detection: Deepfake detection is the use of models and rules to identify manipulated face, voice, or document content that imitates a genuine user. It is only one signal in a broader assurance workflow, because sophisticated attackers can vary inputs faster than single controls adapt.
  • Authoritative Data Matching: Authoritative data matching compares user-supplied identity claims against trusted records such as government or registry sources. It increases confidence when available, but coverage, latency, and jurisdictional limits mean it must be governed as part of a broader decision policy.
  • Synthetic Identity Fraud: Synthetic identity fraud is the creation of a false identity from a mix of real and fabricated attributes. It can pass weak verification steps, then be used for account abuse, fraud, or recovery attacks once the attacker has established trust.

What's in the full article

Incode's full post covers the operational detail this post intentionally leaves for the source:

  • How Incode positions deepfake detection inside its identity verification workflow and what that means for implementation teams.
  • Forrester profile details on how the vendor was scored across the evaluated criteria, useful for buyers comparing capabilities.
  • The specific customer relationship and support themes surfaced in the vendor summary, which this post does not attempt to assess.
  • The wider product context around identity verification, age assurance, KYC, and agentic identity that sits beyond this editorial analysis.

👉 Incode's full post covers the vendor profile details, capability notes, and Forrester context behind the recognition.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org