Verification-architecture · Dec 20, 2025 · 10 minute read

Identity Farming: Lock One Identity to One Candidate

A verification architecture playbook to stop one verified person from completing assessments and AI interviews for many identities, without slowing your funnel.

IntegrityLens key visual

Dr. Aris Vlahos

Chief Scientist, Identity

Aris researches biometric verification, liveness detection, and anti-spoofing at scale.

Identity farming is not a screening problem. It is an identity binding problem across the whole funnel.
Back to all posts

The incident pattern: one verified human, many candidate IDs

You usually do not catch identity farming in the first week because every individual step looks valid. The farm succeeds by staying below thresholds and exploiting tool boundaries: ATS sees a candidate, assessment sees a session, video tool sees a participant, and none of them agree on "who" completed the work. Watch for these operator signals: - Many candidate records with different names but a tight cluster of devices, networks, or timing. - High assessment velocity: start to submit times that are consistently optimized, even across different seniority levels. - "Perfect" handoffs: AI screen responses that read like one voice across multiple candidates, followed by inconsistent live interview performance later.

  • You will leave with a concrete control plan: passive detection, step-up verification gates, manual review SLAs, and a defensible Evidence Pack per candidate.

Why this becomes a revenue problem fast

Identity farming creates three kinds of funnel leakage that show up in RevOps metrics even if HR never labels them as fraud: - Capacity burn: interviewer time gets spent validating a persona, not evaluating a person. - Conversion distortion: you optimize your funnel on fake signal, then wonder why offer accept or ramp metrics degrade. - Customer trust debt: if a bad hire mishandles data, misses delivery, or triggers an audit finding, Sales inherits the conversation. One hard stat to calibrate risk appetite: 31% of hiring managers say they have interviewed a candidate who later turned out to be using a false identity (Checkr, 2025). Directionally, this suggests the problem is not rare in manager experience. It does not prove prevalence in your industry, nor that every case is identity farming versus other identity issues.

  • Speed: you cannot add minutes to every candidate step.

  • Cost: you cannot staff a large review team.

  • Risk: you need defensible decisions if a candidate appeals or an auditor asks.

  • Reputation: you need to show you took reasonable controls, not that you caught every edge case.

Ownership, automation, and sources of truth

If you do not name owners, identity farming becomes a blame carousel across TA, Security, and hiring managers. Recommended operating model: - Recruiting Ops owns workflow design in the ATS and the SLA for exceptions. - Security owns risk policy, retention rules, and audit readiness. - Hiring managers own final decisions, but only using Evidence Pack artifacts, not gut feel. What gets automated vs reviewed: - Automated: passive signal scoring, duplicate cluster detection, and step-up triggers. - Manual review: only the high-risk tail, with clear dispositions (approve, step-up, reject, request retry). Sources of truth: - ATS is the record of candidacy, stage, and decision. - Verification service is the record of identity state transitions and evidence hashes. - Interview and assessment systems are the record of session integrity signals (joined-from, timing, proctor flags).

  • Default path stays fast: only step up when risk score crosses your threshold.

  • Manual review queue should have a same-business-day SLA for revenue-critical roles.

Risk-tiered verification architecture for identity farming

Identity farming is best stopped by binding identity to each high-leverage moment, not by repeating the same check everywhere. Think in layers, with passive signals as the first line of defense and step-up checks reserved for risk. Layer 1: Passive signals (low friction) - Device fingerprint consistency across candidates (same device, many identities). - Network anomalies: repeated IP ranges, hosting providers, VPN patterns, impossible travel signals. - Behavior telemetry: copy-paste bursts, tab switching, focus loss, unusually uniform response times. Layer 2: Session binding (moderate friction) - Re-auth at assessment start: quick face match and liveness to confirm the verified person is present. - "Same person" check at submission: lightweight voice or face confirmation when risk stays elevated. Layer 3: Step-up verification (high friction, rare) - Document + face + voice bundle when cluster detection indicates farming behavior. - Human review with side-by-side evidence, not raw biometric storage. Important: verification is a continuous state. A candidate can be Verified at apply, Elevated during assessment, and Cleared again after a successful step-up. Treat it like access management.

  • Start with conservative thresholds that prioritize candidate flow, then tighten based on false positive rates.

  • Track reviewer fatigue: if more than a small tail hits manual review, your passive model is too noisy.

Step-by-step rollout that does not stall pipeline

  • One verified human must map to one ATS candidate record at a time. Multiple records linked to the same biometric match is an automatic Elevated state, not an instant rejection. - Ensure AI screens and coding assessments emit consistent session IDs and device/network metadata so you can correlate across tools. - Before assessment start and before submission. This prevents the farm from swapping in the real person after the work is done. - If ID will not scan or liveness fails, offer a guided retry and a scheduled live verification slot. Do not strand legit candidates in limbo. - Reviewers need a decision tree: what evidence is sufficient, when to request re-capture, when to escalate to Security, and how to document outcomes. - Weekly exception report: top device clusters, repeated network blocks, highest risk stages, and time-to-clear elevated candidates.

  1. Define the identity binding rule

  2. Instrument passive signals end-to-end

  3. Add step-up gates at the two highest leverage points

  4. Create a fast fallback path

  5. Build the manual review playbook

  6. Close the loop with reporting

  • Offer one-click retry with clear instructions and a timer.

  • Allow alternate document types where policy permits.

  • Provide an appeal path that is logged and time-bound.

A policy artifact you can ship to ops this week

This example policy shows how to detect likely identity farming clusters and trigger step-up verification only when warranted. It assumes IntegrityLens events land in your analytics warehouse or SIEM via idempotent webhooks.

Anti-patterns that make fraud worse

  • Treating verification as a single gate at apply, then assuming the same person took the test. - Auto-rejecting every anomaly, which trains fraudsters and increases false positives that hurt funnel velocity. - Letting evidence live in screenshots and Slack threads instead of an ATS-linked Evidence Pack.

Where IntegrityLens fits

IntegrityLens AI is built for teams who need one defensible hiring pipeline instead of stitched-together point solutions. It combines ATS workflow + biometric identity verification + fraud detection + AI screening interviews + coding assessments, so identity state follows the candidate across stages. In this architecture, TA leaders and recruiting ops teams configure the workflow and exception SLAs, while CISOs define policy thresholds and audit controls. IntegrityLens supports Risk-Tiered Verification, Evidence Packs tied to the ATS record, Zero-Retention Biometrics options, and Idempotent Webhooks to feed your warehouse or SIEM. The goal is simple: keep the default path fast, and only slow down candidates when passive signals justify it.

  • Identity verified in under three minutes before interviews when needed

  • 24/7 AI interviews to reduce scheduling friction

  • 40+ programming languages supported for assessments

  • 256-bit AES encryption baseline plus SOC 2 Type II and ISO 27001-certified infrastructure foundations

What to measure so you can defend it later

For RevOps, the win is not catching every bad actor. It is running a process that is fast, consistent, and explainable under scrutiny. Track these metrics weekly: - Step-up rate by role and source (to spot targeted attacks or mis-tuned thresholds). - False positive rate from manual review outcomes (to prevent over-blocking). - Time-in-elevated-state (to protect candidate experience and conversion). - Cluster recurrence: repeated device/network groups after controls ship (to validate deterrence). - Evidence Pack completeness rate (audit readiness).

  • Verification timestamps and outcomes per stage

  • Session binding events (start, submission)

  • Risk signals and thresholds that triggered step-up

  • Reviewer disposition and notes

  • Retention and access logs

Sources

31% of hiring managers report interviewing someone later found using a false identity (Checkr, 2025): https://checkr.com/resources/articles/hiring-hoax-manager-survey-2025 Replacement cost estimates of 50-200% of salary (role-dependent) (SHRM): https://www.shrm.org/in/topics-tools/news/blogs/why-ignoring-exit-data-is-costing-you-talent

Related Resources

Key takeaways

  • Treat verification as a continuous state, not a one-time gate at application.
  • Use passive signals first (device, network, behavior) to keep latency low and reduce reviewer fatigue.
  • Bind identity to the assessment session with step-up checks only when risk signals justify it.
  • Design fallbacks so legit candidates do not get stuck when documents or biometrics fail.
  • Produce an Evidence Pack per candidate so Sales, Security, and Legal can defend decisions later.
Identity farming detection + step-up policy (ops-ready)YAML policy

Use passive signals to identify likely farming clusters, then trigger step-up verification at assessment start or submission. Store evidence references, not raw biometric data, and keep decisions tied to the ATS candidate record.

version: 1
policy:
  name: identity-farming-stepup
  objective: "Bind one verified human to one ATS candidate across screens and assessments"
  scope:
    roles: ["sales-engineering", "revops-analytics", "customer-success", "engineering"]
    stages: ["ai-screen", "coding-assessment", "live-interview"]
  sources_of_truth:
    ats: "IntegrityLens ATS"
    verification: "IntegrityLens Verification"
    assessments: "IntegrityLens Assessments"
  signals:
    passive:
      device_fingerprint_reuse:
        description: "Same device fingerprint observed across multiple candidate_ids in 7 days"
        window: "7d"
        thresholds:
          warn_unique_candidates: 3
          stepup_unique_candidates: 5
      ip_reuse:
        description: "Same public IP observed across multiple candidate_ids in 24h"
        window: "24h"
        thresholds:
          warn_unique_candidates: 4
          stepup_unique_candidates: 8
      session_velocity:
        description: "Unusually fast completion time for assessment"
        thresholds:
          warn_percentile: 2   # bottom 2% duration (illustrative threshold)
          stepup_percentile: 1
      behavior_anomalies:
        indicators:
          - "tab_focus_lost_gt_6"
          - "paste_events_gt_10"
          - "typing_burst_pattern_high"
  risk_scoring:
    weights:
      device_fingerprint_reuse: 45
      ip_reuse: 20
      session_velocity: 20
      behavior_anomalies: 15
    bands:
      low: { max: 29 }
      elevated: { min: 30, max: 59 }
      high: { min: 60 }
  actions:
    on_stage_enter:
      coding_assessment:
        if_risk_band:
          low:
            - action: "allow"
          elevated:
            - action: "bind-session"
              method: "face-liveness"
              max_added_latency_seconds: 30
            - action: "create-evidence-pack-entry"
              fields: ["risk_score", "signals", "session_id"]
          high:
            - action: "step-up-verification"
              method: "document+face+voice"
              expected_time_minutes: "2-3"
            - action: "route-to-manual-review"
              sla_hours: 8
    on_submission:
      coding_assessment:
        if_risk_band:
          elevated:
            - action: "re-bind"
              method: "voice-match"
              max_added_latency_seconds: 20
          high:
            - action: "hold-result"
            - action: "step-up-verification"
              method: "face-liveness"
  privacy:
    biometric_retention: "zero-retention"  # store match result + evidence reference, not raw templates
    encryption: "AES-256"
    access_controls:
      reviewers: ["recruiting-ops", "security"]
      least_privilege: true
  webhooks:
    delivery: "idempotent"
    events:
      - "verification.state.changed"
      - "risk.band.changed"
      - "assessment.session.bound"
      - "evidence_pack.updated"

Outcome proof: What changes

Before

Verification happened once at application. Assessment sessions were not bound to the verified identity, so a single farm operator could repeatedly complete tests for different candidate records without triggering consistent flags.

After

Passive signals began clustering repeated devices and networks across candidate records. Risk-Tiered Verification added fast session binding at assessment start and a step-up only for elevated or high-risk sessions. Decisions were documented in ATS-linked Evidence Packs, reducing dispute time and making exceptions reviewable.

Governance Notes: Legal and Security signed off because the design minimizes data exposure: Zero-Retention Biometrics options, clear retention limits for evidence artifacts, role-based access controls for reviewers, and an appeal flow that is logged and time-bound. Evidence Packs keep decisions defensible without storing raw biometric data, and encryption (256-bit AES baseline) plus SOC 2 Type II and ISO 27001-certified infrastructure foundations support control assertions.

Implementation checklist

  • Define "one identity to one candidate" policy and the signals that trigger step-up verification.
  • Instrument passive signals across AI screening + coding assessments (device, IP, velocity, tab focus).
  • Add step-up checks at high-leverage points: before AI interview, before assessment start, before submission.
  • Create a manual review queue with tight SLAs and clear dispositions.
  • Set retention rules: store evidence, not raw biometrics (zero-retention where possible).
  • Run a weekly exception report: repeated device/network clusters, repeat voice/face matches, high-velocity sessions.

Questions we hear from teams

Will step-up verification slow down every candidate?
Not if you lead with passive signals and only step up on elevated or high risk bands. The default path stays fast, and the added friction is reserved for the small tail that looks like farming behavior.
What if a legitimate candidate shares a network (coworking, campus, family)?
Treat clusters as a trigger for session binding, not an automatic rejection. Combine device signals, behavior telemetry, and verification state transitions, then use a quick re-bind step before escalating.
How do we prevent reviewer fatigue?
Tune thresholds so manual review is rare, and require each review decision to map to a disposition code. Monitor false positive rates and time-in-elevated-state weekly, then adjust weights before adding more checks.

Ready to secure your hiring pipeline?

Let IntegrityLens help you verify identity, stop proxy interviews, and standardize screening from first touch to final offer.

Try it free Book a demo

Watch IntegrityLens in action

See how IntegrityLens verifies identity, detects proxy interviewing, and standardizes screening with AI interviews and coding assessments.

Related resources