Notifications
Clear all
Topic starter
22/06/2026 4:57 pm
TL;DR: BEC, vendor banking fraud, and executive impersonation now drive high-loss finance incidents, with losses often reaching eight figures and procedural checks increasingly defeated by deepfake audio and video, according to Scramble ID. Cryptographic people verification changes the control point from human judgement to device-bound proof at the moment of the high-trust decision, where impersonation attacks fail.
NHIMG editorial — based on content published by Scramble ID: People Verification for Finance Status (June 2026)
Questions worth separating out
Q: How should finance teams stop impersonation fraud in wire approvals?
A: Use a cryptographic verification ceremony at the moment of approval, not a callback or knowledge check.
Q: When does people verification matter most in finance workflows?
A: It matters most when the decision is irreversible or high value, especially for wire transfers, vendor banking changes, and executive commitments.
Q: What do organisations get wrong about executive impersonation risk?
A: They assume familiarity is a substitute for proof.
Practitioner guidance
- Gate high-risk finance actions behind cryptographic verification Require device-bound verification for wire approvals, vendor banking changes, and executive sign-off whenever the decision could create material loss.
- Set threshold-based dual control for material payments Define approval tiers so larger wires, first-time payees, and bank-detail changes trigger a second independent cryptographic approval before release.
- Eliminate urgency exceptions from approval policy Write policy so executives cannot bypass the verification ceremony because they are travelling, offline, or under deadline pressure.
What's in the full article
Scramble ID's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step verification flows for wire approval, vendor banking changes, and executive sign-off.
- Threshold examples for when dual control and cooling-off controls should be added.
- Audit event fields and device-binding details for implementing the verification ceremony.
- Exception-handling guidance for executives who are travelling or temporarily unavailable.
👉 Read Scramble ID's analysis of cryptographic people verification for finance →
Cryptographic people verification in finance: are your controls enough?
Explore further
22/06/2026 5:09 pm
Procedural trust is no longer a durable control premise in finance. Callback, manager confirmation, and knowledge questions were designed for an era when identity presentation was hard to counterfeit at scale. That assumption fails when the attacker can pre-stage context, clone voice, and sustain a convincing interaction long enough to pass a human review. The implication is that finance governance must stop treating human judgement as the decisive identity proof.
A few things that frame the scale:
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
A question worth separating out:
Q: Who should be accountable for approval fraud controls?
A: Treasury, finance operations, and identity security should share accountability, because the control spans transaction policy, identity assurance, and audit evidence. The business owner must define thresholds and exception handling, while IAM or security teams ensure the verification ceremony and logs are reliable.
👉 Read our full editorial: Cryptographic people verification for finance is replacing procedural trust
