In January 2026, a UK recruitment firm lost £140,000 after a candidate impersonated a senior software engineer across four separate channels. The initial screening call happened on Teams. The technical interview was on Zoom. The reference check was a phone call. The offer negotiation happened over email. At no point did anyone verify that the same real person was on the other end of each interaction.
The firm's verification tool worked inside one platform. The fraudster worked across all of them.
The Single-Platform Trap
Most identity verification solutions today are designed for a single context. They work inside a specific video conferencing app, within a particular hiring platform, or during one step of a regulated process. Outside of that narrow window, they are useless.
This creates a fundamental problem: fraud and impersonation are not platform-specific, but your defences are.
Think about where identity actually matters in your business:
- A video call with a new client on Zoom
- A phone call confirming delivery details
- An in-person meeting at a client site
- A WhatsApp message from a supplier changing bank details
- An agency worker arriving for a shift at your care home
- A tradesperson knocking on a customer's door
Each of these is a different channel, a different context, and a different attack surface. A verification solution that only works in one of them leaves the other five wide open.
Fraud Follows the Path of Least Resistance
Sophisticated fraud doesn't attack your strongest point. It finds the channel you haven't secured.
If your video calls are verified but your phone calls aren't, the attacker calls instead. If your hiring platform has ID checks but your WhatsApp doesn't, the impersonator moves to WhatsApp. If your office has badge access but your remote meetings don't, the fraudster joins the Zoom call.
In-platform-only solutions create a false sense of security. They verify one interaction while leaving every other channel unprotected. Worse, they train organisations to believe verification is handled when it only covers a fraction of their exposure.
Falkin, for example, provides in-platform scam detection. Useful within that specific product. But it creates blindspots everywhere else. The scammer doesn't care which platform you've secured — they'll simply use a different one.
The QR Code as Universal Connector
The solution to multi-channel identity verification isn't building separate tools for every platform. It's finding a verification method that works across all of them.
A QR code is that connector.
It works on a video call — hold it up to the camera. It works in person — scan it at the door. It works on a phone call — send it via text mid-conversation. It works on WhatsApp, in a chat window, at a reception desk, or on a construction site gate.
The QR code doesn't care what platform you're using. It's a cryptographic handshake between two people, not between two pieces of software. It refreshes every 30 seconds, so it can't be screenshotted and reused. It creates a tamper-proof record of every verification — who, when, where, and on what channel.
This is two-way verification. Both parties scan. Both parties are confirmed. Not a one-sided check where an institution verifies you and you're expected to trust them back without proof. Reciprocal trust, established in seconds, on any channel.
Why "Works Everywhere" Isn't a Feature — It's a Requirement
Identity doesn't stop at the edge of your video conferencing software. As the Arup deepfake attack demonstrated, attackers exploit whatever channel you haven't secured. The person you need to verify today might be on Teams. Tomorrow they might be at your front door. Next week they might send a voice note.
A verification system that only works in one of those contexts isn't a verification system. It's a checkbox.
The organisations that will be most exposed in the next two years are the ones that invested in single-platform identity tools and assumed the problem was solved. It wasn't solved. It was narrowed to one channel while every other channel remained a liability.
Platform-agnostic verification isn't a nice-to-have. In a world where communication happens across a dozen channels simultaneously, it's the only approach that actually closes the gap.