Identity/biometrics/technology marketing and writing services
If you have a database of people worldwide, you can use irises to see whether someone is in the database or not.
This lets you buy the world a Coke. One per person.
But it doesn’t tell you WHO they are.
For that you need to test them against the factors of identity verification and authentication.
All six of them.
Learn more. Purchase the ebook.
One important thing about factors is that they are independent of each other.
The fact that a person has a particular password bears no relation to the fact that a person has a particular fingerprint ridge structure.
And even modalities within a factor may be independent of each other. When Motorola sold its Biometric Business Unit to Safran in 2009, I joined a company (MorphoTrak) that promoted three biometric modalities: finger, face, and iris. While all three biometrics came from the same person, there was no relationship between any of them. Knowing a person’s right forefinger did not tell you what the person’s iris was like. (But beware: driver’s licenses and passports share information, such as dates of birth.)
If you have a critical security issue, you don’t want to depend upon just one factor, or one modality.
Double or triple them up by requiring multiple identity verifications and authentications with unrelated modalities and factors.
Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”
Imagine if we didn’t have identity verification and authentication.
I could walk into a luxury car dealership and buy a car, telling the salesperson that my name is Bill Gates. I could buy the car, and Gates would get the bill.
Sounds great…until someone impersonates YOU and gets YOUR money.
Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”
I once tried to see if non-human identities could verify and authenticate with the six human factors. (Yeah, six. Watch for the book.)
In reality, non-human identities use entirely different authentication methods…with their own acronyms. For example:
“SPIFFE and SPIRE provide strongly attested, cryptographic identities to workloads across a wide variety of platforms”
That wide variety of platforms is distributed.
“SPIFFE and SPIRE provide a uniform identity control plane across modern and heterogeneous infrastructure. Since software and application architectures have grown substantially, they are spread across virtual machines in public clouds and private data centers.”
Distinguishing between the two, the SPIFFE Project “defines a framework and set of standards for identifying and securing communications between application services, while the runtime environment SPIRE “is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms.”
Forget all that. Let’s get to the benefits.
Enable defense in depth: Provide strongly attested identities to reduce the likelihood of breach through credential comprise
Reduce operational complexity: Consistent, automated management of identity reduces the burden of devops teams
Interoperability: Simplifies the technical aspects of full interoperability across multiple stacks
Compliance and auditability: Enables mutually authenticated TLS and multiple roots of trust to meet regulatory requirements
But does anyone use it? Yes. Take Uber:
“We use SPIRE at Uber to provide identity to workloads running in multiple clouds (GCP, OCI, AWS, on-premise) for a variety of jobs, including stateless services, stateful storage, batch and streaming jobs, CI jobs, workflow executions, infrastructure services, and more. We have worked with the open source community since the early stages of the project in mid-2018 to address production readiness and scalability concerns.”
More here.
Now this is admittedly a whole new world for me, far afield from the usual 12345 and gummy arguments where I usually reside. But since bots will soon outnumber people (if they don’t already), we had all better learn it.
Earlier this month I discussed a class action lawsuit, originated in the United States, from people who believe their privacy is being violated by the use of Kenyan data labelers to view their video output.
And the data labelers themselves are not happy, according to a 404 Media article “AI is African Intelligence.”
Before I get to the Kenyans, let’s talk about the reality of AI. No, AI output is not 100% generated by computers alone. There is often human review.
In some cases human review is understandable. There was a recent brouhaha when it was publicly highlighted that when a Waymo vehicle runs into a problematic situation, Waymo calls upon a human reviewer to intervene. People’s anger about this is pointless: would they prefer that Waymo NOT call upon a human reviewer, and just let the car do whatever?
Back to Kenya and the Data Labelers Association (DLA) reports of what data labelers actually do.
“Every day, Michael Geoffrey Asia spent eight consecutive hours at his laptop in Kenya staring at porn, annotating what was happening in every frame for an AI data labeling company. When he was done with his shift, he started his second job as the human labor behind AI sex bots, sexting with real lonely people he suspected were in the United States. His boss was an algorithm that told him to flit in and out of different personas.”
I’ve previously seen reports about people in the U.S. reviewing shocking material for social media companies, but it’s a heck of a lot cheaper to outsource the work abroad.
Unless the U.S. Government insists on bringing data labeling work to the United States, in the same way that it wants to bring call center jobs back here.
I do offer one caution: there is a lot of data labeling work that is NOT pornographic. In the identity verification industry, data labelers review real and fake faces, real and fake documents, and the like to train AI models. Such work does not have the emotional stress that you get from watching certain videos.
But it’s still hard work.
I recently mentioned again how ALL the identity verification companies use the following two elements in their product marketing:
If you read three marketing messages from three IDV vendors, I defy you to tell them apart. Admittedly my last comparison took place years ago, so I took a fresh look at the 2026 versions. Here are two:
“Industry-leading AI-driven Technology”
“We make it easy to safeguard your customers with AI-driven identity verification.”
Thankfully the companies are finally mentioning differentiators other than trust, but the magic letters AI still persist.
But you can’t really blame the IDV vendors when everyone is injecting the two letter word in their messaging.
20 years ago, anyone who talked about an AI-powered vacuum cleaner would have been relegated to the back of the hall and told to put on his Vulcan ears.
Now we have things like AI pens.
“Handwrite only the critical points. Let Flowtica AI summarize and visualize the rest-audio, photo and even your sketches – into insights. Stay focused in the flow”
And lest you think that such efforts are fringe, Open AI and Jony Ive are reportedly working on one.
But AI pens make as much sense as AI influencers. If you have AI, why do you need the influencers? And if you have AI, why have a pen?
But that won’t stop people from hawking AI pens, and pencils, and erasers, and 3 hole punches, and maybe even…paperclips.
Which IDV solution is this?
I will give you another hint. In addition to using the word “AI” in its product marketing, the company also uses the word trust.
Hope that narrows it down for you.
If your security software enforces a “no bots” policy, you’re only hurting yourself.
Yes, there are some bots you want to keep out.
“Scrapers” that obtain your proprietary data without your consent.
“Ad clickers” from your competitors that drain your budgets.
And, of course, non-human identities that fraudulently crack legitimate human and non-human accounts (ATO, or account takeover).
But there are some bots you want to welcome with open arms.
Such as the indexers, either web crawlers or AI search assistants, that ensure your company and its products are known to search engines and large language models. If you nobot these agents, your prospects may never hear about you.
And what about the buybots—those AI agents designed to make legitimate purchases?
Perhaps a human wants to buy a Beanie Baby, Bitcoin, or airline ticket, but only if the price dips below a certain point. It is physically impossible for a human to monitor prices 24 hours a day, 7 days a week, so the human empowers an AI agent to make the purchase.
Do you want to keep legitimate buyers from buying just because they’re non-human identities?
(Maybe…but that’s another topic. If you’re interested, see what Vish Nandlall said in November about Amazon blocking Perplexity agents.)
According to click fraud fighter Anura in October 2025, 51% of web traffic is non-human bots, and 37% of the total traffic is “bad bots.” Obviously you want to deny the 37%, but you want to allow the 14% “good bots.”
Nobot policies hurt. If your verification, authentication, and authorization solutions are unable to allow good bots, your business will suffer.
Francesco Fabbrocino of Dunmor presented at today’s SoCal Tech Forum at FoundrSpace in Rancho Cucamonga, California. His topic? Technology in FinTech/Fraud Detection. I covered his entire presentation in a running LinkedIn post, but I’d like to focus on one portion here—and my caveat to one of his five rules of fraud detection. (Four-letter word warning.)
In the style of Fight Club, Fabbrocino listed his five rules of fraud detection:
1. Nearly all fraud is based on impersonation.
2. Never expose your fraud prevention techniques.
3. Preventing fraud usually increases friction.
4. Fraud prevention is a business strategy.
5. Whatever you do, fraudsters will adapt to it.
All good points. But I want to dig into rule 2, which is valid…to a point.
If the fraudster presents three different identity verification or authentication factors, and one of them fails, there’s no need to tell the fraudster which one failed. Bad password? Don’t volunteer that information.
In fact, under certain circumstances you may not have to reveal the failure at all. If you are certain this is a fraud attempt, let the fraudster believe that the transaction (such as a wire transfer) was successful. The fraudster will learn the truth soon enough: if not in this fraud attempt, perhaps in the next one.
But “never” is a strong word, and there are some times when you MUST expose your fraud prevention techniques. Let me provide an example.
One common type of fraud is time card fraud, in which an employee claims to start work at 8:00, even though he didn’t show up for work until 8:15. How do you fool the time clock? By buddy punching, where your friend inserts your time card into the time clock precisely at 8, even though you’re not present.
Enter biometric time clocks, in which a worker must use their finger, palm, face, iris, or voice to punch in and out. It’s very hard for your buddy to have your biometric, so this decreases time clock fraud significantly.
Unless you’re an employer in Illinois, or a biometric time clock vendor to employers in Illinois.
And you fail to inform the employees of the purpose for collecting biometrics, and obtain the employees’ explicit consent to collect biometrics for this purpose.
Because that’s a violation of BIPA, Illinois’ Biometric Information Privacy Act. And you can be liable for damages for violating it.
In a case like this, or a case in a jurisdiction governed by some other privacy law, you HAVE to “expose” that you are using an individual’s biometrics as a fraud prevention techniques.
But if there’s no law to the contrary, obfuscate at will.
Now there are a number of companies that fight the many types of fraud that Fabbrocino mentioned. But these companies need to ensure that their prospects and clients understand the benefits of their anti-fraud solutions.
That’s where Bredemarket can help.
As a product marketing consultant, I help identity, biometric, and technology firms market their products to their end clients.
And I can help your firm also.
Read about Bredemarket’s content for tech marketers and book a free meeting with me to discuss your needs.
More information:
Follow-up to this post.
Bredemarket