How to Verify Candidate Identity in a Remote Interview Without Storing Biometrics

The problem, stated honestly

Two distinct concerns hide inside "remote interview identity":

1. Substitution fraud. The person who took the assessment is not the person on the interview call. Or worse, the person who showed up to onboarding day is a third person.
2. Compliance posture. Some platforms solve (1) by training a face-recognition model on the candidate's face and storing a template. That solves the fraud problem and creates a GDPR / BIPA / Illinois biometric-information problem at the same time.

The good news: you can solve (1) without doing (2). The pattern is older than face recognition and still works.

What "biometric" means under GDPR and BIPA

Under GDPR Article 4(14), biometric data is "personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person."

The key phrase is "allow or confirm unique identification". A face-recognition template that lets you match candidate-X-at-stage-2 to candidate-X-at-stage-5 is biometric. A live photo posted next to a government ID and reviewed by a human is not biometric data in the technical sense — it's documentary identification.

Same for keystrokes. A statistical profile that learns this candidate's typing rhythm and identifies them later is biometric. A logged sequence of keystroke events with timestamps is not — it's behavioural telemetry. The difference is whether you build a template. See the GDPR-in-hiring overview for the broader stance.

The pattern that works

1. ID + live photo at the start of the assessment. Candidate uploads a government photo ID and a webcam selfie. A human reviewer compares them. No model trained, no template stored. The artefacts are kept in the candidate record under your normal retention policy, and deleted on request like any other PII.

2. Same-flow live photo at the start of the interview. When the candidate joins the interview, the platform takes a second webcam still. Reviewer compares this still to the original ID. Mismatch → investigate. Match → continue. Again, no template.

3. Behavioural continuity, not biometric continuity. Across the funnel, log what the candidate did and when. Did this assessment session and this interview session use the same email, same device fingerprint, same approximate IP region? Anomalies are flags, not auto-rejects. The aggregate gives you "this looks like the same person" without ever computing a "this is the same person" probability.

4. Document the chain. Your retention policy should say what you keep (the photos), for how long (e.g. 90 days post-decision), and what's deleted on request. Without the policy, the artefacts become a liability.

What this catches and what it doesn't

This pattern catches:

• A candidate sending a substitute to the live interview (the live photo doesn't match the ID).
• A candidate using a stolen identity at the assessment stage (the photo and ID don't match each other; or the document fails standard validity checks).
• Most large-scale fraud (the device / IP / behavioural anomalies surface).

It does not catch:

• A determined, well-resourced substitution where the same person takes the assessment and shows up to the interview, but isn't the person who will do the job. (Almost nothing catches this; you'd need to compare to a known reference, which is a stored biometric.)
• Identity theft against a real person who has their own documents.

For most hiring loops outside of high-trust regulated roles, this is the right trade-off: it raises the cost of fraud far above the value of cheating, without putting you on the wrong side of a privacy regulator.

How ClarityHire implements this

Each assessment with Strict integrity captures an ID-photo upload + live webcam still at session start. The interview room captures a second webcam still at join time. Both are surfaced in the integrity report timeline as visual artefacts for human review.

What ClarityHire does not do: train a face-recognition model on the candidate. No biometric templates are computed, stored, or matched. No voiceprints. No keystroke biometric profile against a stored template. That's a deliberate product stance — see the code-coherence cheat-detection note for the same posture applied to the coding signals.

TL;DR

You can verify identity at remote interviews with photo ID + live still + human review + behavioural continuity logging — no biometric templates required. It catches the fraud cases hiring teams actually face and keeps you out of GDPR / BIPA territory. The pattern is older than face recognition, less liability-prone, and equally effective at the cases that matter.