Janice Kephart, CEO of ZipID and 25-year identity intelligence veteran, joins Lindsey Hammer on Catalyst Chats to explain why theI-9 has become your most underestimated fraud-prevention tool.

By Janice Kephart  ·  CEO & Founder, ZipID  · Former 9/11 Commission Staff ·  Identity Law & PolicyExpert

Listen to the full episode on Catalyst Chats: catalyst-chats-podcast.lovable.app

When Lindsey Hammer invited Janice Kephart onto Catalyst Chats, she expected a conversation about I-9 compliance. What she got was a masterclass in how 25 years of national security, immigration law, and identity policy converge in asingle three-day hiring window—and why every HR leader needs to start paying attention.

From the 9/11 Commission to the Hiring Queue

Janice Kephart’s path to founding ZipID runs through the 9/11 Commission, where she served on the immigration team tasked with understanding how 19 hijackers entered—and stayed in—the United States long enough to execute an attack. Herconclusion shaped two decades of federal policy: identity failure was the rootcause. Biometrics, trusted traveler systems, the Real ID Act, and the I-9’sE-Verify program all trace directly back to recommendations that came out ofthat work.

“If we had understood the  identity of these people and the intelligence associated with them, 9/11  wouldn’t have happened. If we had been able to keep them out of the country,  they would have never been able to do anything inside the country.”

— Janice  Kephart, on lessons from the 9/11 Commission

That same analytical lens—stop fraud at the gate before it enters—is what she brought to ZipID five years ago. The problem she set out to solve: the I-9requires every employer in America to verify both identity and work authorization, but gives them no reliable tool to actually do it.

What the I-9 Actually Requires (and Why It’s So Hard)

TheForm I-9 is mandatory for every new hire in the United States—approximately 68million last year alone. Employers have a three-day window from an employee’sfirst day of work to complete it. Miss a field, miss the deadline, or acceptthe wrong document, and each form carries a civil fine that can now exceed$2,700. Multiply that by a workforce of hundreds and the exposure isstaggering.

~ 68M: New hires per year requiring an I-9

~ 500+: Legitimate ID combinations accepted

~ >$2,700: Maximum fine per form

~ 30%: Human accuracy matching face to ID

“There are over 500 legitimate ID  combinations, because every state produces about 17 different varieties.  There’s no way employers and HR folks are primed to identify fraud. No person  can do face recognition other than when you know somebody—you have about a  30% chance of getting it right.”

— Janice  Kephart

That cognitive gap—an HR professional confronting a stack of documents they werenever trained to authenticate—is exactly where fraud enters. And the landscapeof who commits that fraud, and why, has shifted dramatically.

Identity Fraud Has Changed. Has Your Hiring Process?

Thedominant narrative around I-9 fraud has historically focused on undocumentedworkers in industries like construction, food processing, and agriculture. Thatnarrative is now dangerously incomplete. Janice walked Lindsey through a threatpicture that spans every sector and every pay grade.

DEEP FAKES AND REMOTE IMPERSONATION

With remote hiring now permanent for millions of roles, a bad actor can mask their face and voice in a video interview using AI-generated overlays. The Department of Justice prosecuted a case last year involving an identity theft ring oft hree American women who sold thousands of stolen U.S. identities to overseas operatives, who then showed up as “American employees” on their first remote day of work—many of them applying as senior software developers with access to proprietary systems.

“We now have problems with deep  fakes—a person impersonating somebody else with a fake identity on a video  conference. We’ve already had the Department of Justice prosecute an identity  theft ring where people masking their face and masking their voice were  pretending to be American when in fact they were Russian or North Korean.”

— Janice  Kephart

 SIX MILLION DEAD IDENTITIES IN ACTIVE USE

SocialSecurity number theft from deceased individuals accounts for roughly sixmillion instances of workplace identity fraud today. Because E-Verify onlycross-checks the name attached to a Social Security number—not the documentitself—a fraudulent identity built on a deceased person’s number routinelyclears the system without a flag.

THE DETERRENCE EFFECT

Oneof the most practical insights Janice shared draws directly from hercounterterrorism background: visible security deters fraud even beforeverification begins.

 “Even a terrorist, like any type  of criminal, always wants the easiest route. If it’s hard and they think  somebody might catch them, they’re much less likely to do it. Even having a  solution like ZipID in place—just telling them we’re going to take a selfie,  we’re going to take a photo of your ID—that could be enough for them to turn  around and run. There is a huge deterrence effect to having security in  place.”

— Janice  Kephart

 Why E-Verify Isn’t Enough

Janicewas candid about E-Verify—a program she was an early and vocal proponent of,testifying before Congress in its favor. Her assessment today is direct:employers are being given a false sense of security.

 ■  THE E-VERIFY  GAP

•      Driver’s  licenses represent roughly 70% of E-Verify traffic. State license checks were  offline for an extended period and, per Janice’s experience inside the  government, are still not reliably verified against state DMV databases.

•      U.S.  passports, another 20% of traffic, used to be checked against State  Department issuance records. That check is no longer consistently performed;  only the photograph is compared—not the document fields.

•      Stolen  Social Security numbers belonging to deceased individuals pass through  E-Verify without triggering a flag, because only the name-SSN pairing is  checked—not actual identity.

“E-Verify is duping employers  into thinking that person is authorized to work and that their identity is  who they say they are—when in fact it’s not doing that at all. The only  identity information they actually check is the social security number and the  name attributed to it. If you’ve acquired one of the six million dead  people’s IDs on the black market, that’s going to make it through. No  problem.”

— Janice  Kephart

 What ZipID Does Differently

ZipIDwas built to close the gap between what the I-9 requires and what employers canrealistically do. The workflow is designed to take less than three to fiveminutes for an employee and five to eight minutes for the employer—with noidentity expertise required on either end.

HOW IT WORKS

The employer sends an invitation from their dashboard. The employee receives it from a recognizable sender (their employer’s email), creates a secure portal account, and completes section one. ZipID’s AI-powered optical character recognition reads the identity document and auto-populates all I-9 fields—the employee simply reviews and confirms. A selfie is captured and returned alongside the document image.

On the employer side, ZipID runs face recognition against the document photo and returns a confidence score with guidance on how to interpret it. Risk flags are generated automatically: if, for example, the IP address of the selfie differs from the IP address of the document upload, the reviewer is alerted to ask follow-up questions—not as a denial, but as a prompt for due diligence.

“Our optical reader tool will not  read the ID if it determines it’s fake. It just won’t read it, and it will  say to use something else. And then the face recognition gives you a  confidence score on the match and tells you what to do with that confidence score.”

— Janice  Kephart

DEEP FAKE DETECTION IN THE FIELD, TODAY

For employers currently using E-Verify’s video conference requirement, Janice shared a low-tech countermeasure: ask the candidate to hold up their ID to the camera. AI face-mask overlays often cannot sustain the overlay when an object interrupts the frame, making the real face visible behind the mask. It costs nothing and takes seconds.

PRIVACY AND SECURITY ARCHITECTURE

No identity information transacts outside ZipID’s encrypted AWS enclave. There isno email transmission of document images. Every company and every individual gets a separate encrypted folder. Wet digital signatures with metadata are required on both sections, satisfying ICE’s documentation standards.Audit-ready activity logs show every user action, timestamped, across allocations—critical protection for employers who need to demonstrate good-faith compliance in an enforcement action.

The Workforce Trends Shaping the Compliance Conversation

The conversation between Janice and Lindsey extended well beyond the I-9 itself into the HR trends accelerating identity risk: remote work permanence,AI-generated fake applicants, and the gig economy’s frictionless onboarding expectations.

Gartner projected earlier this year that by 2028, one in four job applicants may present fraudulent credentials—whether a fabricated resume, a stolen identity, or an AI-generated persona. That figure reframes the I-9 from a compliance checkbox into a first-line security control. Janice argues HR leaders need to make that mental shift now.

“HR deals with identity on a  daily basis, but they’re now going to have to be a bit of an investigator,  too. You cannot assume anymore that the person before you and the resume you  have is legitimate. Gartner reported that by 2028, one in four job applicants  will be fake.”

— Janice  Kephart

Lindsey raised a tension that resonates for HR leaders caught between compliance burden and employee experience: the same technology meant to protect employers can feel like surveillance to candidates navigating a world of scam texts and phishing emails. Janice’s response points to ZipID’s design philosophy: because the invite arrives from the employer’s own email and routes directly to a branded portal, the process feels like onboarding—not interrogation.

“The employee using ZipID is  having their identity protected, not just being scrutinized. They’re telling  the employer: this is who I am. That’s where you’re building trust. So you’re  creating an onboarding experience, plus making it so they don’t have to  understand anything. We just ask questions, you fill it in, and that’s it.”

— Janice  Kephart

What’s Coming for ZipID

The current product automates the full I-9 workflow with OCR, face recognition, risk flagging, E-Verify toggle, multi-location audit logging, and timed compliance notifications. On the roadmap: a native video conference tool withbuilt-in anti-spoofing, anti-deep-fake, and anti-morphing detection—drawing onJanice’s deep relationships in the biometrics vendor community built over two decades in federal identity programs.

On the partnership front, ZipID is fielding serious interest from applicant racking systems and background check companies, both of whom see a differentiated I-9 and identity verification layer as a gap in their current offerings. The longer-term goal is integrations with HRIS platforms likeWorkday and BambooHR, and direct relationships with PEOs and multi-site employers in construction, food processing, financial services, and high-tech—the sectors where identity fraud risk is either already documented orrapidly emerging.

ABOUT THE HOST

Lindsey Waddell Hammer

Lindsey Hammer is the founder of CatalystAI Solutions,  an advisory practice focused on HR operations, AI-enabled workforce strategy,  and the people side of compliance. A former Amazon talent leader who scaled  hiring across high-volume, global operations, she advises HR companies on  marketing, go-to-market strategy, and partnership development. On her  Catalyst Chats podcast, she talks with the founders and operators reshaping  how work gets done—from compliance technology to workforce AI.

Listen to the Catalyst Chats episode with Janice →

Start the Conversation

Ifyour organization is auditing its I-9 posture, navigating a worksite enforcement action, or simply trying to understand what identity verification should look like in an era of remote hiring and generative AI, Janice welcomes the dialogue.

Connect on LinkedIn: linkedin.com/in/janicekephart

ExploreZipID: zipidapp.com

Listen to the full episode: catalyst-chats-podcast.lovable.app

‍