Notifications
Clear all
Topic starter
09/06/2026 11:48 pm
TL;DR: AI-generated deepfakes and virtual camera injection are turning video calls into a fraud entry point for hiring, onboarding, account recovery, and financial approvals, according to iProov. The core issue is not video quality but the assumption that a face on screen proves identity, which no longer holds in high-risk workflows.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- The Arup deepfake video call cost the firm $25 million.
Questions worth separating out
Q: How should security teams handle identity verification in high-risk video calls?
A: Security teams should treat high-risk video calls as identity checkpoints, not just collaboration sessions.
Q: Why do deepfakes create an IAM problem in video meetings?
A: Deepfakes create an IAM problem because the meeting itself can become the point where identity is trusted, approved, or escalated.
Q: What breaks when organisations rely on video alone to verify participants?
A: Relying on video alone breaks the assumption that visual presence equals real identity.
Practitioner guidance
- Classify video calls by decision risk Identify which meetings can trigger hiring, onboarding, recovery, payment, or access decisions, then require stronger participant assurance for those flows.
- Require participant verification before material approvals Make authentication of the human behind the screen a prerequisite for approving funds, credentials, or privileged workflow changes.
- Test for camera-origin spoofing paths Validate whether your meeting stack can distinguish a physical camera from a virtual environment, especially on remote hiring and account recovery calls.
What's in the full announcement
iProov's full research covers the operational detail this post intentionally leaves for the source:
- Live product workflow for verifying participants during video calls without interrupting the host experience
- Two-factor stream analysis across imagery and camera-origin integrity, with real-time risk output
- Examples of how the control fits hiring, onboarding, account recovery, and financial approval flows
- Threat-monitoring operations from the iSOC function and how detection evolves as attack methods change
👉 Read iProov's announcement on verified identity checks for video meetings →
Video call identity verification: what it means for IAM teams?
Explore further
10/06/2026 2:18 am
Video identity trust has become an access-control problem, not a collaboration problem. The old assumption was that visual presence in a meeting implied a real person behind the screen. Deepfakes, virtual cameras, and AI-assisted impersonation have broken that premise, so the control boundary now sits inside the meeting workflow itself. IAM teams should treat video as part of the identity assurance chain, not as a separate communications layer.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- Another finding shows that 97% of NHIs carry excessive privileges, which broadens the attack surface when identity checks are weak.
A question worth separating out:
Q: How do you know if video identity verification is actually working?
A: You know it is working when high-risk decisions are consistently preceded by an explicit identity check and when virtual camera or deepfake attempts are flagged before approval. Measure whether the control is embedded in the workflow, how often it is triggered for sensitive cases, and whether suspicious sessions are escalated instead of accepted.
👉 Read our full editorial: Video call identity verification is becoming an IAM control
