“We provide the world’s leading news coverage and information on the global biometric technology market via the web and an exclusive daily newsletter. Our daily biometrics updates, industry perspectives, interviews, columns and in-depth features explore a broad range of modalities and methods, from fingerprint, voice, iris, and facial recognition, to cutting-edge technologies like DNA analysis and gait recognition, related identification tools such as behavioral biometrics, and non-biometric identification methods such as identity document verification and telephone forensics. Our coverage touches on all applications and issues dealt with in the sector, including national security, mobile identity, and border control, with a special emphasis on UN Sustainable Development Goal 16.9 to provide universal digital identification and the ID4Africa movement.”
Over the last ten years, there have been two instances in which I have been newsworthy.
2015 with MorphoTrak
The first occurred in 2015, when my then-employer MorphoTrak exhibited an airport gate called MorphoWay at a conference then known as connect:ID. At the 2015 show, I demonstrated MorphoWay for Biometric Update’s videographer.
Me at connect:ID, 2015.
“In the video, Bredehoft scans his passport through the document reader, which checks the passport against a database to verify that it is, in fact, a CBP-authorized document.
“Once verified, the gates automatically open to allow Bredehoft to exit the area.”
2025 with Bredemarket
The second occurred ten years later in 2025, when I wrote a guest opinion piece entitled “Opinion: Vendors must disclose responsible uses of biometric data.” As I previously mentioned, I discussed the need to obtain consent for use of biometric data in certain instances, and noted:
“Some government agencies, private organizations, and biometric vendors have well-established procedures for acquiring the necessary consents.
“Others? Well…”
Biometric Update didn’t create a video this time around, but I did.
Biometric vendors…
2035???
So now that I’ve established a regular cadence for my appearances in Biometric Update, I fully expect to make a third appearance in 2035.
Because of my extensive biometric background, I predict that my 2035 appearance will concern the use of quantum computing to distinguish between a person and their fabricated clone using QCID (quantum clone identification).
No video yet, because I don’t know what video technology will be like ten years from now. So here’s an old fashioned 2D picture.
I’ve spent a ton of time discussing naughty people who use technology to create deepfakes—including voice deepfakes—to defraud people.
But some deepfakes don’t use technology, and some deepfakes are not intended to defraud.
Take Mark Hamill’s impersonation of fellow actor Harrison Ford.
Mark Hamill as Harrison Ford, and Harrison Ford reacting to Mark Hamill.
And then there was a case that I guess could be classified as fraud…at least to Don Pardo’s sister-in-law.
Don Pardo was originally known as an announcer on NBC game shows, and his distinctive voice could be heard on many of them, including (non-embeddable) parodies of them.
With his well-known voice, NBC jumped at the chance to employ him as the announcer for the decidedly non-game television show Saturday Night Live, where he traded dialogue with the likes of Frank Zappa.
“I’m the Slime.”
Except for a brief period after he ran afoul of Michael O’Donoghue, Pardo was a fixture on SNL for decades, through the reigns of various producers and executive producers.
Until one night in 1999 when laryngitis got the best of Don Pardo, and the show had to turn to Bill Clinton.
No, not the real Bill Clinton.
I’m talking about the SNL cast member who did a voice impression of Bill Clinton (and Jeopardy loser Sean Connery), Darrell Hammond. Who proceeded to perform an impression of Don Pardo.
An impression that even fooled Don Pardo’s sister-in-law.
This is Don Pardo saying this is Don Pardo…
Pardo continued to be Saturday Night Live’s announcer for years after that, sometimes live from New York, sometimes on tape from his home in Arizona.
And when Pardo passed away in 2014, he was succeeded as SNL’s announcer by former cast member Darrell Hammond.
“A deepfake is an artificial image or video (a series of images) generated by a special kind of machine learning called “deep” learning (hence the name).”
UVA then launches into a technical explanation.
“Deep learning is a special kind of machine learning that involves “hidden layers.” Typically, deep learning is executed by a special class of algorithm called a neural network….A hidden layer is a series of nodes within the network that performs mathematical transformations to convert input signals to output signals (in the case of deepfakes, to convert real images to really good fake images). The more hidden layers a neural network has, the “deeper” the network is.”
Why are shallowfakes shallow?
So if you don’t use a multi-level neural network to create your fake, then it is by definition shallow. Although you most likely need to use cumbersome manual methods to create it.
In injection attack detection, no fakery of the image is necessary. You can insert a real image of the person.
For presentation attack detection (liveness detection, either active or passive), you can dispense with the neural network and just use old fashioned makeup.
From NIST.
Or a mask.
Imagen 4.
It’s all semantics
In truth, we commonly refer to all face, voice, and finger fakes as “deep” fakes even when they don’t originate in a neural network.
But if someone wants to refer to shallowfakes, it’s OK with me.
Because I have talked about differentiation ad nauseum, I’m always looking for ways to see how identity/biometric and technology vendors have differentiated themselves. Yes, almost all of them overuse the word “trust,” but there is still some differentiation out there.
And I found a source that measured differentiation (or “unique positioning”) in various market segments. Using this source, I chose to concentrate on vendors who concentrate on identity verification (or “identity proofing & verification,” but close enough).
Before you read this, I want to caution you that this is NOT a thorough evaluation of The Prism Project deepfake and synthetic identity report. After some preliminaries, it focuses on one small portion of the report, concentrating on ONLY one “beam” (IDV) and ONLY one evaluation factor (differentiation).
Four facts about the report
First, the report is comprehensive. It’s not merely a list of ranked vendors, but also provides a, um, deep dive into deepfakes and synthetic identity. Even if you don’t care about the industry players, I encourage you to (a) download the report, and (b) read the 8 page section entitled “Crash Course: The Identity Arms Race.”
The crash course starts by describing digital identity and the role that biometrics plays in digital identity. It explains how banks, government agencies, and others perform identity verification; we’ll return to this later.
Then it moves on to the bad people who try to use “counterfeit identity elements” in place of “authentic identity elements.” The report discusses spoofs, presentation attacks, countermeasures such as multi-factor authentication, and…
Well, just download the report and read it yourself. If you want to understand deepfakes and synthetic identities, the “Crash Course” section will educate you quickly and thoroughly, as will the remainder of the report.
Synthetic Identity Fraud Attacks. Copyright 2025 The Prism Project.
Second, the report is comprehensive. Yeah, I just said that, but it’s also comprehensive in the number of organizations that it covers.
In a previous life I led a team that conducted competitive analysis on over 80 identity organizations.
I then subsequently encountered others who estimated that there are over 100 organizations.
This report evaluates over 200 organizations. In part this is because it includes evaluations of “relying parties” that are part of the ecosystem. (Examples include Mastercard, PayPal, and the Royal Bank of Canada who obviously don’t want to do business with deepfakes or synthetic identities.) Still, the report is amazing in its organizational coverage.
Third, the report is comprehensive. In a non-lunatic way, the report categorizes each organization into one or more “beams”:
The aforementioned relying parties
Core identity technology
Identity platforms
Integrators & solution providers
Passwordless authentication
Environmental risk signals
Infrastructure, community, culture
And last but first (for purposes of this post), identity proofing and verification.
Fourth, the report is comprehensive. Yes I’m repetitive, but each of the 200+ organizations are evaluated on a 0-6 scale based upon seven factors. In listed order, they are:
Growth & Resources
Market Presence
Proof Points
Unique Positioning, defined as “Unique Value Proposition (UVP) along with diferentiable technology and market innovation generally and within market sector.”
Business Model & Strategy
Biometrics and Document Authentication
Deepfakes & Synthetic Identity Leadership
In essence, the wealth of data makes this report look like a NIST report: there are so many individual “slices” of the prism that every one of the 200+ organizations can make a claim about how it was recognized by The Prism Project. And you’ve probably already seen some organizations make such claims, just like they do whenever a new NIST report comes out.
So let’s look at the tiny slice of the prism that is my, um, focus for this post.
Unique positioning in the IDV slice of the Prism
So, here’s the moment all of you have been waiting for. Which organizations are in the Biometric Digital Identity Deepfake and Synthetic Identity Prism?
Deepfake and Synthetic Identity Prism. Copyright 2025 The Prism Project.
Yeah, the text is small. Told you there were a lot of organizations.
For my purposes I’m going to concentrate on the “identity proofing and verification” beam in the lower left corner. But I’m going to dig deeper.
In the illustration above, organizations are nearer or farther from the center based upon their AVERAGE score for all 7 factors I listed previously. But because I want to concentrate on differentiation, I’m only going to look at the identity proofing and verification organizations with high scores (between 5 and the maximum of 6) for the “unique positioning” factor.
I’ll admit my methodology is somewhat arbitrary.
There’s probably no great, um, difference between an organization with a score of 4.9 and one with a score of 5. But you can safely state that an organization with a “unique positioning” score of 2 isn’t as differentiated from one with a score of 5.
And this may not matter. For example, iBeta (in the infrastructure – culture – community beam) has a unique positioning score of 2, because a lot of organizations do what iBeta does. But at the same time iBeta has a biometric commitment of 4.5. They don’t evaluate refrigerators.
So, here’s my list of identity proofing and verification organizations who scored between 5 and 6 for the unique positioning factor:
ID.me
iiDENTIFii
Socure
Using the report as my source, these three identity verification companies have offerings that differentiate themselves from others in the pack.
Although I’m sure the other identity verification vendors can be, um, trusted.
CBS News recently reported on the attempts of Meta and others to remove advertisements for “nudify” apps from their platforms. The intent of these apps is to take pictures of existing people—for example, “Scarlett Johansson and Anne Hathaway”—and creating deepfake nudes based on the source material.
Two versions of “what does this app do”
But the apps may present their purposes differently when applying for Apple App Store and Google Play Store approval.
“The problem with apps is that they have this dual-use front where they present on the app store as a fun way to face swap, but then they are marketing on Meta as their primary purpose being nudification. So when these apps come up for review on the Apple or Google store, they don’t necessarily have the wherewithal to ban them.”
How old are you? If you say so
And there’s another problem. While the apps are marketed to adult men, their users extend beyond that.
“CBS News’ 60 Minutes reported on the lack of age verification on one of the most popular sites using artificial intelligence to generate fake nude photos of real people.
“Despite visitors being told that they must be 18 or older to use the site…60 Minutes was able to immediately gain access to uploading photos once the user clicked “accept” on the age warning prompt, with no other age verification necessary.”
“Too often, network teams focus on availability, while security teams chase threats after the fact. That separation creates gaps — gaps that attackers exploit.”
Ricker’s solution:
“iVALT unifies remote access and identity security through:
Instant, passwordless biometric authentication
AI-resistant technology that stops deepfake and synthetic identity fraud”
I was curious which biometric modalities and vendors iVALT supported, so I looked it up.
iVALT appears to use PingOne DaVinci, which orchestrates everything.
The only biometrics specifically mentioned by iVALT are those captured on a mobile phone.
But it’s unclear to me whether these are the biometrics captured by the phone’s operating system (for example, TouchID or FaceID on iOS), third party biometrics, or all of the above.
Of course, most people don’t care about the minutiae of supported biometric modalities.
But some do…because all biometric algorithms do NOT provide the same accuracy or performance.
Just letting my Bredemarket blog readers know of two items I wrote on other platforms.
“Presentation Attack Injection, Injection Attack Detection, and Deepfakes.” This LinkedIn article, part of The Wildebeest Speaks newsletter series, is directed toward people who already have some familiarity with deepfake attacks.
“Presentation Attack Injection, Injection Attack Detection, and Deepfakes (version 2). This Substack post does NOT assume any deepfake attack background.
…I’m researching and describing how Bredemarket’s clients and prospects develop innovative technologies to expose these deepfake fraudsters.
You can spend good money on deepfake-fighting industry solutions, and you can often realize a positive return on investment when purchasing these technologies.
But the best defense against these deepfakes isn’t some whiz bang technology.
It’s common sense.
Would your CEO really call you at midnight to expedite an urgent financial transaction?
Would that Amazon recruiter want to schedule a Zoom call right now?
If you receive an out-of-the-ordinary request, the first and most important thing to do is to take a deep breath.
A real CEO or recruiter would understand.
And…
…if your company offers a fraud-fighting solution to detect and defeat deepfakes, Bredemarket can help you market your solution. My content, proposal, and analysis offerings are at your service. Let’s talk: https://bredemarket.com/cpa/
Bredemarket 