TL;DR: A consumer study of 2,000 people in the UK and US found that 74% would switch banks for guaranteed deepfake protection, while 48% now question almost everything they see online, according to iProov. The shift turns human identity assurance into a business continuity issue, not just a fraud control.
NHIMG editorial — based on content published by iProov: a consumer study on deepfake trust, biometric protection, and digital identity confidence
By the numbers:
- (74%) of consumers say they would switch banks, ld switch banks if a competitor offered guaranteed protection against deepfake-enabled fraud.
- (55%) report they would be more likely to, more likely to use government services online if a secure biometric login were available.
Questions worth separating out
Q: How should organisations protect human identity journeys from deepfake-enabled fraud?
A: Use layered assurance rather than relying on any single signal.
Q: Why do deepfakes change the way IAM teams think about trust?
A: Deepfakes weaken the assumption that humans can reliably judge authenticity during digital interactions.
Q: How can security teams measure whether biometric login is improving trust?
A: Look for adoption, reduced recovery abuse, lower impersonation rates, and fewer failed high-risk transactions after rollout.
Practitioner guidance
- Strengthen identity proofing with multi-signal verification Combine biometric checks with liveness, device binding, and contextual risk signals before allowing high-value actions or account recovery.
- Harden recovery and support workflows against impersonation Require stricter verification for password resets, beneficiary changes, and help desk overrides, especially where deepfake-assisted social engineering could bypass normal user friction.
- Reclassify trust controls as governance controls Track identity assurance as a measurable control outcome alongside fraud loss, abandonment, and login success so the business can see whether real human presence is being established.
What's in the full report
iProov's full consumer study covers the operational detail this post intentionally leaves for the source:
- Survey methodology for the 2,000 respondents across the UK and US, useful if you need to validate the evidence base.
- Age-band breakdowns showing how different consumer segments responded to deepfake protection and biometric login.
- Detailed wording from the consumer questionnaire, including how trust, switching intent, and legal accountability were measured.
- The interactive 'Find the Fake' exercise that demonstrates how hard synthetic identity can be to spot in practice.
👉 Read iProov's consumer study on deepfake trust and biometric protection →
Deepfake protection and human trust: are identity controls keeping up?
Explore further
Deepfake trust erosion is now a human identity governance problem. This study shows that consumers are no longer evaluating identity assurance only at the point of login. They are judging whether institutions can prove that a person, not a synthetic proxy, is on the other end of the interaction. For IAM teams, that means assurance is part of customer trust architecture, not just authentication design.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: What should banks and public services do when customers demand stronger deepfake protection?
A: Treat it as a governance requirement, not just a feature request. Prioritise stronger verification in enrolment, account recovery, and transaction approval, then publish clear rules for disputed identity events. Customers want confidence that the institution can tell a real person from synthetic manipulation, and policy clarity is part of that confidence.
👉 Read our full editorial: Deepfake trust erosion is reshaping human identity security
Deepfake trust erosion is now a human identity governance problem. This study shows that consumers are no longer evaluating identity assurance only at the point of login. They are judging whether institutions can prove that a person, not a synthetic proxy, is on the other end of the interaction. For IAM teams, that means assurance is part of customer trust architecture, not just authentication design.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: What should banks and public services do when customers demand stronger deepfake protection?
A: Treat it as a governance requirement, not just a feature request. Prioritise stronger verification in enrolment, account recovery, and transaction approval, then publish clear rules for disputed identity events. Customers want confidence that the institution can tell a real person from synthetic manipulation, and policy clarity is part of that confidence.
👉 Read our full editorial: Deepfake trust erosion is reshaping human identity security