They share a verified ID. You see who they are. Real-time, cryptographic, deepfake-immune.
Presenter shows a code. Verifier types it. Presenter picks what to share. Verifier sees the verified card. Five seconds.
The presenter's device holds the key. The verifier sees only the signed proof. Nothing replayable. Nothing forgeable.
Attackers reach you through every surface where a human decides. ScrambleID rides the same surfaces. Three modes, one guarantee.
In-person
Display a code, the other party scans. Security desks, meeting rooms, loading docks. Defeats fake badges and shoulder surfing.
Audio
Read the 5-digit code aloud. Phone calls, conference rooms. Defeats voice cloning and deepfake audio.
Digital
Send a one-time link, the other party taps. Chat, email, SMS, support tickets. Defeats phishing and pretexting.
All three carry the same cryptographic proof.The mode follows the conversation. The guarantee doesn't change.
Voice cloning costs less than a streaming subscription. Deepfake video is consumer-grade. Pretexting is automated. What was a craft is now a commodity, aimed at every channel where humans still decide who to trust.
Business Email Compromise: reported losses, 2019 to 2023
BEC alone is approaching $3 billion a year. Wire-transfer fraud, vendor impersonation, executive impersonation. Each starts with someone believing the wrong person.
SOURCE . FBI INTERNET CRIME REPORT, ANNUAL EDITIONS
Voice cloning
Three seconds of audio. Sub-$10 a month.Voice biometrics no longer measures who's on the line. It measures how well the attacker cloned them.
Deepfake video
$25M moved on a single video call.Arup, Hong Kong, February 2024. The CFO and several colleagues on the call were all synthetic. Visual ID checks no longer prove identity.
Helpdesk vishing
100+ enterprises. One phone call each.Scattered Spider has breached more than 100 major enterprises by vishing IT helpdesks. Casinos, retailers, telecoms, banks, multiple Fortune 100s. Every modern defense, walked past with a phone call.
Knowledge-based auth
The answers are already in the breach data.NIST deprecated KBA in SP 800-63A-4. Mother's maiden name, last four of SSN, prior addresses: all of it has been public for years.
Voice, face, and knowledge are no longer evidence of identity. Cryptographic device-bound proof is what's left.
Those attacks land at your helpdesk, on your video calls, at your loading dock. Each depends on a human knowing another human.
HELPDESK / IT SUPPORT
A social engineer pretexts your IT helpdesk. The agent has no real way to verify them. Old answer: security questions a breach already exposed. New answer: a verification request to the registered device. Right person verifies in seconds. Impersonator can't.
FINANCE / EXEC OPS / FRAUD
Voice and face are no longer evidence. The real CFO opens the app. You scan their code. You see a verified card signed by their device. The deepfake has none of that.
FACILITY / SECURITY DESK
A printed work order is paper. A vendor badge is plastic. Both fake easily. The scheduled tech opens the app, the desk scans the code, the desk sees verified employer, role, photo. Mismatch with dispatch? They don't get in.
The presenter picks what to share, every time. The verifier sees only what was shared. Each field tagged Verified or Self-Reported. Nothing else moves.
PRESENTER
Alex picks what to share with Sarah
Photo
Name
Alex Rivera
Company
TechStart Inc
Job Title
Engineering Director
Work Email
alex.rivera@techstart.com
Personal Email
alex.r@personal.com
Personal Phone
+1 555 876 5432
VERIFIER
Sarah sees only what Alex shared
Photo
Alex Rivera
TechStart Inc
Engineering Director
alex.rivera@techstart.com
Five shared, two not. Sarah sees what Alex chose. Nothing else. Next verification, he chooses again.
SELECTIVE DISCLOSURE
Picked each time.Work, personal, or custom. Defaults are conservative.
CONSENT-LED
Verifier sees only what was shared.No "show all" backdoor. The presenter's choice is the boundary.
VERIFIED OR SELF-REPORTED
Each field shows its provenance.Verified: attested. Self-Reported: not. Two states, no ambiguity.
Knowledge-Based Auth
Deprecated. Answers are in breach data.
Visual ID Check
Deepfakes pass video. Fake IDs pass desks.
Call-Back Through a Known Number
Only works for parties you already know.
The hard cases are between strangers. No prior trust, no shared secret, no time for a heavy ID-proofing flow.
Real-time, privacy-preserving, deepfake-immune, and works between people who have never met.
Swipe sideways to compare. ScrambleID is the highlighted column.
| Method | Spoofable in 2026 | Works for strangers | Privacy-preserving | Real-time |
|---|---|---|---|---|
| Knowledge-based questionsMother's maiden name, employee ID, last four of SSN | YesAnswers in breach data and OSINT | Yes | NoSensitive data exposed every time | Yes |
| Visual ID checkDriver's license, badge, video face match | YesDeepfakes and fake IDs | Yes | NoFull document exposed to verifier | Yes |
| Call-back via known channelHang up, dial the number on the back of the card | No | NoRequires a pre-existing trusted channel | Yes | SlowAdds minutes per verification |
| Identity verification servicesVeriff, Onfido, Persona, ID.me | No | Yes | NoDesigned to expose full ID documents | NoBuilt for onboarding, minutes per check |
| ScrambleIDCryptographic challenge signed by the presenter's registered device | NoPrivate key never leaves the device | YesNo prior relationship needed | YesSelective disclosure, per-verification | YesFive seconds end to end |
Anyone who can be socially engineered. Anyone whose authority can be impersonated. That's more of your organization than it sounds.
Edge cases
The other party doesn't have ScrambleID.
Treat the verification as inconclusive. Fall back to whatever escalation you'd have applied with no proof at all. Untrusted by default is the safe state.
The verifier is anonymous (a security desk, a fraud team).
Supported. The presenter sees the verifier's role and organization without a personal name. Selective disclosure cuts both ways.
No personal phones in our facility.
The presenter completes the cryptographic exchange before entering. The phone goes in the locker. Verification good for the session.
Our dispatch record disagrees with the verified card.
That's a signal. The verifier sees a real person but the wrong assignment. Deny entry, call dispatch. Identity proof, not work-order proof.
A presenter's device is lost or stolen.
Revoked through identity proofing. Compromised device's signatures stop being honored within seconds. New device, new key, history preserved.
The verifier is on a desktop, no phone in hand.
The desktop app on Windows and macOS handles the same flow. Type the code, see the verified card.
What security architects, fraud leads, and privacy counsel ask before deploying.
Wallets are document containers; they show your driver's license, signed by the state. ScrambleID is identity-as-credential, signed by your registered device, with selective disclosure built in. Wallets handle consumer ID. ScrambleID handles enterprise verification across employees, contractors, executives, customers, and vendors.
ScrambleID overlays your IdP. It doesn't replace Okta, Entra, Ping, or ForgeRock. The directory still owns identities and lifecycle. ScrambleID adds the verification layer for human-to-human trust events. A "Verified" badge means your IdP confirmed the field.
Every verification produces a signed, timestamped record bound to both accounts, the registered device, and the fields shared. Streamable to your SIEM. Persists per your retention policy. The architecture page covers the full format.
Selective disclosure is the structural answer to data minimization. ScrambleID never transmits or stores biometric templates; biometrics only unlock local key material in the secure enclave. Both parties can access records of what was shared, with whom, and when.
Yes by default. The presenter sees who's requesting before choosing what to share. For verifier roles that represent a function (security desk, fraud team), an anonymous mode shows organization and role without a personal name. Presenter still chooses.
The verification is bound to the device's secure enclave; an attacker needs physical access plus the user's biometric or PIN. Lost or stolen devices are revoked through identity proofing. Auditable, attributable, revocable.
Enrollment establishes the device-to-person binding through your IdP's identity-proofing posture, which you already trust. Per-verification, the device's private key signs the challenge, proving continuity from enrollment forward. Verification is no stronger than enrollment, by design.
Yes. ScrambleID for the people surface is one cryptographic verification layer across all three. Workforce verification covers internal scenarios: HR onboarding, security desk access, executive identity confirmation on video calls, and incident-response peer verification. B2B partner and vendor verification covers cross-organization trust events: vendor field engineers at customer sites, partner executives in video meetings, supplier representatives at security checkpoints. Consumer verification covers customer-facing trust events: contact center callbacks, in-branch banking, healthcare front-desk identity confirmation, and high-value transaction approvals. Same selective-disclosure model, same signed audit record, same IdP overlay across Okta, Microsoft Entra, Ping, or ForgeRock. No audience needs a separate trust stack.
Yes. The presenter doesn't need to be your employee. A customer can verify themselves when your contact center calls. A vendor's field engineer can verify at your security desk. A partner's executive can verify on a video call. Same cryptographic substrate; what differs is which attributes carry attestation.
Days to a working pilot. Weeks to production. The mobile app is the cryptographic anchor; IdP integration is OIDC-shaped. No CCaaS plumbing, no IVR work. The architecture page covers deployment patterns.
Yes, as confidence signals. Voice biometrics, geolocation, behavioral analytics can add or subtract trust from a verification already cryptographically anchored. Layered, they defang the deepfake risk that breaks each method alone.
P2P proves a real human, not a synthetic, is the one consenting.
That's what the in-the-loop gate needs: a person the rail can prove, deepfake-immune, signing what they agreed to.
How the rail gates an actionReference Architecture
How ScrambleID composes with your identity stack.
Overlay model, request flow, trust boundaries, standards, operations, compliance.
For Security Teams
Architectural immunity to social engineering.
What gets retired, what gets stronger, where the residual threats sit.
Other surfaces
Voice, web, agent, frontline.
One mobile app credential. Five surfaces. No passwords, no secrets, no security questions.
Stop trusting names, voices, and faces. Trust the device that signed.
Pilot in days. Production in weeks. One credential, every surface, real cryptographic proof.
Pilot ScrambleID →