Remote online notarization was supposed to be the secure default by now. Instead, it’s become the new attack surface — because identity verification at scale was solved on the marketing slide, not in the field.

Here’s the thing about RON that nobody wants to say out loud: the security model was designed in 2018 and 2019, against a threat model that no longer exists. Back then, the bad actor in our heads was a guy with a stolen driver’s license trying to talk a notary through a Zoom call. Knowledge-based authentication and a credential scan were considered enough, because the work of impersonating someone convincingly on video was beyond the reach of anyone who wasn’t a state-level adversary. That assumption broke in 2024. It’s been broken every quarter since.

The math has moved. A consumer with a $40-a-month subscription to one of three commercially available video tools can produce a real-time deepfake convincing enough to clear the average RON workflow. Not a static photo. A face that turns when asked, blinks on cue, responds to “show me your ID” by holding up a separately fabricated credential. The face on the screen is wrong, the credential is wrong, the KBA questions get answered correctly because the underlying identity was harvested out of a 2023 mortgage breach that’s now circulating in three different forums. The notary on the other end is doing the job exactly as trained. They have no idea.

This is the third post in our fraud series, and it’s the one I least wanted to write. The first two were about wire fraud and seller impersonation in traditional closings — problems with twenty years of pattern recognition behind them, where the playbook for defense is at least known, even when it’s underused. This one is about a problem that didn’t exist eighteen months ago, in a regulatory environment that hasn’t caught up, against a defender population (notaries) that has no realistic way to win the technical arms race on their own.

What Actually Fails

The audit trail captures the wrong things. The video recording proves the notarization happened — it doesn’t prove the human on the other end was who they claimed to be. The credential scan checks the document, not the person presenting it. KBA was always weak; the breach economy made it weaker. Even the newer biometric overlays — liveness checks, head-movement prompts — were designed to defeat 2019-era spoofing. They were not designed against an adversary who already knows what your liveness check looks like and has trained a model to pass it.

The notary trust gap, then, is this: the institution we rely on to be the human in the loop at the most fraud-sensitive moment of the closing has been quietly stripped of the tools to actually do that job, while the regulatory regime continues to treat their signature as if nothing has changed.

What “Doing Notary Right” Looks Like in 2026

The answer isn’t to abandon RON; the answer is to stop pretending that any single check is the whole defense. The right architecture scores the entire session — biometric signal, behavioral signal, device fingerprint, network metadata, document-handling patterns, and the historical record of every prior session from that device, that credential, and that IP — and treats discrepancies as evidence, not as a binary fail. Real-time. Out of the notary’s view, because the notary doesn’t need another dashboard.

If you’re running RON at any volume, your exposure right now is larger than your last security review suggested, because the threat landscape moved during the gap between that review and today. That’s not a marketing line. That’s the empirical pattern across every title operation that’s instrumented its sessions.

See how Sentinel scores notary sessions in real time — request a demo →