TL;DR: Forrester evaluated 15 identity verification providers and highlighted deepfake detection, document verification, and government data integrations as key differentiators as synthetic fraud accelerates, according to Incode’s summary of the report. The real issue for practitioners is that identity assurance now has to hold up against AI-generated deception, not just conventional onboarding fraud.
NHIMG editorial — based on content published by Incode: Incode named a Strong Performer in The Forrester Wave for identity verification solutions, Q3 2025
Questions worth separating out
Q: How should identity teams reduce synthetic fraud without blocking real users?
A: Use layered verification rather than a single gate.
Q: Why do deepfakes change identity verification risk so much?
A: Deepfakes let attackers present realistic but fabricated identity evidence at scale.
Q: What do organisations get wrong about document verification?
A: They often treat document verification as proof of identity rather than proof that a document looks valid.
Practitioner guidance
- Harden verification with layered evidence Combine deepfake detection, document verification, and authoritative data matching so no single signal can establish trust alone.
- Map identity assurance to risk tiers Separate low-risk onboarding from high-risk transactions and recovery flows.
- Test fallback paths for missing authoritative data Define what happens when government data integrations are unavailable, incomplete, or jurisdictionally limited.
What's in the full article
Incode's full post covers the operational detail this post intentionally leaves for the source:
- How Incode positions deepfake detection inside its identity verification workflow and what that means for implementation teams.
- Forrester profile details on how the vendor was scored across the evaluated criteria, useful for buyers comparing capabilities.
- The specific customer relationship and support themes surfaced in the vendor summary, which this post does not attempt to assess.
- The wider product context around identity verification, age assurance, KYC, and agentic identity that sits beyond this editorial analysis.
👉 Read Incode's summary of the Forrester identity verification evaluation →
Deepfake detection and IDV: what it means for IAM teams?
Explore further
AI-driven identity verification has become a fraud containment problem, not just an onboarding optimisation problem. The article’s emphasis on deepfake detection shows that verification now has to absorb adversarial media, synthetic identities, and automated attack patterns. Traditional identity confidence models were built for honest applicants and consistent evidence. Practitioners should treat verification as a control against deception, not merely a conversion lever.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation. That matters here because verification controls are increasingly part of the trust fabric, not a separate fraud-only concern.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools. The same governance weakness appears when identity assurance depends on scattered, inconsistent evidence sources.
A question worth separating out:
Q: How should teams handle identity proofing when government data is unavailable?
A: Set explicit fallback rules before you need them. If authoritative sources are missing, require alternate evidence, higher review thresholds, or manual adjudication for the riskiest cases. The main failure mode is letting weak evidence become acceptable simply because stronger sources are absent.
👉 Read our full editorial: Forrester’s IDV findings underscore the rise of deepfake fraud