TL;DR: Gartner’s 2025 Identity Verification report and recent fraud cases show that false or compromised identity checks now create operational, safety, and liability risk across workforce onboarding, access, and service workflows, according to 1Kosmos. Traditional verification models are no longer enough when attackers combine social engineering, hiring fraud, and identity abuse to bypass trust gates.
NHIMG editorial — based on content published by 1Kosmos: the 2025 Gartner Magic Quadrant for Identity Verification report analysis
By the numbers:
- 1Kosmos says it tripled annual recurring revenue and secured $57 million in venture backing in the past year.
- 1Kosmos says its global platform processes over one billion daily authentications for 75+ million users.
- 1Kosmos says customers have reduced identity fraud by more than 40% within six months of deployment.
Questions worth separating out
Q: How should IAM teams reduce identity fraud in workforce onboarding and access?
A: Start by treating identity proofing as a security control with downstream consequences, not an HR formality.
Q: Why do traditional identity processes fail against social engineering and hiring fraud?
A: Traditional processes often assume the identity decision is correct once and then remain true across the entire lifecycle.
Q: How can organisations tell whether identity verification is strong enough for privileged access?
A: Look for evidence that the verification model changes with risk, not just with user volume.
Practitioner guidance
- Map every downstream trust reuse point Identify where a verified identity is reused across onboarding, service desk resets, privileged access, and regulated workflows.
- Separate proofing from authentication in policy design Document which controls establish that a person is real and which controls later prove they are the same person at login.
- Review recovery and fallback paths for impersonation risk Test what happens when an attacker cannot break authentication but can still exploit account recovery, help desk, or identity proofing fallback.
What's in the full article
1Kosmos' full article covers the operational detail this post intentionally leaves for the source:
- The vendor's own breakdown of FedRAMP High Authorization and the control environment behind it
- Details on the integration stack across Active Directory, Okta, Microsoft Entra ID, CyberArk, Ping, and ServiceNow
- The biometric and reusable identity wallet architecture described by the vendor
- Customer examples and deployment claims that show how the platform is being positioned in workforce identity use cases
👉 Read 1Kosmos' analysis of Gartner's 2025 identity verification report →
Identity verification under attack: what IAM teams need to know now?
Explore further
Identity verification is becoming a governance control, not just an onboarding step. The article is right to frame false identity as a systemic risk because the same proofing event often authorises access across HR, IT, and privileged workflows. That makes identity verification part of lifecycle governance, not a standalone security feature. The implication is that IAM programmes need to treat identity proofing as an upstream control surface with downstream blast radius.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity trust is accepted without complete oversight.
A question worth separating out:
Q: Who is accountable when a false identity reaches critical business systems?
A: Accountability should sit with the identity and access owners who define how proofing outcomes are accepted by downstream systems, not only with the team that operated the verification tool. If HR, IAM, PAM, and application owners all rely on the same trust decision, ownership must be shared and documented. Otherwise no one is accountable when the trust chain breaks.
👉 Read our full editorial: Identity verification is becoming the front line of enterprise security