Incode Among Five Systems to Meet DHS S&T Goals in the Remote Identity Validation Rally
Incode
February 5, 2026•
.png)
February 5, 2026•
The U.S. Department of Homeland Security (DHS) recently released results from its Remote Identity Validation Rally (RIVR), a large-scale, government-led evaluation of commercial identity verification (IDV) systems. The rally was designed to stress-test vendor platforms against three of the most urgent challenges in modern identity security: liveness and deepfake detection, fraudulent document detection, and injection attack resistance.
Of the vendors evaluated, Incode was one of only two companies to meet multiple DHS S&T performance goals across these three categories.
RIVR was structured around the attack vectors that are currently generating the most risk for digital identity infrastructure:
Deepfake and liveness attacks
Evaluators used both commodity and advanced presentation attack methods, including high-resolution 2D spoofs, 3D artifacts, and AI-generated imagery, to test whether systems could distinguish a live person from a synthetic or replayed face.
Fraudulent documents
The evaluation introduced synthetic identity documents and altered genuine documents into the pipeline, assessing whether vendor platforms could accurately flag fraudulent submissions.
Injection attacks
Rather than physically presenting a spoof in front of a camera, injection attacks bypass the capture layer entirely, inserting pre-recorded or synthetic frames directly into the data stream. These represent one of the fastest-growing and most difficult-to-detect attack vectors in the current threat environment.
Incode met the DHS-defined performance thresholds in multiple categories. We are not permitted to share the specific numerical thresholds or detailed test results, as those are controlled by DHS. What we can say is that meeting multiple goals across categories puts Incode among a small number of vendors that demonstrated sufficient performance under the program’s evaluation conditions.
RIVR was designed by a government agency with a direct operational interest in the outcome. The DHS S&T Directorate needs to be able to recommend IDV systems that will hold up under the attack conditions government agencies and their partners actually face. The evaluation criteria were not designed to be achievable by most commercial platforms, they were designed to identify which systems meet a bar that the government considers sufficient for high-stakes use cases.
For enterprise buyers in regulated industries, RIVR results offer a useful reference point. They represent tested performance against real threat conditions, conducted by a credible third party with no commercial interest in the results.
Incode will continue to participate in government-led evaluations and third-party testing programs as they evolve. The threat environment is not static, and neither is our testing approach.
For organizations considering IDV platforms for regulated or high-stakes applications, we’re happy to discuss what the RIVR results mean in the context of your specific use case and risk profile.
Incode was named a Leader in the 2025 Gartner® Magic Quadrant™ for Identity Verification. Download the report.
%20(1).avif)
