You’ve probably heard me rant about companies that fail to differentiate.
But what’s worse are the companies that have clear differentiation, but then dump it to be just like everybody else.
Take Cracker Barrel.
Changing the look and feel
Despite their manufactured nature, they clearly present themselves as a place with an old-time retro feel.
Their menu pays homage to Southern cooking, even if you’re eating at a Cracker Barrel in California or Connecticut.
The store features country music, Moon Pies, and records…sorry, vinyl.
Even the walls are covered with decorations that reflect the past. In California, that means citrus crates, plus farming implements and sepia-toned pictures.
“The Tennessee-based company, known as much for its tchochkes as its Southern fixins’ like chicken fried steak and grits, has tossed the kitsch that drew generations of diners in favor of booths and crisp white walls.”
A move which gives the New York Post to describe the new look as “sterile.” A good word in healthcare, and maybe a good word in a restaurant kitchen, but not in the dining room.
So why do it? Because:
“CEO Julie Felss Masino admitted the chain is ‘just not as relevant’ as it used to be.”
Ah, RELEVANT. If you maintain a retro look that your competitors don’t have, you’re not relevant.
But what will Cracker Barrels become with white walls, no rocking chairs, and no Burma Shave signs?
Yawn.
A fast (food) lesson
McDonald’s learned about customer indifference the hard way. Throwing the old look into the dumpster doesn’t please people.
Years ago when I was growing up, McDonald’s was easily identifiable by its huge golden arches on the red and white striped buildings.
McDonald’s, Downey, California. Photo by Bryan Hong (Brybry26) • CC BY-SA 2.5.
But then McDonald’s decided that the 1950s-1960s look was no longer relevant and shifted to square brown buildings straight from an industrial park.
But today?
McDonald’s is making its customers happy by building huge restaurants with huge golden arches again. One is being built in my local area in Upland at Foothill and Benson. You may know Foothill Boulevard as Route 66. There are two existing golden arches restaurants on Foothill near Euclid in Upland and near Archibald in Rancho Cucamonga.
How are you differentiated?
So what happens in 2035 when some old man is telling his grandkids how cool Cracker Barrels USED to be?
You’ll have a new CEO ordering the high-traffic restaurants to cover the walls with farming implements again.
And maybe your technology company is in a similar state, sounding just the same as everyone else.
Ask yourself WHY your company is great and your competitors suck.
Third-party risk management (TPRM) tools take varying approaches to automated vs. manual operations.
The company SAFE addressed automation in a July 15 press release. It uses the trendy term “agentic AI” so it must shift paradigms and optimize outcomes.
After stripping out the PR fluff, here’s some of what’s left.
“[SAFE] announced the expansion of its Agentic AI strategy with the release of 12+ new autonomous agents, over the next 3 months, purpose-built for third-party risk. The next two AI agents are SnapShot and BreachWatch which help organizations proactively organize AI summaries and identify third-party breaches respectively….
“‘Legacy solutions weren’t built for risk landscape,’ said Saket Modi, CEO and co-founder of SAFE. ‘SAFE is transforming TPRM….’”
But if I could offer a marketing word of advice to TPRM firms, the “we are better than legacy TPRM firms” message has jumped the shark. EVERYONE is better than legacy TPRM firms these days; you are nothing new. No one is completely manual any more. It’s like comparing a Tesla to a bicycle. Or any basketball team to the Washington Generals.
The real question is HOW you use your automation, and how accurate your automation is. Speed alone is not enough.
I’ve told portions of this story at least twice before, but not all of it. Here is my February 2021 description:
“You’ve heard the saying about eating your own dog food. That statement bored me, so I started talking about eating your own iguana food. Eventually I tired of iguanas and pivoted to wildebeests.”
The wildebeest.
Even though the wildebeest has become Bredemarket’s primary animal, the iguana still hangs around, usually playing the role of a bad hombre.
The iguana.
Some time after that the wombat started to appear, primarily to do things that the wildebeest found difficult because of his anatomy.
The wombat.
So the wildebeest, wombat, and iguana let Bredemarket brand itself a little differently than the myriad of firms that pride themselves on eating their own dog food.
Because I have talked about differentiation ad nauseum, I’m always looking for ways to see how identity/biometric and technology vendors have differentiated themselves. Yes, almost all of them overuse the word “trust,” but there is still some differentiation out there.
And I found a source that measured differentiation (or “unique positioning”) in various market segments. Using this source, I chose to concentrate on vendors who concentrate on identity verification (or “identity proofing & verification,” but close enough).
Before you read this, I want to caution you that this is NOT a thorough evaluation of The Prism Project deepfake and synthetic identity report. After some preliminaries, it focuses on one small portion of the report, concentrating on ONLY one “beam” (IDV) and ONLY one evaluation factor (differentiation).
Four facts about the report
First, the report is comprehensive. It’s not merely a list of ranked vendors, but also provides a, um, deep dive into deepfakes and synthetic identity. Even if you don’t care about the industry players, I encourage you to (a) download the report, and (b) read the 8 page section entitled “Crash Course: The Identity Arms Race.”
The crash course starts by describing digital identity and the role that biometrics plays in digital identity. It explains how banks, government agencies, and others perform identity verification; we’ll return to this later.
Then it moves on to the bad people who try to use “counterfeit identity elements” in place of “authentic identity elements.” The report discusses spoofs, presentation attacks, countermeasures such as multi-factor authentication, and…
Well, just download the report and read it yourself. If you want to understand deepfakes and synthetic identities, the “Crash Course” section will educate you quickly and thoroughly, as will the remainder of the report.
Synthetic Identity Fraud Attacks. Copyright 2025 The Prism Project.
Second, the report is comprehensive. Yeah, I just said that, but it’s also comprehensive in the number of organizations that it covers.
In a previous life I led a team that conducted competitive analysis on over 80 identity organizations.
I then subsequently encountered others who estimated that there are over 100 organizations.
This report evaluates over 200 organizations. In part this is because it includes evaluations of “relying parties” that are part of the ecosystem. (Examples include Mastercard, PayPal, and the Royal Bank of Canada who obviously don’t want to do business with deepfakes or synthetic identities.) Still, the report is amazing in its organizational coverage.
Third, the report is comprehensive. In a non-lunatic way, the report categorizes each organization into one or more “beams”:
The aforementioned relying parties
Core identity technology
Identity platforms
Integrators & solution providers
Passwordless authentication
Environmental risk signals
Infrastructure, community, culture
And last but first (for purposes of this post), identity proofing and verification.
Fourth, the report is comprehensive. Yes I’m repetitive, but each of the 200+ organizations are evaluated on a 0-6 scale based upon seven factors. In listed order, they are:
Growth & Resources
Market Presence
Proof Points
Unique Positioning, defined as “Unique Value Proposition (UVP) along with diferentiable technology and market innovation generally and within market sector.”
Business Model & Strategy
Biometrics and Document Authentication
Deepfakes & Synthetic Identity Leadership
In essence, the wealth of data makes this report look like a NIST report: there are so many individual “slices” of the prism that every one of the 200+ organizations can make a claim about how it was recognized by The Prism Project. And you’ve probably already seen some organizations make such claims, just like they do whenever a new NIST report comes out.
So let’s look at the tiny slice of the prism that is my, um, focus for this post.
Unique positioning in the IDV slice of the Prism
So, here’s the moment all of you have been waiting for. Which organizations are in the Biometric Digital Identity Deepfake and Synthetic Identity Prism?
Deepfake and Synthetic Identity Prism. Copyright 2025 The Prism Project.
Yeah, the text is small. Told you there were a lot of organizations.
For my purposes I’m going to concentrate on the “identity proofing and verification” beam in the lower left corner. But I’m going to dig deeper.
In the illustration above, organizations are nearer or farther from the center based upon their AVERAGE score for all 7 factors I listed previously. But because I want to concentrate on differentiation, I’m only going to look at the identity proofing and verification organizations with high scores (between 5 and the maximum of 6) for the “unique positioning” factor.
I’ll admit my methodology is somewhat arbitrary.
There’s probably no great, um, difference between an organization with a score of 4.9 and one with a score of 5. But you can safely state that an organization with a “unique positioning” score of 2 isn’t as differentiated from one with a score of 5.
And this may not matter. For example, iBeta (in the infrastructure – culture – community beam) has a unique positioning score of 2, because a lot of organizations do what iBeta does. But at the same time iBeta has a biometric commitment of 4.5. They don’t evaluate refrigerators.
So, here’s my list of identity proofing and verification organizations who scored between 5 and 6 for the unique positioning factor:
ID.me
iiDENTIFii
Socure
Using the report as my source, these three identity verification companies have offerings that differentiate themselves from others in the pack.
Although I’m sure the other identity verification vendors can be, um, trusted.
Never mind that the resulting generative AI content was wordy, crappy, and possibly incorrect. For some people the fact that the content was THERE was good enough.
Then I noted that sometimes I will HAVE to get that content out without proper reflection. I outlined two measures to do this:
Don’t sleep on the content.
Let full-grown ideas spring out of your head.
But I still prefer to take my time brewing my content. I’ve spent way more than five minutes on this post alone, and I don’t even know how I’m going to end it yet. And I still haven’t selected the critically important image to accompany the post.
Am I a nut for doing things manually?
You’ve gone from idea to 2500+ word articles in 10 minutes.
And if Scalenut explains WHY its technology is so great, the description is hidden behind an array of features, benefits, and statistics.
Maybe it’s me, but Scalenut could improve its differentiation here, as outlined in my video.
Differentiation, by Bredemarket.
What Scalenut does…and doesn’t do
I should clarify that copyrighting is but one part of Scalenut’s arsenal.
Scalenut is a one-stop-shop AI-powered SEO writing tool that will see you through keyword selection, research, and content production. Plus, you get full access to their copywriting tool, which can create more specific short-form content like product descriptions.
You optimize SEO content by adding NLP keywords, which are the words that Google uses to decide what an article is about.
MacRae cautions that it’s not for “individuals whose writing is their brand,” and Scalenut’s price point means that it’s not for people who only need a few pieces a month.
But if you need a lot of content, and you’re not Stephen King or Dave Barry or John Bredehoft (not in terms of popularity, but of distinctness), then perhaps Scalenut may help you.
I can’t tell you why, though.
(And an apology for those who watch the video; like “The Long Run” album itself, it takes forever to get to the song.)
Bredemarket 