Skipping the “leading provider” stuff, we get to this:
“Integrated Biometrics (IB)…formally announced today the launch of IB360, transforming the speed and cost to deploy identity systems. The IB360 platform is a low-code toolset of SDK-based software modules that allows our partners and integrators to more efficiently create biometric identity-based solutions with minimal development cycles.”
I’ve written about the fake recruiters who InMail you about a great position with their company. I shut up the fakes by requesting their corporate email address at their supposed employer. But what if LinkedIn could catch them BEFORE they ever sent that InMail to me?
“LinkedIn is looking to take on scammers who falsely present themselves as recruiters or company representatives in the app, with an expansion of its company verification option, while it’s also making workplace verification required when a member adds or updates a leadership or recruiter-related role.”
From HR Dive.
Of course, the proposed Know Your Recruiter system isn’t foolproof; nothing is. Scammers can avoid the LinkedIn verification step by simply NOT choosing a leadership or recruiter-related job title.
Imagen 4.
And as much as people like me wish that people would care about verified identities…many don’t.
If “Jones Jay” from Microsoft sends jobseekers an InMail about a wonderful position,
some will blindly respond without even looking at Jones Jay’s LinkedIn profile at all,
much less checking whether his identity and employer are verified.
But at least the attempt demonstrates that LinkedIn cares more about their real users than about the scammers who pay for Premium.
I’m conducting an experiment in which an AI bot, “Bredebot,” is writing on the Bredemarket blog and on LinkedIn with almost no restrictions.
Don’t do this at home. It’s not a good idea.
This post describes an example in which Bredebot misses a critically important point about Bredemarket’s target audience in the identity/biometric industry.
“The true competitive advantage isn’t the Al tools themselves but how you use them. Your unique processes for data capture, knowledge management, and building trust are the real ‘moat.’ Al becomes powerful when it’s integrated with your proprietary insights and context, making your approach impossible to replicate.”
Moat. I like that. Imagen 4 (via Bredebot.)
Mabry also advocates including a human in the loop: his firm, Fast + Light, always asks at least one human (preferably two) to review all AI-generated content.
In my Bredebot experiment, I rarely edit what Bredebot says. If you know me, it’s very obvious that Bredebot wrote this and I didn’t.
“Building Trust: In the identity and biometrics space, trust isn’t just a nice-to-have; it’s paramount. If customers don’t trust you with their most sensitive data, you simply don’t have a business. Your processes for privacy, security, transparency, and ethical AI usage are not just compliance requirements; they are fundamental differentiators. How you communicate these efforts, how you manage data breaches (heaven forbid!), and how you constantly reinforce your commitment to security are all part of this trust-building moat. This is where your wombat customers, usually burrowing away, will emerge to praise (or criticize) your efforts.”
While I certainly agree with the sentiment, and obviously don’t mind the reference to wombats, I would have made one change.
The t word
I would have modified Bredebot’s use of the T word. Just because Mabry used it doesn’t mean that Bredebot has to do the same.
“Now perhaps some of you would argue that trust is essential to identity verification in the same way that water is essential to an ocean, and that therefore EVERYBODY HAS to use the t-word in their communications.
Are you a technology marketing leader, struggling to market your products to your prospects for maximum awareness, consideration, and conversion?
I’m John E. Bredehoft. For over 30 years, I’ve created strategy and tactics to market technical products for over 20 B2B/B2G companies and consulting clients.
The information in this post is taken from the summary of this year’s Biometrics Institute Industry Survey and is presented under the following authority:
“You are welcome to use the information from this survey with a reference to its source, Biometrics Institute Industry Survey 2025. The full report, slides and graphics are available to Biometrics Institute members.”
But even the freebie stuff is valuable, including this citation of two concerns expressed by survey respondents:
“Against a backdrop of ongoing concerns around deepfakes, 85% agreed or agreed strongly that deepfake technology poses a significant threat to the future of biometric recognition, which was similar to 2024. “And two thirds of respondents (67%) agreed or agreed strongly that supervised biometric capture is crucial to safeguard against spoofing and injection attacks.”
IAL3 requires “[p]hysical presence” for identity proofing. However, the proofing agent may “attend the identity proofing session via a CSP-controlled kiosk or device.” In other words, supervised enrollment.
Now remote supervised enrollment and even in-person supervised enrollment is not a 100.00000% guard against deepfakes. The subject could be wearing a REALLY REALLY good mask. But it’s better than unsupervised enrollment.
Have you ever used the phrase “sort of unique”? Something is either unique or it isn’t. And International Mobile Equipment Identity (IMEI) numbers fail the uniquness test.
Claims that International Mobile Equipment Identity (IMEI) numbers are unique
Here’s what a few companies say about the IMEI number on each mobile phone. Emphasis mine.
Thales: “The IMEI (International Mobile Equipment Identity) number is a unique 15-digit serial number for identifying a device; every mobile phone in the world has one.”
Verizon: “An IMEI stands for International Mobile Equipment Identity. Think of it as your phone’s fingerprint — it’s a 15-digit number unique to each device.”
Blue Goat Cyber: “In today’s interconnected world, where our smartphones have become an indispensable part of our lives, it is essential to understand the concept of IMEI – the International Mobile Equipment Identity. This unique identifier plays a crucial role in various aspects of our mobile devices, from security to tracking and repairs.”
These and other descriptions of the IMEI prominently use the word “unique.” Not “sort of unique,” but “unique.”
Which means (for non-person entities, just like persons) that if someone can find a SINGLE reliable instance of more than one mobile phone having the same IMEI number, then the claim of uniqueness falls apart completely.
Examples of non-uniqueness of IMEI numbers on mobile phones
“In theory, hackers can clone a phone using its IMEI, but this requires significant effort. They need physical access to the device or SIM card to extract data, typically using specialized tools.
“The cloning process involves copying the IMEI and other credentials necessary to create a functional duplicate of the phone. However, IMEI number security features in modern devices are designed to prevent unauthorized cloning.”
So don’t claim an IMEI is unique when there is evidence to the contrary. As I said in my April post:
“NOTHING provides 100.00000% security. Not even an IMEI number.”
What does this mean for your identity product?
If you offer an identity product, educate your prospects and avoid unsupportable claims. While a few prospects may be swayed by “100%” claims, the smarter ones will appreciate more supportable statements, such as “Our facial recognition algorithm demonstrated a 0.0022 false non-match rate in the mugshot:mugshot NIST FRTE 1:1 laboratory testing.”
When you are truthful in educating your prospects, they will (apologizes in advance for using this overused word) trust you and become more inclined to buy from you.
If you need help in creating content (blog posts, case studies, white papers, proposals, and many more), work with Bredemarket to create the customer-focused content you need. Book a free meeting with me.
Some technical marketers are expert at spinning soft fluffy stories about how their AI-powered toilet paper can cure cancer…which can be very persuasive as long as the prospects don’t ask any questions.
For example, let’s say you’re telling a Chick-fil-A in Kettering, Ohio that you’ll keep 17 year olds out of their restaurant. Are you ready when the prospect asks, “How do you KNOW that the person without ID is 17 years and 359 days old, and is not 18?”
Or let’s say you’re telling a state voter agency that you’ll enforce voter ID laws. Are you ready when the prospect asks, “How do you KNOW that the voter ID is real and not fake? Or that it is fake and not real?”
Be prepared to answer the tough questions. Expert testimonials. Independent assessments of your product’s accuracy. Customer case studies.
Analyze your product’s weaknesses. (And the threats, if you’re a SWOT groupie.)
How can blog posts increase the awareness of your identity/biometric or technology company’s products and services? I’m going to explain how in this blog post.
Imagine there’s a funnel. It’s easy if you try. But this funnel doesn’t stream water, but people. (Or wombats.)
The funnel. Imagen 4.
In this funnel, the people (or wombats) who are potentially interested in your offering—your prospects—start at the very top. The few who actually buy your offering emerge from the bottom.
But how do you get people to enter the funnel and become aware of your offering?
How can blog posts help you?
One great way to let people know about your offering is by blog posts such as this one.
Blogs are a fast way to tell your prospects how your offering can help them. And you can create blog posts very quickly, within days or even hours.
If you want to make prospects aware of your company’s service, write a blog post.
What can Bredemarket offer to you?
One of Bredemarket’s offerings is…writing blog posts for other companies. I can help your identity/biometric or technology company write blog posts so you can get more people to learn about your services.
If you want to learn how I can help your company write blog posts, visit bredemarket.com/mark.
For our purposes, the big difference between IAL2 and IAL3 is that IAL2 allows “either remote or physically-present identity proofing,” while IAL3 requires “[p]hysical presence” for identity proofing. However, the proofing agent may “attend the identity proofing session via a CSP-controlled kiosk or device.” In other words, supervised enrollment.
“IAL3 is reserved for high-risk environments such as sensitive government services.”
How are solutions approved for a particular Identity Assurance Level?
Now I could get on my product marketing soapbox and loudly proclaim that my service is IAL2 compliant, or IAL3 compliant, or IAL4 compliant. (“What? You don’t know about IAL4? Obviously you’re not authorized to know about it.”)
“Available to Credential Service Providers offering Full or Component Credential Management Services. Modeled on best practice (drawing from, among other sources, ISO/IEC 27001, ISO/IEC 29115), this Class of Approval ensures the provider organization’s good standing and management / operational practices and assesses criteria which are derived strictly from NIST SP 800-63 rev.3 requirements, ensuring a conformant technical provision of the provider organization’s service.
You see that the Kantara Initiative doesn’t even offer an approval for IAL1, just for IAL2 and IAL3.
It also offers approvals for AAL2 and AAL3. I’ve previously discussed Authenticator Assurance Levels (AALs) in this post. Briefly, IALs focus on the initial identity proofing, while AALs focus on the authentication of a proven identity.
Component Services IAL2 approvals…and an IAL3 approval
Now if you go to the Kantara Initiative’s Trust Status List and focus on the Component Services, you’ll see a number of companies and their component services which are approved for NIST 800-63 rev.3 and offer an assurance level of IAL2.
With one exception.
“NextgenID Trusted Services Solution provides Supervised Remote Identity Proofing identity stations to collect, review, validate, proof, and package IAL-3 identity evidence and enrollment data for CSPs operating at IAL-3. The NextGenID TSS Identity Stations enable remote operators to remotely supervise NIST SP 800-63A compliant Supervised Remote Identity Proofing (SRIP) sessions for credentialing.”
So if remote identity assurance is not good enough for you, there’s a solution. I’ve already discussed NextgenID’s SUPERVISED remote identity proofing in this post. And there’s a video.
But clearly biometric product marketers are paying attention to the identity assurance levels…at least the real ones (not IAL4). But are they communicating benefit-oriented messages to their prospects?
Biometric product marketing has to be targeted to the right people, with the right message. And the biometric product marketing expert at Bredemarket can help a company’s marketing organization create effective content. Talk to Bredemarket.
Bredemarket 