Welcome to
The Hive
At The Hive, we bring together a dynamic community of HR leaders, compliance experts, technologists, and thinkers who care about getting identity, hiring, and trust right.
Expect practical insights, bold ideas, and real-world stories from across the employment and identity landscape. Not just from ZipID, but from people like you. Because when we swarm together, we build smarter.
How Did "Compliance" Turn Into National Security? Catalyst-AI podcast featuring Janice Kephart
ZipID founder and identity expert Janice Kephart explains why employers must move beyond I-9 box-checking to audit-ready identity assuredness — and why the window to get there is closing fast.
For decades, HR departments have treated the Form I-9 as a compliance exercise: collect the documents, fill in the boxes, file it away. Done. Audit proof, right?
Wrong. And increasingly, expensively wrong.
The rules of the game have fundamentally changed, and most HR teams are still playing by the old ones.
The old mindset: compliance as paperwork
The traditional I-9 approach treats identity verification as a document-collection task. An employee presents a passport or driver's license, or one of 180 legitimate pairs of IDs to complete an I-9. An HR rep looks at it, checks a box, and the form goes into a folder. The company is "compliant."
This model was built for a world of in-person hiring, physical documents, and infrequent enforcement. That world is gone.
"Employers are now on the front lines of identity integrity — whether they know it or not. The question is no longer 'did we fill out the I-9?' It's 'can we prove the identity behind that I-9 was real?'"— Janice Kephart, Founder & CEO, ZipID
Identity is a national security issue — and always has been
The United States learned this the hard way. After September 11, the 9/11 Commission found that the hijackers had exploited systemic weaknesses in how America verified identity— Janice Kephart did, that was her work— obtaining legitimate driver's licenses and documents that gave them access, cover, and freedom of movement. The commission's recommendations fundamentally reshaped how this country thinks about identity verification at every level, from border security to document standards to workplace eligibility. Those recommendations became REAL ID, biometric borders and passport requirements for all those seeking U.S. entry.
That work did not end at the border. The Form I-9 exists precisely because who is working inside American companies is a matter of national interest. Employment-based identity fraud is not just an HR problem or a tax problem — it funds criminal networks, enables infiltration of sensitive industries, and undermines the integrity of the labor market that citizens and lawful workers depend on.
What has changed is the scale and sophistication of the threat. AI has democratized document fraud in ways that would have been unimaginable even five years ago. The same technology that makes remote hiring seamless also makes it possible for bad actors to fabricate identities that no human reviewer could detect. The compliance process was never designed for this environment — and employers who treat it as a paperwork exercise are leaving a door open that adversaries are increasingly willing to walk through.
This is not alarmism. It is the logical extension of two decades of hard-won national security policy, now arriving at the HR desk.
Three forces that broke the old model
First, ICE enforcement has surged. Federal I-9 audits have escalated sharply, with fines now reaching $2,700 or more per violation — per employee, per document error. A single audit of a mid-sized employer can become a six-figure liability overnight.
Second, AI-generated fraud has outpaced human detection. Synthetic identities and AI-fabricated documents have reached a level of sophistication that the human eye simply cannot catch at onboarding. What once required sophisticated criminal networks can now be produced in minutes.
Third, remote hiring became the norm. Post-COVID, verifying identity through a screen became standard practice — removing the last physical safeguard that the traditional I-9 process relied on.
Together, these forces mean that a form filled out in good faith — using eyes, intuition, and a laminated checklist — is no longer a defensible compliance posture. Employers need to demonstrate not just that they collected documents, but that those documents were real, the identity was verified, and the entire process holds up to scrutiny. Not only that, employers under new ICE rules are responsible for failed I-9 software too.
The new standard: audit-ready identity assuredness
Identity assuredness is a different concept from identity compliance. Compliance asks: did we follow the process? Assuredness asks: can we prove the person is who they say they are?
This means building a verifiable, timestamped record that proves the identity document was authenticated — not just glanced at — that the person presenting it was physically present, that the document matched the person (which can onlyhbe done with assurance biometrically), and that the entire process was logged and accessible if an auditor ever comes knocking.
That is no longer a human task. It is a technology task.
E-Verify is necessary, but not sufficient
Many employers believe that using E-Verify closes the loop. It doesn't. E-Verify checks whether a name and number match federal databases — it does not verify whether the document is genuine or whether the person holding it is the rightful owner. A synthetic identity can pass E-Verify. A stolen identity almost certainly will.
True identity assuredness requires layering document authenticity checks, biometric liveness detection, and fraud intelligence signals on top of — not instead of — E-Verify. The I-9 and E-Verify are the floor. Authentication and assurance are the building.
What this means for HR teams right now
Stop thinking about the I-9 as a form. Start thinking about it as evidence. Every hire should produce a durable, reviewable record that demonstrates the employer exercised genuine due diligence — not just procedural compliance.
With ICE enforcement accelerating and AI-enabled fraud becoming impossible to detect with the naked eye, "we checked the box" is no longer a legal shield. Employers who cannot produce an audit trail showing how identity was verified — not just that it was — are exposed in ways most don't yet realize.
The mindset shift isn't optional. It's overdue.
Listen to the full conversation with Janice Kephart on identity verification, the I-9, and ZipID's vision hosted by Catalyst AI's Lindsey Waddell Hammer: YouTube.
Or, visit the podcast on the Riverside website.
Janice Kephart served as counsel to the 9/11 Commission and has spent two decades at the intersection of national security, identity policy, and technology.
Frequently Asked Questions
Is ZipID ICE-compliant I-9 software?
Yes. ZipID is designed to satisfy all five federal electronic I-9 system requirements under 8 CFR § 274a.2, including compliant audit trails, electronic signature protocols, and secure storage standards — including the March 2026 ICE reclassification of substantive violations.
As of January 2, 2025, I-9 paperwork violations carry fines of $288 to $2,861 per form under 8 CFR § 274a.10(b)(2). Knowingly hiring unauthorized workers carries fines up to $28,619 per worker for repeat offenses. ICE audit rates in 2025 ran at least ten times higher than in 2024.
ZipID uses NIST-validated biometric facial recognition at 99.998% accuracy to match a live selfie to the photo on the new hire's government-issued ID. OCR extracts and autofills document data, and fraud detection checks for tampered, synthetic, or spoofed documents.
ZipID plans to become a certified E-Verify third-party agent by August 2026. E-Verify completion is currently part of the I-9 workflow after the employer signs the form, with ZipID toggling to E-Verify, and then data from the E-Verify case is autofilled into the Additional Information box on the I-9 form, for preservation and audit purposes.
What is NIST and why does it matter for I-9 verification?
NIST — the National Institute of Standards and Technology — is a federal agency that sets the accuracy and performance benchmarks for biometric and identity verification technologies. For I-9 compliance, NIST standards matter because they provide an independent, government-validated measure of whether a facial recognition system is accurate enough to trust. ZipID uses NIST-tested algorithms rated at 99.8% accuracy, meaning employers can be confident that the identity match on every new hire meets the highest federal standard — not just a vendor's own claim.
ZipID completes the entire Form I-9 process — including identity verification, document capture, and E-Verify — in under 8 minutes, for both remote and in-person new hires.
ZipID's 1:1 facial recognition — which matches a live selfie to the photo on a government-issued ID — is rated at 99.8% accuracy using NIST-validated algorithms. This means fewer than 2 mismatches per 1,000 verifications. The system also includes liveness detection to prevent spoofing, ensuring the selfie is from a real, present person and not a photo or deepfake.
CR — Optical Character Recognition — is technology that reads and extracts text from physical documents like government-issued IDs. ZipID uses AI-powered OCR to instantly capture and interpret data from a new hire's ID, then automatically populate the required fields on Form I-9 — eliminating manual data entry, typos, and transcription errors. Unlike basic OCR tools, ZipID's AI layer also cross-checks extracted data for logical consistency, validates security features, and flags tampered, synthetic, or spoofed documents — turning a simple document scan into a fraud detection checkpoint.
ZipID uses NIST-validated biometric facial recognition at 99.8% accuracy to match a live selfie to the photo on the new hire's government-issued ID. OCR extracts and autofills document data, and fraud detection checks for tampered, synthetic, or spoofed documents.
It is completely the employer's choice. Facial authentication can assure that a new hire is who they say they are, and the ID they present matches their live self.
This is especially important for remote workers, or industries subject to immigration fraud or economic espionage from foreign adversaries who may pose as Americans for access to proprietary information.
How long does it take to complete an I-9 with ZipID?
ZipID completes the entire Form I-9 process — including identity verification, document capture, and E-Verify — in under 8 minutes, for both remote and in-person new hires.
ZipID is an I-9 compliance and identity verification platform that combines facial recognition, OCR document capture, and fraud detection to verify new hire identities and complete Form I-9 in under 8 minutes — with a legally compliant audit trail built in. It is the only I-9 platform built by the person who helped write the federal identity doctrine behind the law.
Who built ZipID?
ZipID was founded by Janice Kephart, former counsel to the 9/11 Commission and a national security identity expert with 25 years of federal and private sector experience, as a lawyer and policy and technology identity expert. Kephart authored the federal identity doctrine and biometric entry-exit recommendations that underlie today's I-9 compliance framework. She has testified before Congress 19 times on identity-related issues, and is an I-9 expert.