-optimized.jpg){kind=avatar}
Deepfakes in recruitment are no longer a future risk – they are here, says, Susie Thomson, pictured, Chair Elect of the Professional Background Screening Association (PBSA) and former founder of Security Watchdog.
The recent viral “three-finger test” video may have captured attention for its novelty, but for those of us working in background screening and vetting, it reinforces a far more serious point: identity fraud in recruitment is evolving rapidly, and traditional methods of detection are already becoming outdated. We are entering a phase where seeing is no longer believing.
Deepfake technology, with AI-generated CVs, synthetic identities and increasingly sophisticated fraud tactics, is fundamentally changing the risk landscape for employers. What was once a relatively straightforward process of verifying a candidate’s identity has become a multi-layered challenge that requires a far more structured and professional approach.
While quick fixes like visual “tests” may offer temporary reassurance, they are not sustainable solutions. As the technology improves, and it will, these methods will quickly become redundant. The reality is that fraudsters only need to succeed once, whereas employers must get it right every time. From my perspective, the most important shift HR leaders need to make is moving away from reactive detection to proactive, embedded verification. This starts with recognising that identity verification is not a single step in the hiring process, but a continuous thread that runs throughout it.
Approach
A robust approach should include multiple verification checkpoints starting from application screening, through to interview stages, and ultimately pre-employment checks. This should also include implementing digital identity checks early in the hiring process, helping to verify that candidates are who they claim to be before they progress further through the recruitment journey. Cross-referencing candidate data, validating documentation and ensuring consistency across touchpoints are critical. Where possible, verification should also extend beyond what a candidate presents themselves, incorporating trusted third-party data and accredited screening processes. Equally important is collaboration. HR cannot tackle this challenge alone. Close alignment with IT and cybersecurity teams is essential to ensure that systems, platforms and processes are resilient against manipulation. Deepfake fraud is not just an HR issue, it is a business risk.
Training role
Training also plays a vital role. Hiring managers and recruiters need to understand what modern fraud can look like, but also where their limitations lie. Overconfidence in spotting deception can be as dangerous as a lack of awareness. Structured processes, rather than intuition, should guide decision-making. Importantly, organisations should not lose sight of the positive role that technology can play. AI, when used responsibly, can help identify anomalies, flag inconsistencies and strengthen decision-making. The goal is not to reject technology, but to use it in a controlled and ethical way that supports genuine talent while filtering out risk.
Accredited screening
At the PBSA, we strongly advocate for the use of accredited screening providers and adherence to recognised standards. These frameworks are designed not only to improve accuracy, but to protect organisations and candidates alike by ensuring fairness, compliance and consistency.
There is no single solution to the deepfake challenge and there never will be. But organisations that adopt a layered, standards-driven and professionally managed approach to vetting will be significantly better positioned. Ultimately, trust is at the heart of every hiring decision. In an era where identities can be fabricated with increasing ease, protecting that trust has never been more important.
