Free Demo
  • Linkedin
  • Twitter
  • Youtube

Daon named a Leader in the 2025 Gartner® Magic Quadrant™ for Identity Verification: READ MORE

Connect with a Daon solutions expert

Let us know how we can assist you

  • Product/Solution Information
  • Product Demonstration
  • Request for Proposal
  • Partnership Opportunities

See why many of the world’s strongest brands chose Daon to help them build lasting trust with their customers.

Deepfake Defense Starts Before Detection: Here’s What to Take Away from the Latest Gartner Report

Deepfake detection is the last line of defense, not the first. Organizations need layered protection that stops attacks at the point of introduction through standards-validated presentation and injection attack detection, backed by contextual signals that catch what biometric defenses miss.



 

Security teams, technology buyers, and vendors alike have oriented their attention around a single question: can this system detect a deepfake? It is an understandable instinct. The threat is visible, the technology is alarming, and vendors have been eager to offer reassurance in the form of detection accuracy claims. But according to new research from Gartner, that framing misses the point. Detecting the deepfake itself is not the primary defence. It is the last one.

For organisations running identity verification or biometric authentication programmes, this distinction carries real operational weight. Failures in these processes do not produce minor inconveniences. They produce KYC compliance lapses, account takeover, and in workforce contexts, the possibility of a bad actor clearing your hiring process and gaining access to sensitive systems. The cost of getting this wrong is significant. Does your current vendor selection criteria reflect where the actual risk lies?

Two Attack Vectors That Matter More Than the Fake Itself

To understand Gartner’s argument, it helps to understand how a deepfake is actually used against a face biometric system. There are two methods.

The first is a presentation attack. The attacker presents a deepfake directly to the camera, typically by pointing the device at a screen displaying the fabricated image. Physical variants exist as well: printed photos, masks, three-dimensional objects. The attack surface here is the capture moment itself.

The second is an injection attack. Rather than fooling the camera, the attacker bypasses it entirely, inserting a pre-prepared image into the data stream between the camera and the processing application. Virtual camera software is the common mechanism. The application receives what appears to be a live camera feed. It is not.

These two attack methods are where the primary defence must be focused. Gartner is direct on this point: trying to detect the deepfake in the captured image, while important, is less effective than detecting the methods by which a deepfake is introduced in the first place.

For presentation attack detection (PAD), the relevant standard is ISO/IEC 30107-3, which defines how biometric systems should be tested against a range of fraudulent artefacts. This standard has been established long enough that a vendor without testing evidence against it should raise immediate concern. Daon’s xFace holds iBeta certification at levels 1 and 2 against this standard. For injection attack detection (IAD), the field is newer. CEN/TS 18099, introduced in 2025, defines testing methodology across Basic, Substantial, and High evaluation tiers. Relatively few vendors have completed this testing. Gartner recommends treating completion, or a credible and contracted timeline, as a procurement requirement.

Standards conformance is the baseline, but it is not sufficient on its own.

The Problem with Deepfake Detection Claims

Here is where Gartner’s research deserves particular attention from procurement teams. There is no standardised approach to deepfake detection. There is no independent methodology for assessing vendor efficacy. And there is no reliable way to compare one vendor’s claims against another’s.

This matters more than it might initially appear. Deepfake generation technology is advancing at a pace that consistently outstrips detection capabilities. Vendors are deploying a range of techniques to assess images for signs of synthetic generation, but the approaches vary, the testing is proprietary, and the threat landscape shifts constantly. When a vendor presents detection accuracy figures, there is currently no external framework against which to validate them.

This does not mean deepfake detection is unimportant. It means that decisions anchored primarily in vendor detection claims rest on an unverifiable foundation. For security leaders accustomed to rigorous due diligence, that should prompt a reorientation of the evaluation criteria.

Contextual Signals Close the Gap

Because no single layer of defence is guaranteed to catch every attack, the organisations best positioned against deepfake threats are those that build depth into their identity processes. Gartner points specifically to contextual intelligence as a critical additional layer.

The logic is straightforward. If a presentation or injection attack slips past initial defences, anomalies in surrounding signals may still reveal it. Device intelligence can flag velocity anomalies or link seemingly unrelated identities to a single device. Location signals can identify mismatches between a user’s expected geography and where the verification event originates. Behavioural signals, including dwell time and interaction patterns, can surface deviations from what genuine users typically do. Velocity checks can catch repeated use of the same identity attributes across separate events.

Taken together, these signals create detection opportunities that exist independently of whether the deepfake itself is identified. The system does not need to recognise the fake. It needs to recognise that something about the surrounding context does not add up.

This is precisely where orchestration architecture becomes a strategic consideration rather than a technical one. Daon’s TrustX platform is built to combine biometric verification, document authentication, and contextual risk signals within configurable, no-code workflows. Gartner’s 2025 Magic Quadrant for Identity Verification recognised Daon’s approach to orchestration as a meaningful differentiator, noting the contrast with vendors that continue to rely on developer-intensive integration models. The practical implication for buyers is faster deployment, lower integration overhead, and greater agility as the threat environment shifts.

What Procurement Leaders Should Be Asking

Gartner’s research offers a practical reframe for vendor evaluation. Rather than leading with detection accuracy, security and identity leaders should be asking three questions.

Has the vendor demonstrated PAD testing in conformance with ISO/IEC 30107-3, and from which independent testing laboratory? Has the vendor completed IAD testing against CEN/TS 18099, or can they provide a contracted timeline for doing so? And beyond the biometric capture event itself, what contextual signals does the vendor collect, and how are those signals surfaced within the risk decision?

These questions shift the evaluation from “can you detect deepfakes?” to “can you detect how deepfakes are used?” That shift reflects where the real exposure lies.

The broader point Gartner makes, and one that practitioners in this space have understood for some time, is that deepfake defence is an architecture problem. The organisations that will be most resilient are those with layered defences, standards-validated capabilities, and the contextual intelligence to identify attacks that individual layers may miss.