Identity Impersonation Detection White Paper Read Now

Premium IDV | Trusona
§ 00

Legacy IDV has a 2026 problem.

You came here searching for identity verification. The version most vendors are selling is already breaking. Here is what Premium IDV looks like, and why the rest of the industry is going to follow.

See where IDV is breaking Talk to our team
§ 01

The legacy IDV stack was built for a world that doesn't exist anymore.

Most IDV vendors sell the same setup. A photo of your ID. A selfie. A liveness check to confirm the selfie is a real person and not a static image.

That worked when forgery meant Photoshop and a color printer. In 2026, it does not.

GenAI produces convincing fake driver's licenses in seconds. The signal artifacts that automated document checks used to depend on (font irregularities, hologram positioning, MRZ inconsistencies) are now reproducible by anyone with a modest GPU and a model checkpoint. Liveness, separately, was designed to catch a printed photo or a screen held in front of a camera. It was not designed to catch a real-time face-swap running on a laptop, controlled by a human attacker who can blink and respond to prompts.

And while your verification gate is doing its dance, the actual fraud has moved to the help desk, where a social engineer convinces an agent to bypass the gate entirely.

Layer 01
Photo of government ID // defeated by GenAI document synthesis
Layer 02
Selfie capture // defeated by face-swap models
Layer 03
Liveness challenge // defeated, openly, by every major deepfake toolchain
Layer 04
Help desk override // social engineering bypasses everything above
§ 02

We don't verify a photo. We verify the person.

Premium IDV does not start with a picture of an ID card. It starts with a query to the State DMV that issued the card in the first place.

If the DMV record exists, the name and date of birth match, and the document number is current and not flagged, the identity has been verified at the source. Not at the photograph layer. At the source of truth.

Verification at the source. Not verification at the photograph.

That is one of four checks in our stack. The others answer the questions photo-based IDV cannot answer at all:

Check A
Authoritative source verification // State DMV query
Check B
SIM swap detection // carrier-layer signal
Check C
Man-in-the-middle detection // patented relay catch
Check D
Anti-replay defense // session-bound token validation
Not run
Liveness challenge // GenAI defeated this. We are not pretending otherwise.
§ 03

At a certain point, we stopped calling this IDV.

When you query the source instead of the photograph, when you watch the carrier for SIM swaps, when you catch a man-in-the-middle before the handshake completes, when you refuse to run a liveness test that does not work, you are no longer answering the IDV question.

You are answering a harder one.

IDV asks
Is this credential real?
IID asks
Is the person presenting it actually who they claim to be, on this device, in this moment?

We call the second question Identity Impersonation Detection. IID for short. It is the category Trusona has been building toward for the better part of a decade, and it is where every fraud team eventually lands once they realize their IDV stack is fighting yesterday's threat.

§ 04

ATO Protect is the IID stack we built for the real attack surface.

Help desk password resets. Customer account recovery from unfamiliar devices. Privileged session escalations. Any high-value moment that needs more than a one-time code. ATO Protect verifies at the source, watches the carrier, blocks MITM in the connection itself, and stops replay attempts before they reach your auth flow. No liveness check. No theater.

Book a Demo Read Our White Paper