Identity/biometrics/technology marketing and writing services
I generated this picture in Imagen 4 after reading an AI art prompt suggestion from Danie Wylie. (I have mentioned her before in the Bredemarket blog…twice.)
The AI exercise raises a question.
What if you are in the middle of an identity verification or authentication process, and only THEN discover that a fraudster is impersonating you at that very moment?
Because I have talked about differentiation ad nauseum, I’m always looking for ways to see how identity/biometric and technology vendors have differentiated themselves. Yes, almost all of them overuse the word “trust,” but there is still some differentiation out there.
And I found a source that measured differentiation (or “unique positioning”) in various market segments. Using this source, I chose to concentrate on vendors who concentrate on identity verification (or “identity proofing & verification,” but close enough).
My source? The recently released “Biometric Digital Identity Deepfake and Synthetic Identity Prism Report” from The Prism Project, which you can download here by providing your business address.
Before you read this, I want to caution you that this is NOT a thorough evaluation of The Prism Project deepfake and synthetic identity report. After some preliminaries, it focuses on one small portion of the report, concentrating on ONLY one “beam” (IDV) and ONLY one evaluation factor (differentiation).
First, the report is comprehensive. It’s not merely a list of ranked vendors, but also provides a, um, deep dive into deepfakes and synthetic identity. Even if you don’t care about the industry players, I encourage you to (a) download the report, and (b) read the 8 page section entitled “Crash Course: The Identity Arms Race.”
Second, the report is comprehensive. Yeah, I just said that, but it’s also comprehensive in the number of organizations that it covers.
Third, the report is comprehensive. In a non-lunatic way, the report categorizes each organization into one or more “beams”:
Fourth, the report is comprehensive. Yes I’m repetitive, but each of the 200+ organizations are evaluated on a 0-6 scale based upon seven factors. In listed order, they are:
In essence, the wealth of data makes this report look like a NIST report: there are so many individual “slices” of the prism that every one of the 200+ organizations can make a claim about how it was recognized by The Prism Project. And you’ve probably already seen some organizations make such claims, just like they do whenever a new NIST report comes out.
So let’s look at the tiny slice of the prism that is my, um, focus for this post.
So, here’s the moment all of you have been waiting for. Which organizations are in the Biometric Digital Identity Deepfake and Synthetic Identity Prism?
Yeah, the text is small. Told you there were a lot of organizations.
For my purposes I’m going to concentrate on the “identity proofing and verification” beam in the lower left corner. But I’m going to dig deeper.
In the illustration above, organizations are nearer or farther from the center based upon their AVERAGE score for all 7 factors I listed previously. But because I want to concentrate on differentiation, I’m only going to look at the identity proofing and verification organizations with high scores (between 5 and the maximum of 6) for the “unique positioning” factor.
I’ll admit my methodology is somewhat arbitrary.
So, here’s my list of identity proofing and verification organizations who scored between 5 and 6 for the unique positioning factor:
Using the report as my source, these three identity verification companies have offerings that differentiate themselves from others in the pack.
Although I’m sure the other identity verification vendors can be, um, trusted.
Oh, by the way…did I remember to suggest that you download the report?
I received a suspicious email from “Sara Romano,” a “scout” with HiveLLM who wanted me to bid on a biometric content calendar with a budget of “75000” (no currency specified).
HiveLLM has no corporate address, no LinkedIn presence, a website only a couple of months old, and an advertised business model in which you can ask a question for 10 cents.
Oh, and “Sara Romano” also cold emailed Danie Wylie, who also found the pitch sketchy: https://m.facebook.com/story.php?story_fbid=pfbid0nvmhyuLpn3jwMv8K8sbK5EXfS4kcpjfWHicgj4BJhdFLMme87P5fvPSYf9CwjRH7l&id=100001380243595&mibextid=wwXIfr
A clear case of the need for Know Your Business (KYB).
And as you can see, HiveLLM failed a rudimentary KYB check.
But let’s ask some questions anyway.
“Sara, to confirm that HiveLLM is not a fraudulent entity, please provide your corporate address, registration information, and the identities of your owner(s) and corporate officers.”
UPDATE. At midnight Pacific Time, “Sara” sent a long response. Buried toward the end: “I’m unable to provide corporate registration or ownership details.”
From the CBC in Canada:
“The documents were forged Labour Market Impact Assessments, or LMIAs. Employers typically receive the documents from Employment and Social Development Canada (ESDC) if they want to hire a foreign worker.”
Biometrics aren’t enough. The person may be who they say they are, but the documentation they are holding may be fake.
More on this type of fraud: https://www-cbc-ca.cdn.ampproject.org/c/s/www.cbc.ca/amp/1.7516048
(Forged document from Imagen 3. Lincoln never held a law license in the then-United Kingdom.)
(Scammed bot finger picture from Imagen 3)
Your cybersecurity firm can provide the most amazing protection software to your clients, and the clients still won’t be safe.
Why not? Because of the human element. All it takes is one half-asleep employee to answer that “We received your $3,495 payment” email. Then all your protections go for naught.
The solution is simple: eliminate the humans.
Companies are replacing humans with bots for other rea$on$. But an added benefit is that when you bring in the non-person entities (NPEs) who are never tired and never emotional, social engineering is no longer effective. Right?
Well, you can social engineer the bot NPEs also.
Last month I wrote a post entitled “An ‘Injection’ Attack That Doesn’t Bypass Standard Channels?” It discussed a technique known as a memory injection attack (MINJA). In the post I was able to sort of (danged quotes!) get an LLM to say that Donald Trump was born on February 22, 1732.
But there are more serious instances in which bots can be fooled, according to Ben Dickson.
“Visual agents that understand graphical user interfaces and perform actions are becoming frontiers of competition in the AI arms race….
“These agents use vision-language models (VLMs) to interpret graphical user interfaces (GUI) like web pages or screenshots. Given a user request, the agent parses the visual information, locates the relevant elements on the page, and takes actions like clicking buttons or filling forms.”
Clicking buttons seems safe…until you realize that some buttons are so obviously scambait that most humans are smart enough NOT to click on them.
What about the NPE bots?
“They carefully designed and positioned adversarial pop-ups on web pages and tested their effects on several frontier VLMs, including different variants of GPT-4, Gemini, and Claude.
“The results of the experiments show that all tested models were highly susceptible to the adversarial pop-ups, with attack success rates (ASR) exceeding 80% on some tests.”
Your cybersecurity firm needs to educate. You need to warn humans about social engineering. And you need to warn AI masters that bots can also be social engineered.
But what if you can’t? What if your resources are already stretched thin?
If you need help with your cybersecurity product marketing, Bredemarket has an opening for a cybersecurity client. I can offer
If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/
Scammers tried to extract information from Ann Stephens, but she refused to give them the stuff they wanted: Social Security digits, her home address, or her bank account information.
The only information she provided was her work address.
At the time (2019), she was a police captain in Apex, North Carolina.
Oops.
She retired in 2022. And presumably continues to handle fraudsters, to their detriment.
The formal announcement is embargoed until tomorrow, but Bredemarket has TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:
Book a call: https://bredemarket.com/cpa/
H/T Donal Greene for this story of non-person entities that were really people.
“The nate app purported to take care of the remainder of the checkout process through AI: selecting the appropriate size, entering billing and shipping information, and confirming the purchase….In truth, nate relied heavily on teams of human workers—primarily located overseas—to manually process transactions in secret, mimicking what users believed was being done by automation.”
Now the DOJ is indicting Albert Saniger for defrauding investors: https://www.justice.gov/usao-sdny/pr/tech-ceo-charged-artificial-intelligence-investment-fraud-scheme
(Picture from Imagen 3)
News about iProov. According to Metropoler, the company discovered a dark web group in Latin America.
The group is
“amassing a substantial collection of identity documents and corresponding facial images, specifically designed to defeat Know Your Customer (KYC) verification processes. Rather than traditional theft, these identities may have been obtained through compensated participation, with individuals willingly providing their image and documentation in exchange for payment.”
To uncover such fraudulent activity, a mere government ID to selfie comparison is not enough, since both are from a real person. You need more sophisticated checks such as liveness detection, which iProov offers. You can find iProov’s ISO 30107-3 Presentation Attack Detection Level 2 confirmation letters on iBeta’s page.
Why would anyone sell their identity, either legitimately (to the World ex Worldcoin folks) or illegitimately (to this dark web outfit)?
Sadly, desperation. If you have a basic need to eat, who cares who is using your ID and what they’re doing with it?
So I checked out Coauthor’s me-too LinkedIn-themed copycat of Spotify Wrapped, like many of you did. Here’s the (unedited) post it wrote for me—not too bad:
= = =
Here’s my 2024 LinkedIn Rewind, by Coauthor.studio:
After 30 years in identity and biometrics, 2024 showed me that verification only goes so far. The real challenge isn’t just confirming who someone is – it’s understanding what they might do.
From employment fraudsters with verified credentials to healthcare imposters with stolen birthdates, this year proved that identity verification alone can’t prevent deception. But it also showed how combining technical expertise with human insight can help protect organizations and individuals.
Key observations from 2024:
Three posts that captured these themes:
“Employment Fraud and Identity Verification”
On why verifying someone’s identity only goes so far
https://www.linkedin.com/feed/update/urn:li:activity:7268454996734545921/
“Rich Powaza’s Disappearance”
Real consequences of fraudulent behavior
https://www.linkedin.com/feed/update/urn:li:activity:7253092940393193472/
“Get Off My Lawn”
Changing workplace norms and responsibilities
https://www.linkedin.com/feed/update/urn:li:activity:7262320817898758145/
Through Bredemarket, I delivered over 100 content and analysis projects helping organizations navigate these challenges. I also conducted research on employment fraud tactics and moderated communities helping others avoid scams.
Looking ahead: 2025 will require even more sophisticated approaches to identity verification and fraud prevention. The fraudsters aren’t going away – but neither am I. I’ll continue helping organizations implement effective identity strategies while advocating for ethical AI use and employment practices.
To the wildebeests following along: remember that verification is just the start. The real value comes from understanding intent and building trust.
#fraud #identity #security #productmarketing
—
Get your 2024 LinkedIn Rewind! Go to coauthor.studio
Black Friday fraud dipped in 2024? Maybe good news…maybe not.
Frank on Fraud shared a TransUnion report of a 30% decrease in fraud on Black Friday this year. (Links below.)
This in turn was shared and analyzed by Hilton McCall, who noted several theories as to why fraudsters apparently took Black Friday off.
“Tighter fraud prevention measures by merchants and platforms.”
That’s good news.
“Shifting fraud tactics targeting other high-value days like Cyber Monday.”
“A possible focus on new fraud methods, like account takeovers and loyalty point scams, rather than traditional purchase fraud.”
That’s bad news.
Remain vigilant—and if your firm offers a fraud-fighting solution, share your message.
Frank on Fraud: https://frankonfraud.com/fraud-trends/fraudster-vacation-fraud-plunges-on-black-friday/
Hilton McCall: https://www.linkedin.com/posts/hilton-mccall_fraudprevention-blackfriday-cybersecurity-activity-7272611182727909376-lsyD
Bredemarket