Workforce identity verification and deepfake fraud: are controls keeping up?

TL;DR: Workforce identity is shifting from productivity plumbing to a frontline security control as attackers exploit impersonation, synthetic identities, and credential-based fraud, according to 1Kosmos. Static credentials and repeat proofing are losing ground to attackers who can present convincing identity signals faster than legacy processes can validate them.

NHIMG editorial — based on content published by 1Kosmos: workforce identity verification, LiveID, and the frontline security case for identity proofing

By the numbers:

• 1 in 5 organizations have already raised concerns about deepfake-driven fraud, synthetic identities, and credential-based attacks targeting their workforce.

Questions worth separating out

Q: How should organisations secure employee onboarding against impersonation attacks?

A: Organisations should treat onboarding as a trust-establishment process, not a paperwork step.

Q: Why do password reset workflows create disproportionate identity risk?

A: Password reset workflows often bypass the strongest login protections and rely on support staff, secondary channels, or loosely governed recovery steps.

Q: What do security teams get wrong about workforce identity verification?

A: Teams often assume verification is a one-time gate at onboarding.

Practitioner guidance

• Map high-risk workforce identity moments Identify onboarding, password reset, device recovery, and helpdesk escalation steps where impersonation would create immediate access.
• Harden recovery paths before login paths Review whether password reset and recovery workflows are easier to abuse than primary authentication.
• Separate convenience metrics from assurance metrics Track onboarding speed and helpdesk volume separately from identity confidence, fraud attempts blocked, and failed impersonation rates.

What's in the full article

1Kosmos's full article covers the product and workflow detail this post intentionally leaves for the source:

• The specific LiveID recovery flow and how biometric credential recovery works across laptop, mobile, and kiosk experiences.
• The cited customer examples behind the onboarding and reset claims, including the workflow changes they report.
• The roadmap details on AI-driven fraud detection, deepfake resistance, and natural language querying for identity data.
• The SDK flexibility details that show how verification workflows can be customised for different enterprise processes.

👉 Read 1Kosmos's analysis of workforce identity verification and deepfake fraud →

Workforce identity verification and deepfake fraud: are controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →