Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Biometric IDV and deepfake fraud: are your controls keeping up?


(@lalit)
Member Admin
Joined: 1 year ago
Posts: 257
Topic starter  

TL;DR: Biometric identity verification is now being used to counter deepfakes, synthetic identities, and AI-driven impersonation, but platform choice still hinges on liveness detection, document coverage, compliance, and integration depth according to 1Kosmos. The underlying problem is that verification strength alone does not resolve the trust assumptions in onboarding, recovery, and step-up flows.

NHIMG editorial — based on content published by 1Kosmos: five identity verification platforms that offer biometric authentication

Questions worth separating out

Q: How should security teams use biometric identity verification in account recovery flows?

A: Security teams should use biometric identity verification in account recovery only when it is paired with stronger proofing than routine sign-in.

Q: Why do deepfakes change the way organisations evaluate identity proofing?

A: Deepfakes change identity proofing because they can make a remote subject appear real even when no genuine person is present.

Q: What breaks when biometric authentication is treated as a standalone trust control?

A: What breaks is the assumption that visual similarity equals authentic identity.

Practitioner guidance

  • Define the identity event before choosing the control Map each biometric flow to a specific event such as onboarding, account recovery, step-up access, or re-authentication.
  • Set a higher assurance bar for recovery paths Require stronger evidence for password resets, account takeover recovery, and other high-risk changes than for routine enrolment.
  • Test liveness against realistic impersonation methods Validate active and passive liveness controls using photos, replay videos, masks, and AI-generated faces before trusting them in production.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

  • Platform-by-platform positioning for 1Kosmos, Jumio, Veriff, Onfido, and Mitek Systems
  • Detailed feature comparison across facial recognition, liveness detection, and document coverage
  • Implementation criteria for enterprise integrations, including APIs, SDKs, and no-code options
  • Use-case guidance for workforce, customer, and citizen identity deployments

👉 Read 1Kosmos's comparison of biometric identity verification platforms →

Biometric IDV and deepfake fraud: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Biometric verification is now a governance control, not just a UX feature. Once biometrics are used for onboarding, recovery, or access escalation, they sit inside identity assurance policy and not just the front-end experience. That means failure should be evaluated in terms of risk acceptance, fallback design, and who can approve exceptions. Practitioners should treat biometric IDV as part of identity governance, not a standalone fraud widget.

A few things that frame the scale:

  • 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which means most identity programmes still lack complete coverage of the non-human estate.

A question worth separating out:

Q: How do organisations decide when to require biometric verification versus other proofing methods?

A: Organisations should require biometric verification when the action is high risk, the user is remote, and the business needs a strong human-present signal. For lower-risk actions, lighter proofing may be sufficient if the workflow is already well governed. The decision should be based on risk, not on convenience alone.

👉 Read our full editorial: Biometric identity verification platforms still need stronger fraud controls



   
ReplyQuote
Share: