How agencies can operationalize the White House’s cybercrime order through identity
The White House’s executive order on combating cybercrime marks a significant step toward addressing the growing threat posed by transnational criminal networks, online fraud and predatory schemes targeting American citizens.
Attackers are bypassing traditional defenses by using stolen credentials, synthetic identities and sophisticated impersonation techniques. A bad actor can pose as a legitimate user and redirect payments to their own account to collect money that doesn’t belong to them. Further, attackers can blend real and manipulated details to open new accounts that look legitimate. That info can then be used to commit fraud, apply for loans, collect benefits, and launder money, often going undetected because the activity is not tied to identity.
To maintain trust in government programs and services, agencies need to verify that individuals accessing their systems are who they claim to be. The most effective way to do that is by leveraging biometrics to verify identities. As attackers shift toward more fruitful attack channels, agencies can no longer rely on knowledge-based or document-only verification.
Biometric binding, or linking a real person to a real identity, must become the standard.
Identity-based attacks are forcing a change
New technology like artificial intelligence accelerates fraud at scale. Deepfakes and video spoofing allow attackers to convincingly impersonate individuals, while synthetic identities enable entirely fabricated personas to interact with government systems. These tactics are often used in fraud schemes targeting vulnerable populations, including older adults and individuals accessing government benefits or financial assistance.
In response to these emerging threats, organizations are prioritizing mandates and frameworks designed to protect against them:
NIST’s recently released NIST SP 500-290e4 provides the first update since 2016 to standards for the electronic exchange of biometric data across law enforcement, border control and other government systems. As such, agencies need to align biometric systems with these standards to ensure interoperability across law enforcement and border systems.
Additionally, federal efforts like the Department of Homeland Security’s Remote Identity Validation Rally (DHS RIVR) are putting identity verification technologies through real-world fraud scenarios, including deepfakes and spoofing. In response, agencies must prioritize solutions that have been validated in DHS RIVR or similar real-world testing environments to reduce the risk of spoofing and deepfake attacks.
Together, these efforts are accelerating the adoption of biometric identity verification — including capabilities like liveness detection and presentation attack detection (PAD) — to strengthen security at the point where identity is first established. By integrating these identity verification tools at critical entry points, agencies can strengthen identity assurance, prevent fraud and account takeover, and shift cyber defense from reactive to preventative.
Delivering on the executive order’s vision requires continued — and deeper — private- and public-sector collaboration to better identify bad actors, detect fraud and share intelligence across sectors.
Collaboration is critical to disrupting cybercrime networks
Government brings authority and enforcement capabilities to act on these threats, while industry provides innovation through biometric verification and scalable identity infrastructure. By combining these strengths, agencies can close the gap between policy intent and operational execution.
Identity verification must be integrated into high-risk digital workflows, and backed by proven, standards-based approaches. Third-party frameworks like NIST’s Digital Identity Guidelines, GSA’s FICAM approach and ISO 27001 help establish trust in technologies like liveness detection and anti-spoofing, ensuring reliability in real-world applications.
Additionally, U.S. cyber directives like executive order 14028 and OMB M-22-09 push agencies toward phishing-resistant authentication and zero-trust architectures, creating demand for advanced identity verification solutions that private companies deliver. Internationally, frameworks like MOSIP (Modular Open Source Identity Platform) enable governments to deploy national digital ID systems using biometric authentication, supported by a global ecosystem of private vendors.
Industry and government partnerships ensure biometric solutions are innovative, standardized, scalable and aligned with real-world security and regulatory needs.
Taking action
To keep pace with rapidly evolving cybercrime tactics and meet the intent of the executive order, agencies must take immediate, concrete steps to strengthen identity at every point of access.
Embedding biometric identity verification at account creation and high-risk transactions ensures that a real, verified individual is tied to each account and action, significantly reducing fraud, account takeover, and unauthorized fund transfers.
Additionally, agencies need to adopt phishing-resistant, zero trust-aligned authentication methods in line with federal guidelines and require third-party tested solutions — such as those evaluated in DHS RIVR — to ensure real-world resilience.
Lastly, it’s vital to continuously monitor for synthetic identities and deepfake-based attacks, not just credential misuse. Traditional authentication methods like passwords, one-time codes and knowledge-based questions verify what a user knows or possesses, but they do not confirm who the user actually is. As a result, agencies are left reacting to fraud after it occurs rather than preventing it at the point of interaction.
To deliver on the executive order, agencies need to view identity as a frontline control. It’s crucial to embed biometric verification at every critical access point and require proven performance against real-world attack scenarios.
Joe Ferrigno is the director of global safety & security for Identy.io. He has more than three decades of experience guiding operational priorities at INTERPOL Washington (United States National Central Bureau), the Department of Homeland Security Office of Inspector General, U.S. Customs/Homeland Security Investigations, the U.S. Postal Service Office of Inspector General, and U.S. Citizenship & Immigration Services.
