iProov unveils biometric suite to combat deepfake fraud

iProov has launched a Workforce Solution Suite aimed at reducing identity fraud in corporate environments, with a focus on deepfakes, synthetic identities and social engineering.

The London-headquartered biometric identity verification supplier says the suite verifies "genuine human presence" at points where organisations often rely on credentials, devices and session checks. It is positioned as an additional layer alongside identity and access management controls such as single sign-on, multi-factor authentication and passkeys.

Enterprises have spent heavily on Zero Trust programmes in recent years, but attackers have still found ways to bypass defences by impersonating legitimate users. iProov argues this reflects a structural gap in many corporate identity systems: they authenticate access factors rather than the person presenting them.

Recent incidents have raised the profile of deepfake-enabled fraud and identity deception. The US Department of Justice reported in 2024 that operatives from OFAC-sanctioned nations infiltrated more than 300 companies by using deepfake filters during remote video interviews. Engineering consultancy Arup disclosed that a deepfake video call led to USD $25 million in fraudulent transfers. The Cyber Monitoring Centre said in October 2025 that a social engineering call to an IT help desk triggered the most costly cyber incident in UK history, with estimated losses at Jaguar Land Rover exceeding GBP £1.9 billion and affecting more than 5,000 UK organisations.

Research also points to wider use of deepfake techniques. A Gartner survey published in 2025 found that 62% of organisations had experienced a deepfake attack in the past year.

Workforce use cases

The suite is designed to cover several points in the employee identity lifecycle, including remote hiring and onboarding, shared device access, step-up and privileged access, and account recovery.

Remote hiring and onboarding has become a particular focus as companies expand recruitment across geographies and rely on video interviews and digital document processes. Security practitioners say deepfake filters and synthetic identities can allow an attacker to pass early screening stages and gain access to corporate systems after being hired.

Shared device access is another area where credential controls can weaken. Industries such as logistics, manufacturing and healthcare often have multiple staff using the same terminals, kiosks or rugged devices across shifts. Accountability becomes difficult when passwords are shared or users bypass sign-in steps during busy periods.

Step-up and privileged access refers to additional verification for sensitive actions such as approving payments, changing account settings or accessing restricted systems. Security teams often deploy step-up checks after detecting a risk signal, but these checks still frequently rely on one-time codes or push approvals, which attackers can manipulate through social engineering.

Account recovery remains a common entry point for criminals because it often involves IT help desks and exceptions to normal sign-in policies. Attackers can use persuasion, stolen data or voice spoofing to convince staff to reset credentials. iProov says its approach "re-anchor[s] identity to a verified human from any device without the help desk".

How it fits

The suite is designed to work alongside existing identity security tools, including IAM, identity governance and administration, and privileged access management systems. The aim, iProov says, is to raise assurance at moments when organisations typically rely on credentials and devices.

iProov is positioning biometric verification as an inherence factor, distinct from knowledge factors such as passwords and possession factors such as tokens or phones. It argues biometric checks cannot be lost, stolen or shared in the way credentials can.

The suite is presented as aligning with several security and identity standards and specifications, including NIST SP 800-63-4, FIDO Face Verification, ISO 30107-3 for presentation attack detection, and CEN 18099 for identity assurance.

iProov also says the suite is intended to address threats beyond deepfakes, including insider risk and third-party access. In many organisations, contractors and partners receive credentials and entitlements that are difficult to track across changing assignments. Security teams have also pointed to insider misuse where legitimate access is used for fraudulent activity.

Andrew Bud, founder and CEO of iProov, said the launch responds to a broad set of identity risks.

"Whether it's a deepfake, a stolen credential, or a convincing social engineering call, the common thread in modern identity attacks is deception," said Andrew Bud, Founder and CEO, iProov. "By verifying genuine human presence at critical moments, organizations can keep legitimate business moving quickly and confidently while stopping both AI-driven impersonation and traditional identity attacks."

iProov supplies biometric identity verification technology used in both government and commercial settings. Its customer list includes the US Department of Homeland Security, the UK Home Office, GovTech Singapore, ING and UBS.

iProov says the suite is available for organisations looking to extend identity assurance across hiring, access and recovery processes as fraud techniques evolve and enterprises reassess how they validate users during high-risk interactions.