Deepfakes and identity verification: are legacy controls keeping up?

TL;DR: Synthetic impersonation is shifting breaches toward login and verification abuse as Gartner found 62% of organisations experienced a deepfake attack in the past year, while iProov says it surpassed one million daily transactions in 2025; legacy identity controls are now being tested at the point of human authenticity, not at the network edge.

NHIMG editorial — based on content published by iProov: identity verification performance, deepfake threat intelligence, and product updates for 2025

By the numbers:

• iProov surpassed one million daily transactions in 2025.
• 62% of organizations experienced a deepfake attack in the past year.
• Only 0.1% could accurately identify deepfake media in independent research among 2,000 consumers.

Questions worth separating out

Q: How should organisations handle deepfake risk in human identity verification?

A: Treat deepfake risk as a verification integrity issue, not just a fraud problem.

Q: Why do biometric controls still fail against impersonation attacks?

A: Biometrics fail when they verify resemblance instead of presence.

Q: How can security teams know whether identity verification is actually working?

A: Look for evidence that the control survives adversarial testing, not just internal demos.

Practitioner guidance

• Test proofing against synthetic media attacks Run red-team style checks for face swaps, replayed video, virtual camera injection, and other presentation-attack techniques before relying on biometric MFA for high-risk flows.
• Separate onboarding trust from account recovery trust Use stronger evidence requirements for first-time enrolment and for recovery, because attackers often target the weaker of the two steps to create durable access.
• Require liveness and anti-injection evidence Do not accept a biometric or selfie match as sufficient on its own.

What's in the full analysis

iProov’s full report covers the operational detail this post intentionally leaves for the source:

• Threat Intelligence Report 2025 findings on native virtual camera attacks and face swap growth.
• Independent validation details for deepfake resilience testing against accredited standards.
• Customer use cases across workforce identity, travel, financial services, and property fraud.
• Product-specific verification capabilities and deployment context for high-assurance identity flows.

👉 Read iProov’s full analysis of deepfake-driven identity verification risk →

Deepfakes and identity verification: are legacy controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →