Arbitra Logo
For IDV VendorsFor IDV Users
BenchmarkBlog
AboutMethodology
Contact
Back to Blog
Industry Analysis
RFP
Vendor Selection
Best Practices
IDV

How to Build a Killer IDV RFP: 2025 Edition

Arbitra Research Team
12/15/2024
12 min read

Executive Summary: Building a great IDV RFP shouldn't be about who has the slickest demo—it should be about measurable fraud resilience, uptime, configurability, and long-term cost of ownership.

20+ Vendors Benchmarked
70+ Evaluation Criteria

The Problem with Most IDV RFPs

Most organizations approach IDV vendor selection like they're buying enterprise software from 2010. They focus on feature checklists, demo presentations, and price per transaction without considering the nuanced performance characteristics that actually matter in production.

Reality Check: Companies end up with vendors that look great in controlled demos but fail when faced with real-world fraud attacks, diverse user populations, or unexpected traffic spikes.

Core RFP Dimensions That Actually Matter

Essential RFP Evaluation Criteria

Company History & Financials - Stability and longevity matter in a consolidating market
Product Depth (Liveness, OCR, Matching) - Technical capabilities that work under pressure
Performance Benchmarks - Real-world accuracy and speed metrics, not marketing claims
Security Certifications - Compliance and data protection standards that actually matter
User Experience & Support - Implementation quality and ongoing relationship management

2025 Evaluation Framework

Here's how leading organizations are structuring their IDV vendor evaluations this year:

RFP Evaluation Metrics

Company History & Financials8/10
Product Depth9/10
Performance Benchmarks7/10
Security Certifications9/10
User Experience & Support6/10

🏢 Company Fundamentals (20%)

  • Funding & Runway: Can they survive market downturns?
  • Customer Retention: Are existing customers actually happy?
  • Leadership Stability: Frequent C-suite changes are red flags
  • Regulatory History: Any major violations or compliance issues?

🔬 Product Depth (25%)

  • Liveness Detection: Can they stop deepfakes and presentation attacks?
  • OCR Accuracy: How well do they handle edge cases and poor quality docs?
  • Biometric Matching: False positive/negative rates in production environments
  • API Flexibility: Can you tune and configure for your specific use case?

📊 Performance Benchmarks (25%)

  • Third-party Testing: NIST FRVT, iBeta certifications, not just claims
  • Demographic Analysis: Performance across age, gender, ethnicity
  • Uptime & Latency: What happens when their systems go down?
  • Fraud Effectiveness: Real-world catch rates against known attack vectors

🔒 Security & Compliance (15%)

  • SOC 2 Type II: Non-negotiable for enterprise deployments
  • ISO 27001: Information security management standards
  • Data Residency: Can they meet your geographic requirements?
  • Penetration Testing: How often do they test their own security?

Top RFP Performers: 2025 Analysis

VendorKey StrengthsDifferentiatorsOverall Score
IncodeFull-stack capabilities, L2 passive liveness, fast API responseBest-in-class technical depth and innovation
9.2/10
VeriffStrong global coverage, facial biometrics leader, enterprise scaleMarket maturity and proven scale
8.8/10
JumioEnterprise scale, KYB depth, comprehensive compliance toolingRegulatory expertise and enterprise focus
8.5/10

Critical Red Flags to Watch For

⚠️ Warning Signs

  • Benchmark Reluctance: If they won't share performance metrics, there's usually a reason
  • Demo-Only Evaluations: Insist on testing with your actual use cases and data
  • Pricing Opacity: Hidden fees for API calls, storage, or premium features
  • No Redundancy: Vendors with no disaster recovery or failover plans
  • Aggressive Sales: Pressure to sign quickly often indicates desperation

Pro Tips from the Trenches

💡 Always Request

  • • iBeta certificates, not just claims
  • • FTE and latency data by platform
  • • Adversarial test scenarios
  • • Edge case performance data

🎯 Test Scenarios

  • • Spoofed selfies and deepfakes
  • • Identical twins verification
  • • Low light conditions
  • • Damaged or worn documents

The Bottom Line

A well-structured IDV RFP process takes 3-6 months but can save you years of vendor relationship pain and millions in fraud losses. Focus on measurable performance criteria, demand transparency, and don't let flashy demos distract from the fundamentals.

Remember:

You're not just buying software—you're choosing a partner who will help protect your business from increasingly sophisticated fraud attacks. In 2025, that choice matters more than ever.

Sources

• iBeta Labs Presentation Attack Detection Testing
• Crunchbase Funding and Company Data
• NIST Face Recognition Vendor Test (FRVT)
• Arbitra IDV Benchmarks 2024-2025
• Industry interviews with 50+ compliance and fraud teams

Never Miss an Investigation

Subscribe to get our latest security research, vendor analysis, and industry investigations delivered directly to your inbox.