2026 State of Passwordless Identity Assurance Report | SUCCESS STORY
How SecurityScorecard Strengthened Hiring Integrity and Workforce Trust with HYPR Affirm
Industry:
Cybersecurity / Risk Intelligence
Location:
New York, NY
Global cybersecurity leader SecurityScorecard identified an opportunity to strengthen identity verification after catching a threat actor targeting a developer with a fraudulent interview. After that incident, the company built a program to address risk across its workforce. SecurityScorecard based the program around HYPR Affirm, which strengthens identity assurance at onboarding while extending verification to high-risk workforce segments.
SecurityScorecard is a global leader in Third-Party Risk Management (TPRM), enabling organizations to understand, manage, and reduce cyber risk across ecosystems. SecurityScorecard’s platform delivers continuous visibility by combining threat intelligence and AI automation to detect and respond to risk through streamlined workflows, expert services, and actionable insights for enterprises, governments, and financial institutions worldwide.
While we have contracts in place that require background and identity checks, threat actors are becoming very sophisticated and very practiced in bypassing some of those regulations and requirements that we put in place.
The Challenge
Strengthening Hiring Security Across the Workforce
Phishing and credential harvesting is one of the primary ways that threat actors compromise organizations and systems. That’s why SecurityScorecard is always concerned with phishing and with identity at scale, ensuring that an employees’ identity matches who they are.
This concern became a reality when a North Korean threat actor targeted SecurityScorecard. The threat actor posed as a recruiter to engage with developers in practices like testing and reviewing code. The team responded and remediated the attempt within five minutes, but the event exposed a critical blindspot where a sophisticated impersonation or AI deepfake could get past traditional checks.
SecurityScorecard began searching for a partner who could help them:
- add more mechanisms to prevent interview fraudsters and verify that candidates are who they claim to be
- strengthen onboarding assurance and validate identity before granting access
- reduce risk upfront while extending trust across all users with access
In short, they wanted a more adaptable and durable approach that would extend beyond hiring and establish stronger identity assurance across its workforce all while maintaining a seamless experience for candidates and team members.
The Approach
Building a Flexible Foundation for Workforce Identity Assurance
From the outset, it was important that any solution would support multiple workforce scenarios without requiring separate tools or fragmented processes.
Rather than implementing point solutions for individual use cases, SecurityScorecard needed a platform that could:
- Apply consistent identity verification across different workforce types
- Provide a workflow framework that is easily configurable to varying workforce scenarios, user groups, and other segments
- Offer an admin experience that makes it easy to build, adjust, and scale verification workflows
- Integrate into existing workflows while remaining flexible for future processes
- Support evolving security requirements without requiring re-implementation
HYPR Affirm met all of the criteria. It didn’t just solve an immediate need, but offered a configurable, scalable identity verification framework with the ability to tailor how and where verification happens.
For a lean security team with competing priorities, ease of administration was non-negotiable. HYPR’s standard integrations with existing Identity Providers (IdP) and HR systems meant the team didn’t have to start from scratch or write custom scripts, leading to a faster, more stable rollout.
Rather than relying on a static picture of a license or a one-time background check, SecurityScorecard now uses dynamic telemetry, including interactive video verification and connection data like IP and geofencing. This technology ensures the person interviewing is exactly who they say they are.
The Impact
Identity Assurance That’s Scalable By Design
SecurityScorecard transformed one targeted attempt from a threat actor into scalable, repeatable control that isn’t tied to a single workflow. Instead, the security team can apply it wherever necessary to establish trust.
Reducing risk across the workforce
It all begins with stronger hiring integrity. Identity verification during interview and onboarding reduces the risk of impersonation before access is granted.
Once hired, the team can apply identity verification consistently, regardless of workforce type. Where SecurityScorecard used to only verify full-time employees, they can now verify 100% of entities, including partners, contractors, and candidates. This change removes any onboarding blind spots where threat actors can hide. Teams can configure and extend verification workflows without adding new tools or operational overhead.
Moving faster and more efficiently
Previously, validating a new contractor or employee identity could take up to five days. With HYPR Affirm, that window has shrunk to less than five hours—a 90% increase in onboarding efficiency.
And because HYPR provides more detailed telemetry, such as location and device type, the team spends less time chasing alerts. They’ve experienced a 50% reduction in time to remediate and close identity-related alerts, allowing them to shift their focus to higher-priority threats.
Meeting compliance standards with ease
As a FedRAMP-ready organization, SecurityScorecard has to meet the strictest possible directives. Meeting them is a requirement for doing business with the government, and HYPR Affirm helped them satisfy specific, high-stakes compliance domains within SOC 2, NIST, and FedRAMP-ready requirements.
Moving to lifecycle identity
Identity has traditionally been a point-in-time event during onboarding. SecurityScorecard is now shifting that paradigm, viewing identity as a long-term strategy that spans the entire user lifecycle—from initial interview to system access and forensic auditing.
Looking Ahead
Scaling and Evolving Identity Assurance
As AI and deepfakes become more prevalent, SecurityScorecard is considering securing AI agents by attributing agent activity to specific identities. Doing so will allow for historical and forensic auditing of agent actions within their systems, increasing accountability even for automated processes.
Other future opportunities include:
- Introducing periodic or event-based re-verification for certain roles
- Applying identity assurance to new workforce workflows as they emerge
- Continue aligning identity verification with zero-trust initiatives
By investing in a configurable and scalable approach, SecurityScorecard is able to evolve its identity practices alongside its workforce while addressing emerging threats.
Outcomes at a Glance
SecurityScorecard set out to strengthen identity assurance after catching a state-sponsored threat actor posing as a recruiter. With HYPR Affirm, they achieved so much more:
- 90% faster onboarding: Accelerated identity validation from five days to five hours
- 50% Faster response: Enriched telemetry reduced the time spent on identity alert triage and remediation
- Zero blindspots: Established 100% visibility across every persona with system access
- Compliance excellence: Satisfied rigorous identity domains for SOC 2, NIST, and FedRAMP-ready requirements
Ready to see how HYPR eliminates identity risks?
