Welcome to
The Hive
At The Hive, we bring together a dynamic community of HR leaders, compliance experts, technologists, and thinkers who care about getting identity, hiring, and trust right.
Expect practical insights, bold ideas, and real-world stories from across the employment and identity landscape. Not just from ZipID, but from people like you. Because when we swarm together, we build smarter.
How Did "Compliance" Turn Into National Security?
ZipID founder and identity expert Janice Kephart explains why employers must move beyond I-9 box-checking to audit-ready identity assuredness — and why the window to get there is closing fast.
For decades, HR departments have treated the Form I-9 as a compliance exercise: collect the documents, fill in the boxes, file it away. Done. Audit proof, right?
Wrong. And increasingly, expensively wrong.
The rules of the game have fundamentally changed, and most HR teams are still playing by the old ones.
The old mindset: compliance as paperwork
The traditional I-9 approach treats identity verification as a document-collection task. An employee presents a passport or driver's license, or one of 180 legitimate pairs of IDs to complete an I-9. An HR rep looks at it, checks a box, and the form goes into a folder. The company is "compliant."
This model was built for a world of in-person hiring, physical documents, and infrequent enforcement. That world is gone.
"Employers are now on the front lines of identity integrity — whether they know it or not. The question is no longer 'did we fill out the I-9?' It's 'can we prove the identity behind that I-9 was real?'"— Janice Kephart, Founder & CEO, ZipID
Identity is a national security issue — and always has been
The United States learned this the hard way. After September 11, the 9/11 Commission found that the hijackers had exploited systemic weaknesses in how America verified identity— Janice Kephart did, that was her work— obtaining legitimate driver's licenses and documents that gave them access, cover, and freedom of movement. The commission's recommendations fundamentally reshaped how this country thinks about identity verification at every level, from border security to document standards to workplace eligibility. Those recommendations became REAL ID, biometric borders and passport requirements for all those seeking U.S. entry.
That work did not end at the border. The Form I-9 exists precisely because who is working inside American companies is a matter of national interest. Employment-based identity fraud is not just an HR problem or a tax problem — it funds criminal networks, enables infiltration of sensitive industries, and undermines the integrity of the labor market that citizens and lawful workers depend on.
What has changed is the scale and sophistication of the threat. AI has democratized document fraud in ways that would have been unimaginable even five years ago. The same technology that makes remote hiring seamless also makes it possible for bad actors to fabricate identities that no human reviewer could detect. The compliance process was never designed for this environment — and employers who treat it as a paperwork exercise are leaving a door open that adversaries are increasingly willing to walk through.
This is not alarmism. It is the logical extension of two decades of hard-won national security policy, now arriving at the HR desk.
Three forces that broke the old model
First, ICE enforcement has surged. Federal I-9 audits have escalated sharply, with fines now reaching $2,700 or more per violation — per employee, per document error. A single audit of a mid-sized employer can become a six-figure liability overnight.
Second, AI-generated fraud has outpaced human detection. Synthetic identities and AI-fabricated documents have reached a level of sophistication that the human eye simply cannot catch at onboarding. What once required sophisticated criminal networks can now be produced in minutes.
Third, remote hiring became the norm. Post-COVID, verifying identity through a screen became standard practice — removing the last physical safeguard that the traditional I-9 process relied on.
Together, these forces mean that a form filled out in good faith — using eyes, intuition, and a laminated checklist — is no longer a defensible compliance posture. Employers need to demonstrate not just that they collected documents, but that those documents were real, the identity was verified, and the entire process holds up to scrutiny. Not only that, employers under new ICE rules are responsible for failed I-9 software too.
The new standard: audit-ready identity assuredness
Identity assuredness is a different concept from identity compliance. Compliance asks: did we follow the process? Assuredness asks: can we prove the person is who they say they are?
This means building a verifiable, timestamped record that proves the identity document was authenticated — not just glanced at — that the person presenting it was physically present, that the document matched the person (which can onlyhbe done with assurance biometrically), and that the entire process was logged and accessible if an auditor ever comes knocking.
That is no longer a human task. It is a technology task.
E-Verify is necessary, but not sufficient
Many employers believe that using E-Verify closes the loop. It doesn't. E-Verify checks whether a name and number match federal databases — it does not verify whether the document is genuine or whether the person holding it is the rightful owner. A synthetic identity can pass E-Verify. A stolen identity almost certainly will.
True identity assuredness requires layering document authenticity checks, biometric liveness detection, and fraud intelligence signals on top of — not instead of — E-Verify. The I-9 and E-Verify are the floor. Authentication and assurance are the building.
What this means for HR teams right now
Stop thinking about the I-9 as a form. Start thinking about it as evidence. Every hire should produce a durable, reviewable record that demonstrates the employer exercised genuine due diligence — not just procedural compliance.
With ICE enforcement accelerating and AI-enabled fraud becoming impossible to detect with the naked eye, "we checked the box" is no longer a legal shield. Employers who cannot produce an audit trail showing how identity was verified — not just that it was — are exposed in ways most don't yet realize.
The mindset shift isn't optional. It's overdue.
Ready to see how ZipID works? View pricing.
Janice Kephart served as counsel to the 9/11 Commission and has spent two decades at the intersection of national security, identity policy, and technology.
Frequently Asked Questions
Is ZipID ICE-compliant I-9 software?
Yes. ZipID satisfies all five federal electronic I-9 system requirements under 8 CFR § 274a.2 — including compliant audit trails, electronic signature protocols, and secure storage standards. It is specifically designed to meet the March 2026 ICE reclassification that elevated common errors to substantive violations.
As of January 2025, I-9 paperwork violations carry fines of $288 to $2,861 per form under 8 CFR § 274a.10(b)(2). Knowingly hiring unauthorized workers carries fines up to $28,619 per worker for repeat offenses. ICE audit rates in 2025 ran at least ten times higher than the prior year.
ZipID is pursuing certified E-Verify third-party agent status by August 2026. Currently, after the employer signs the I-9, ZipID redirects to E-Verify and automatically populates the resulting case data into the Additional Information field — preserving the complete record for audit purposes.
What is NIST and why does it matter for I-9 verification?
NIST — the National Institute of Standards and Technology — is the federal agency that sets accuracy benchmarks for biometric identity technologies. For I-9 compliance, NIST validation matters because it provides an independent government-verified measure of whether a facial recognition system is reliable enough to trust. ZipID uses NIST-tested algorithms rated at 99.998% accuracy.
ZipID's 1:1 facial recognition is rated at 99.998% accuracy using NIST-validated algorithms — fewer than 2 mismatches per 100,000 verifications. Liveness detection is built in to confirm the selfie is from a real, present person rather than a photo or deepfake.
OCR — Optical Character Recognition — reads and extracts text from government-issued IDs. ZipID uses AI-powered OCR to instantly capture a new hire's ID data and automatically populate the required Form I-9 fields, eliminating manual entry and typos. The AI layer also cross-checks extracted data for logical consistency and flags tampered, synthetic, or spoofed documents.
ZipID uses NIST-validated biometric facial recognition to match a live selfie to the photo on the new hire's government-issued ID. AI-powered OCR extracts and autofills document data. Fraud detection runs in the background checking for tampered, synthetic, or spoofed documents.
Facial authentication is entirely the employer's choice. It confirms that the new hire is who they say they are and that the ID they present matches their live self — especially valuable for remote hires, high-security roles, or industries with elevated identity fraud risk.
How long does it take to complete an I-9 with ZipID?
ZipID completes the entire Form I-9 process — including identity verification, document capture, and E-Verify redirect — in under 8 minutes, for both remote and in-person new hires.
ZipID is an I-9 compliance and identity verification platform that combines facial recognition, OCR document capture, and fraud detection to verify new hire identities and complete Form I-9 in under 8 minutes — with a legally compliant audit trail built in. It is the only I-9 platform built by the person who helped write the federal identity doctrine behind the law.
Who built ZipID?
ZipID was founded by Janice Kephart, former counsel to the 9/11 Commission and a national security identity expert with 25 years of federal and private sector experience, including designing border biometric workflows at MorphoTrak, now Idemia. Kephart authored the federal identity doctrine and biometric entry-exit recommendations underlying today's I-9 compliance framework, and has testified before Congress 19 times.