Many of us have been using Docusign for years to electronically sign documents. But how does Docusign know that the person applying John Bredehoft’s signature is really John Bredehoft?
Enter Docusign’s implementation of Identity Assurance Level 2 (IAL2).
“The Docusign ID Verification for IAL2 Compliance workflow is easy to add to workflows within eSignature and Maestro, part of the Docusign Intelligent Agreement Management (IAM) platform.
“Before a recipient can access an agreement, they will be required to verify their identity using their existing ID.me or CLEAR account. If needed, they can create a free account with either provider from within the same Docusign workflow. Once verified, they can securely sign and complete their agreement, all in a single, seamless experience.”
But I have one teeny quibble with whoever writes Docusign’s headlines. The November 6 announcement was entitled “Identity Verification at the Highest Level: Docusign ID Verification for IAL2 Compliance.”
Is the medical facility working with the right patient?
Hackensack Meridian Health in New Jersey claims that it knows who its patients are. It has partnered with CLEAR for patient identification, according to AInvest. Among the listed benefits of the partnership are enhanced security:
“CLEAR1 meets NIST’s Identity Assurance Level 2 (IAL2) standards, a rare feat in the healthcare sector, ensuring robust protection against fraud.”
Because I have talked about differentiation ad nauseum, I’m always looking for ways to see how identity/biometric and technology vendors have differentiated themselves. Yes, almost all of them overuse the word “trust,” but there is still some differentiation out there.
And I found a source that measured differentiation (or “unique positioning”) in various market segments. Using this source, I chose to concentrate on vendors who concentrate on identity verification (or “identity proofing & verification,” but close enough).
Before you read this, I want to caution you that this is NOT a thorough evaluation of The Prism Project deepfake and synthetic identity report. After some preliminaries, it focuses on one small portion of the report, concentrating on ONLY one “beam” (IDV) and ONLY one evaluation factor (differentiation).
Four facts about the report
First, the report is comprehensive. It’s not merely a list of ranked vendors, but also provides a, um, deep dive into deepfakes and synthetic identity. Even if you don’t care about the industry players, I encourage you to (a) download the report, and (b) read the 8 page section entitled “Crash Course: The Identity Arms Race.”
The crash course starts by describing digital identity and the role that biometrics plays in digital identity. It explains how banks, government agencies, and others perform identity verification; we’ll return to this later.
Then it moves on to the bad people who try to use “counterfeit identity elements” in place of “authentic identity elements.” The report discusses spoofs, presentation attacks, countermeasures such as multi-factor authentication, and…
Well, just download the report and read it yourself. If you want to understand deepfakes and synthetic identities, the “Crash Course” section will educate you quickly and thoroughly, as will the remainder of the report.
Synthetic Identity Fraud Attacks. Copyright 2025 The Prism Project.
Second, the report is comprehensive. Yeah, I just said that, but it’s also comprehensive in the number of organizations that it covers.
In a previous life I led a team that conducted competitive analysis on over 80 identity organizations.
I then subsequently encountered others who estimated that there are over 100 organizations.
This report evaluates over 200 organizations. In part this is because it includes evaluations of “relying parties” that are part of the ecosystem. (Examples include Mastercard, PayPal, and the Royal Bank of Canada who obviously don’t want to do business with deepfakes or synthetic identities.) Still, the report is amazing in its organizational coverage.
Third, the report is comprehensive. In a non-lunatic way, the report categorizes each organization into one or more “beams”:
The aforementioned relying parties
Core identity technology
Identity platforms
Integrators & solution providers
Passwordless authentication
Environmental risk signals
Infrastructure, community, culture
And last but first (for purposes of this post), identity proofing and verification.
Fourth, the report is comprehensive. Yes I’m repetitive, but each of the 200+ organizations are evaluated on a 0-6 scale based upon seven factors. In listed order, they are:
Growth & Resources
Market Presence
Proof Points
Unique Positioning, defined as “Unique Value Proposition (UVP) along with diferentiable technology and market innovation generally and within market sector.”
Business Model & Strategy
Biometrics and Document Authentication
Deepfakes & Synthetic Identity Leadership
In essence, the wealth of data makes this report look like a NIST report: there are so many individual “slices” of the prism that every one of the 200+ organizations can make a claim about how it was recognized by The Prism Project. And you’ve probably already seen some organizations make such claims, just like they do whenever a new NIST report comes out.
So let’s look at the tiny slice of the prism that is my, um, focus for this post.
Unique positioning in the IDV slice of the Prism
So, here’s the moment all of you have been waiting for. Which organizations are in the Biometric Digital Identity Deepfake and Synthetic Identity Prism?
Deepfake and Synthetic Identity Prism. Copyright 2025 The Prism Project.
Yeah, the text is small. Told you there were a lot of organizations.
For my purposes I’m going to concentrate on the “identity proofing and verification” beam in the lower left corner. But I’m going to dig deeper.
In the illustration above, organizations are nearer or farther from the center based upon their AVERAGE score for all 7 factors I listed previously. But because I want to concentrate on differentiation, I’m only going to look at the identity proofing and verification organizations with high scores (between 5 and the maximum of 6) for the “unique positioning” factor.
I’ll admit my methodology is somewhat arbitrary.
There’s probably no great, um, difference between an organization with a score of 4.9 and one with a score of 5. But you can safely state that an organization with a “unique positioning” score of 2 isn’t as differentiated from one with a score of 5.
And this may not matter. For example, iBeta (in the infrastructure – culture – community beam) has a unique positioning score of 2, because a lot of organizations do what iBeta does. But at the same time iBeta has a biometric commitment of 4.5. They don’t evaluate refrigerators.
So, here’s my list of identity proofing and verification organizations who scored between 5 and 6 for the unique positioning factor:
ID.me
iiDENTIFii
Socure
Using the report as my source, these three identity verification companies have offerings that differentiate themselves from others in the pack.
Although I’m sure the other identity verification vendors can be, um, trusted.
Bank of America, Euclid Avenue, Ontario, California.
Here’s a sign of the times from Ontario, California. The sign at the end of this video appears on the door of a bank branch in downtown Ontario, and basically says that if you wanted to go to THIS branch on Saturday, you’re out of luck.
Of course, that assumes that you actually WANT to go to a physical bank branch location. Unlike the old days, when banks were substantive buildings that you visited to deposit and withdraw money, now banks can be found in our smartphones.
What locational, technological, and organizational changes have taken place at banks over the last 50 years? And now that you can open an account to buy crypto on your smartphone, does your financial institution’s onboarding solution actually WORK in determining financial identity?
Three changes in banking over the last fifty years
Over the last fifty years, banking has changed to the point where someone from 1973 wouldn’t even recognize “banking” today. Stick around to see a video from a company called “Apple” showing you how to use a “wallet” on a “smartphone” to pay for things even if you’re not carrying your “chip card.” Karl Malden would be spinning in his grave. So let’s talk about the three changes:
The locational change.
The technological change.
The organizational change.
The locational change: from stand-alone buildings to partitioned grocery store sections
When I was growing up, a “bank” (or a “savings & loan,” which we will discuss later) was located in a building where you would go on weekdays (or even Saturdays!) and give money to, or get money from, a person referred to as a teller.
There was this whole idea of “going to the bank,” perhaps on your lunch hour because you couldn’t go to the bank on Sunday at midnight, could you?
The first crack in the whole idea of “going to the bank” was the ability to bank without entering the door of the bank…and being able to bank on Sunday at midnight if you felt like it. Yes, I’m talking about Automated Teller Machines (ATMs), where the “teller,” instead of being a person, was a bunch of metal and a TV screen. The first ATM appeared in 1967, but they didn’t really become popular until several years later.
For the most part, these ATMs were located at the bank buildings themselves. But those buildings were costly, and as competition between banks increased, banks sought alternatives. By 1996, a new type of banking location emerged (PDF):
The largest U.S. commercial banks are restructuring their retail operations to reduce the cost disadvantage resulting from a stagnant deposit base and stiffer competition. As part of this effort, some banks are opening “supermarket,” or “in-store,” branches: a new type of banking office within a large retail outlet. An alternative to the traditional bank office, the supermarket branch enables banks to improve the efficiency of the branch network and offer greater convenience to customers.
To traditionalists, these bank branches looked pretty flimsy. Where are the brick and (fake) marble walls that protect my cash? Heck, anyone can walk into the store and just steal all my money, right?
Well, these newfangled bank branches apparently WERE able to protect our cash, and the idea of banking right in the grocery store proved to be very popular because of its convenience.
But the changes were just beginning.
The technological change: from store sections to smartphones
As banks changed where they were located, there were technological changes also.
During the 1990s, more and more people were using home computers. As the computers and their security became more and more sophisticated, some people asked why we needed to “go to the bank” (either a stand-alone building or a partitioned area next to the cigarettes) at all. Why not just bank at the computer? So PC banking emerged.
The term “PC banking” refers to the online access of banking information from a personal computer. A solution for both personal or business banking needs, this type of financial management allows you to conduct transactions using an Internet connection and your computer in lieu of a trip to the local bank branch or the use of an ATM. PC banking enables an account holder to perform real-time account activities and effectively manage finances in a way that avoids the hassle of daytime bank visits and eliminates the postage required to pay bills by mail.
Ah yes; there was another benefit. You could use the computer to pay your bills electronically. The U.S. Postal Service was NOT a fan of this change.
As we crossed into the new millennium, the online banking ideas got even wilder. Cellular telephones, which followed a modified version of the “Princess phone” form factor, became more complex devices with their own teeny-tiny screens, just like their larger computer cousins. Eventually, banks began offering their services on these “smartphones,” so that you didn’t even need a computer to perform your banking activities.
Imagine putting the video below on 8mm film and traveling back in time to show it to a 1973 banking customer. They would have no idea what was going on in the film.
But are PC and smartphone banking secure? After all, smartphones don’t have brick or (fake) marble walls. We’ll get to that question.
The organizational change: from banks to…who knows what?
The third change was not locational or technological, but a change in terms of business organization. Actually, many changes.
Back in 1973, the two major types of banks were banks, and something called “savings & loans.” Banks had been around for centuries, but savings & loans were a little newer, having started in 1831. They were regulated a little differently: banks were insured by the FDIC, S&Ls by the FSLIC.
Everything was all hunky dory until the 1980s, when the S&Ls started collapsing. This had monumental effects; for example, this PDF documenting the S&L crisis is hosted on the FDIC website, because the FSLIC was abolished many years ago.
After savings & loans became less popular, other “banks” emerged.
Members-only associations called credit unions had started in 1864, and in the United States they had their own government-sponsored insurance, separate from the FDIC and FSLIC.
But there was one similarity between banks, savings & loans, credit unions, and payday loans. They all dealt in U.S. dollars (or the currency of the nation where they were located).
Enter the crypto providers, who traded cryptocurrencies that weren’t backed by any government. Since they were very new entrants, they didn’t have to make the locational and technological changes that banks and related entities had to make; they zoomed straight to the newest methods. Everything was performed on your smartphone (or computer), and you never went to a physical place.
Now, let’s open a financial account
Back in 1973, the act of opening an account required you to travel to a bank branch, fill out some forms, and give the teller some form of U.S. dollars.
You can still do that today, for the most part. But it was hard to do that in the summer and fall of 2020 when Bredemarket started.
Bredemarket pretty much started because of the COVID-19 pandemic, and those first few months of Bredemarket’s existence were adversely affected by COVID-19. When I wanted to start a bank account for Bredemarket, I COULDN’T travel to my nearby bank branch to open an account. I HAD to open my account with my computer.
So, without a teller (human or otherwise) even meeting me, I had to prove that I was a real person, and give my bank enough information during onboarding so that they knew I wasn’t a money-laundering terrorist. Banks had to follow government regulations (know your customer, anti-money laundering, know your business), even in the midst of a worldwide pandemic.
This onboarding process had to be supported whether you were or were not at a physical location of a financial institution.
Whether you were conducting business in person, on a computer, or on a smartphone.
Whether you were working with U.S. dollars or (as crypto regulations tightened) something named after a dog or an entire planet or whatever.
How can you support all that?
Liminal’s “Link™ Index for Account Opening in Financial Services”
Back in 2020 when I was onboarding the new-fashioned way, I had no way of predicting that in less than two years, I would be working for a company that helped financial institutions onboard customers the new-fashioned way.
At the time, I estimated that there were over 80 companies that provided such services.
According to Liminal, my estimate was too low. Or maybe it was too high.
Liminal’s July 2023 report, “Link™ Index for Account Opening in Financial Services,” covers companies that provide onboarding services that allow financial institutions to use their smartphone apps (or web pages) to sign up new clients.
Account opening solutions for the financial services industry are critical to ensuring compliance and preventing fraud, enabling companies to effectively identify new users during customer registration and deliver a seamless onboarding experience. The primary purpose of these solutions is to facilitate mandatory compliance checks, with a particular emphasis on the Know Your Customer (KYC) process.
If I can summarize KYC in layperson terms, it basically means that the person opening a financial institution account is who they say they are. For example, it ensures that Vladimir Putin can’t open a U.S. bank acccount under the name “Alan Smithee” to evade U.S. bans on Russian national transctions.
Remember how I found over 80 identify proofing vendors? Liminal found a few more who claimed to offer identity proofing, but thinks that less than 80 firms can actually deliver.
Around 150 vendors claim to offer account opening compliance and fraud solutions in banking, but only 32 (21.3%) have the necessary product features to meet buyer demands.
Now I have not purchased the entire Liminal report, and even the Executive Summary (which I do have) is “privileged and confidential” so I can’t reprint it here. But I guess that I can say that Liminal used something called the “Link Score” to determine which vendors made the top category, and which didn’t.
I’m not sure how the vendors who DIDN’T make the top category are reacting to their exclusion, but I can bet that they’re not happy.
Writing about Financial Identity
As you can gather, there are a number of issues that you have to address if you want to employ identity proofing at a financial institution.
And if you’re an identity firm or financial institution, you need to provide the right information to your customers, and write it in a way that will motivate your customers to take the action you want them to take.
Speaking of motivating customers, are you with an identity firm or financial institution and need someone to write your marketing text?
Someone with 29 years of identity/biometric marketing experience?
Someone who consistently tosses around acronyms like ABM, FRVT, KYB, KYC, and PAD, but who would never dump undefined acronyms on your readers? (If you’re not a financial/identity professional and don’t know these acronyms, they stand for anti-money laundering, Face Recognition Vendor Test, Know Your Business, Know Your Customer, and Presentation Attack Detection.)
Someone who will explain why your customers should care about these acronyms, and the benefits a compliant solution provides to them?
If I can help you create your financial identity content, we need to talk.
Bredemarket 