Every identity proofing vendor says the same things — “identity verification,” “fraud prevention,” “biometric security.” But they’re operating in completely different parts of the identity stack. Search “best identity verification vendor” and you’ll get liveness detection specialists, document verification platforms, behavioural biometrics engines, and full-stack solutions all sitting on the same results page with nothing to help you sort them out.
That leads to false comparisons. Evaluating iProov against Jumio as if they’re competitors wastes your procurement time — they’re not in the same category. This guide maps the vendor landscape by functional layer, assigns named vendors to each layer, and gives you certification-based evaluation criteria per layer. It builds on the modern identity proofing stack and the signal-layer architecture each vendor implements covered in companion articles.
How do you map the identity proofing vendor landscape by functional layer rather than marketing claim?
There are six distinct functional layers: liveness detection, document verification, behavioural biometrics, device intelligence, workforce proofing, and identity governance and administration (IGA/IAM). Liveness confirms a live human is present. Document verification confirms the document is genuine. Behavioural biometrics detects synthetic identities by monitoring interaction patterns after onboarding. Device intelligence flags anomalous sessions before biometric checks happen. Workforce proofing verifies employees during remote hiring. IGA/IAM manages what verified identities can access.
Vendors sit in these layers differently. iProov is a liveness-only specialist. Microblink anchors in document verification and extends into liveness. Feedzai straddles behavioural biometrics and device intelligence. HYPR Affirm is purpose-built for workforce proofing. SailPoint, Okta, and CyberArk represent the IGA/IAM baseline. Facephi is a multi-layer integrated platform.
Flat comparison tables that put iProov, Jumio, Sumsub, and Onfido in adjacent columns mislead buyers — those vendors don’t occupy the same position in the stack. The evaluation criteria for liveness (iBeta PAD Level 2, eIDAS LoA High) are entirely irrelevant for behavioural biometrics vendors. Work out which layers your use case requires first, then evaluate vendors within each layer using layer-specific criteria.
What should you require from a liveness detection vendor?
The certification floor is clear: iBeta PAD Level 2 under ISO/IEC 30107-3, conducted by a NIST NVLAP-accredited lab. The key metric is IAMPR — Imposter Attack Match Pass Rate. Any vendor claiming liveness capability without independently verified 0% IAMPR under iBeta Level 2 testing hasn’t demonstrated it to an acceptable standard.
Beyond PAD, most evaluations miss injection attack detection (IAD). Presentation attacks are physical — a printed photo, a screen replay, a 3D mask. Injection attacks are digital — synthetic video inserted directly into the camera data pipeline, bypassing the physical camera entirely. They require different detection approaches. iProov is the reference for full certification: Flashmark passive liveness, iBeta PAD Level 1 and Level 2 (0% IAMPR), CEN/TS 18099 Ingenium Level 4 (the highest injection attack detection rating), eIDAS LoA High, and NIST SP 800-63-4 first-vendor validation. It’s been independently tested by the UK Home Office and US Department of Homeland Security.
Regional requirements matter here. EU deployments need eIDAS LoA High, Australian deployments need IRAP IPD certification, and US regulated industries need NIST SP 800-63-4 IAL2 alignment. From 2026, NIST guidelines will mandate that systems distinguish a live webcam from a virtual camera — making IAD a forward compliance requirement, not a premium feature.
On active vs passive liveness: both can achieve iBeta PAD Level 2. Security depends on detection technology, not the method. Passive liveness reduces friction and abandonment. A risk-based hybrid — passive for routine sessions, active escalation for elevated risk — is the practical approach for most companies. For certification standards to require from vendors, see the companion regulatory guide.
How do you evaluate behavioural biometrics and device intelligence vendors?
These two layers are adjacent and often combined, so get the distinction right first. Behavioural biometrics monitors how people interact with devices — keystroke cadence, mouse trajectory, touch pressure — continuously in the background to detect synthetic identities without user friction. Device intelligence identifies the device itself and flags suspicious sessions before biometric checks begin.
The critical question to ask every device intelligence vendor: static fingerprinting or ML-based behavioural intelligence? Static fingerprinting builds a fixed ID for a device. Behavioural intelligence reads behaviour over time, session context, and relationship to other entities. As Feedzai’s Stuart Dobbie puts it: “The idea of a device ID as a persistent, static identifier is dead.”
Feedzai operates across both layers in a single ML platform — device fingerprinting, behavioural analysis, real-time risk scoring — with low-risk sessions passing without friction and high-risk sessions triggering step-up authentication. CrossClassify offers industry-specific synthetic fraud playbooks for FinTech, healthcare, crypto, and iGaming — tuned to sector-specific fraud patterns rather than a generic model applied to all.
Proof (formerly Notarize) integrates device intelligence with identity verification through its Defend product; Visa Ventures invested in November 2025. Equifax is not a direct procurement for verification — it’s a fraud signal feed proofing platforms consume. Use it as a risk input at account origination, not as standalone proofing.
What makes a document verification vendor suitable for modern identity proofing?
Document verification confirms an identity document is genuine. The bar has risen — deepfake and forgery tooling is consumer-accessible now. US Treasury’s FinCEN issued a formal alert in 2024 about AI-generated document images in identity fraud.
Here’s what to evaluate vendors on: document type and country coverage (the capability floor), forgery detection depth (digital manipulation and AI-generated images, not just physical tampering), liveness integration (binding the document to a live person in a single flow), and deepfake detection.
Microblink is the reference for this layer. Its platform accepts 2,500+ document types from 150+ countries. BlinkID requires zero user interaction and benchmarks at five times faster than alternatives. In February 2026, Microblink won the World AI Cannes Festival Excellence Award for using Generative AI to combat AI-driven fraud through its Fraud Lab.
The liveness integration criterion matters more than it looks. A genuine passport presented by the wrong person passes document checks but fails liveness. Document-only verification leaves that gap wide open. Microblink’s Know Your Actor (KYA) framing signals where the market is heading: continuous behavioural monitoring of the actor — human or AI agent — across the session lifecycle, not just a single onboarding check. KYA tells you which vendors are building in the right direction.
Which vendors cover workforce identity proofing specifically?
Workforce proofing is the most underserved layer. Most identity vendors target customer-facing KYC onboarding and leave a gap for companies verifying employees and contractors during remote hiring. North Korean IT workers infiltrated Fortune 500 companies in 2025. HYPR’s 2025 State of Passwordless Identity Assurance report found 95% of organisations experienced a deepfake incident in the past year.
HYPR Affirm is purpose-built for this use case: government ID verification with fraud detection, liveness and facial matching, location and device checks, and frictionless remote workflows. It integrates with ATS platforms including Greenhouse and Lever — the HR system integration that customer-facing KYC vendors consistently fail to provide.
IAL2 in plain language: NIST SP 800-63-4 requires three things — verify a government-issued photo ID, confirm the person is physically present (liveness), and match the live face to the ID photo. HYPR Affirm implements all three for HR onboarding.
Evaluation criteria to apply: IAL2 alignment (all three proofing elements), HR system integration (HRIS and ATS connectivity), and candidate friction management. Use adaptive screening — basic verification for lower-risk roles, full IAL2 proofing for privileged-access roles. For independent research, Liminal‘s Workforce Onboarding Demo Day featured eight vendors across three real-world use cases — a solid starting point before committing to an RFP. That is a solid starting point before committing to an RFP.
How do legacy IGA platforms compare to AI-native entitlement intelligence?
IGA and IAM form the post-proofing layer — managing what verified identities can access, for how long, and under what conditions. They don’t perform proofing, but they complete the procurement picture.
SailPoint handles entitlement lifecycle and access reviews. Okta manages identity and access policies across applications. CyberArk handles privileged access management. All rely on manual access certification campaigns — slow, rubber-stamp prone, and leaving entitlement drift accumulating between review cycles. Opti is the AI-native alternative: ML-based analysis of access patterns that identifies over-provisioned entitlements and recommends changes in real time rather than quarterly.
For SMB buyers, the question isn’t “replace SailPoint with Opti.” It’s whether your current platform gives adequate visibility into entitlement drift, and whether an AI-native layer adds proportional value. For most 50-500 employee companies, the proofing layers deserve procurement priority. IGA/IAM becomes proportionally more critical as headcount and regulated data access grow.
When does best-of-breed beat an integrated platform — and vice versa?
The core choice: assemble a best-of-breed stack (iProov for liveness, Microblink for documents, Feedzai for behavioural signals, HYPR Affirm for workforce proofing) or procure an integrated platform (Facephi, Jumio, Sumsub) covering multiple layers under one contract.
Best-of-breed gives you the strongest capability per layer, the ability to swap an underperforming vendor without replacing the whole stack, and no lock-in across all proofing functions. The cost is higher integration complexity, multiple vendor contracts, and potential capability gaps at layer boundaries. Integrated platforms give you a single vendor relationship, unified API, faster deployment, and lower engineering burden. The risk is uneven capability across layers and lock-in across the entire proofing function.
Facephi is the integrated platform reference: new account fraud prevention (document capture, liveness, biometric matching, deepfake detection), account takeover prevention (behavioural biometrics, device intelligence, dynamic step-up), and AML transaction monitoring — across banking, FinTech, crypto, government, and insurance verticals.
The decision is simpler than it looks. Fewer than two engineers dedicated to identity infrastructure? Go integrated. Operating in a regulated vertical that requires layer-specific certifications? Go best-of-breed, and verify any integrated platform meets certification standards per layer rather than assuming platform-wide compliance covers every function.
Three pricing structures to know: per-check (unpredictable when abandoned checks accumulate), platform fee (more predictable, requires volume estimates upfront), and pay-for-success — iDenfy charges only for successful verifications. For early-stage SMBs with unpredictable onboarding volumes, pay-for-success removes the risk of paying for failed or abandoned checks. For the full stack architecture overview, see the modern identity proofing stack.
Frequently Asked Questions
Is iProov the only vendor with iBeta PAD Level 2 certification?
No. iBeta has certified multiple vendors under ISO/IEC 30107-3 Level 2. iProov is notable for achieving 0% IAMPR at both levels and holding additional certifications — eIDAS LoA High, CEN/TS 18099 Ingenium Level 4, NIST SP 800-63-4 first-vendor validation — that go beyond iBeta PAD alone. Ask any vendor claiming Level 2 compliance for the actual test report, report number, and date.
Can I use the same vendor for customer onboarding and workforce identity proofing?
Sometimes, but workforce proofing requires IAL2 alignment, HR system integration (ATS and HRIS connectivity), and candidate experience management that customer-facing KYC vendors don’t typically address. HYPR Affirm is purpose-built for the workforce use case. Check whether your onboarding vendor’s modules can actually be repurposed for HR workflows before assuming one vendor covers both.
How do I build a shortlist of vendors to evaluate?
Start with the functional layer map: identify which layers your use case requires. Filter vendors per layer using the certification criteria in this guide. Liminal’s workforce identity research is an independent source for shortlisting. Request iBeta test reports, integration documentation, and reference customers in your vertical before moving to RFP.
What is the difference between PAD and IAD in liveness detection?
PAD identifies physical spoofing — printed photos, video replays, 3D masks. IAD identifies synthetic video inserted directly into the camera data pipeline, bypassing the physical camera entirely. IAD is governed by CEN/TS 18099. Most vendors don’t yet publicly certify against it — which is exactly why you should ask.
Do I need IAL2-level identity proofing for my SaaS company?
IAL2 is required for financial services, healthcare, government contracts, or any context where a wrong identity carries significant consequences. For general SaaS onboarding without regulatory mandates, a well-implemented liveness plus document verification flow with iBeta Level 2 certified liveness may be sufficient. For workforce proofing of privileged-access roles, IAL2 alignment is advisable regardless.
What does “passive liveness” mean and is it less secure than “active liveness”?
Passive liveness requires no user action — the system analyses a face capture during normal interaction. Active liveness asks users to perform an action. Both can achieve iBeta PAD Level 2. Security depends on detection technology, not the method.
How does Microblink’s Know Your Actor framework differ from standard document verification?
Standard document verification confirms a document is genuine at onboarding. KYA extends this to continuous behavioural monitoring of the actor — human or AI agent — across the session lifecycle. For most SMB buyers today, focus on document verification depth and liveness integration quality. KYA tells you which vendors are building in the right direction.
What pricing models should SMB companies expect from identity proofing vendors?
Three common models: per-check (charged per verification attempt including denied ones), platform fee (subscription with volume allocation), and pay-for-success (iDenfy charges only for successful verifications). For SMBs with unpredictable onboarding volumes, pay-for-success removes the risk of paying for failed or abandoned checks.
Why are SailPoint, Okta, and CyberArk listed in an identity proofing guide?
To complete the functional layer map. IGA/IAM platforms manage access after proofing — provisioning, entitlement lifecycle, privileged access. They don’t perform proofing, but a comprehensive procurement view must account for how proofed identities flow into access management. Opti is the AI-native emerging alternative.
What is Equifax’s role in identity proofing?
Equifax is not a vendor you procure directly for verification. It provides synthetic identity fraud alerts and ML-based detection that feed into fraud prevention at account origination — a signal source that identity proofing platforms consume. Use it as a risk input, not a standalone proofing capability.
Can one vendor handle my entire identity proofing stack?
Integrated platforms like Facephi, Jumio, and Sumsub offer multi-layer coverage from a single vendor. Whether they should handle your entire stack depends on regulatory requirements, engineering capacity, and risk tolerance. If specific layers require specific certifications, verify that the integrated vendor meets those standards per layer.
How do I verify a vendor’s certification claims are legitimate?
Request the actual test report, not a marketing summary. iBeta PAD Level 2 results are issued by iBeta Quality Assurance under NIST NVLAP accreditation — ask for the report number and date. For eIDAS LoA High, ask which EU notified body conducted the conformity assessment. For CEN/TS 18099, ask for the Ingenium Level achieved and which laboratory performed the evaluation.
