Contractor Screening: Three Red Flags Uncovered
A strong CV. A clean background check. Two references describing him as excellent. "Ross Bennett" presented well for a senior IT security consultancy role at a London financial services firm. Pre-engagement P300 EEG screening was the last check in the process. It found a false certification, a concealed previous employer, and an undisclosed professional sanction — in a single 90-minute session.
Important Privacy & Legal Notice
Anonymisation: All names, company identifiers, and identifying details have been fully anonymised. "Ross Bennett" and the client organisation are not their real names.
Consent: The contractor consented in writing to P300 EEG screening as a disclosed condition of the pre-engagement process before the session took place.
Legal framework: Organisations considering P300 EEG contractor screening should obtain independent legal advice on UK GDPR compliance, proportionality, and sector-specific data processing requirements before implementation. This case study is illustrative only and does not constitute legal advice.
Background
A financial services firm in London had engaged a specialist contractor for a twelve-month IT security audit project. The role required deep access to internal systems, client data environments, and security architecture documentation. It was, by any measure, a high-trust engagement.
The firm had introduced P300 EEG pre-engagement screening twelve months earlier following an incident with a previous contractor whose credentials had not been as represented. The screening was disclosed to all shortlisted candidates at the point of preferred-candidate notification, with explicit written consent required before the session. Three candidates had declined since its introduction — none had been engaged.
"Ross Bennett" (anonymised) had passed the firm's standard background checks without issue. Enhanced DBS clear. Employment references from two previous clients, both positive. Certification documents provided and verified against the issuing body's online checker. He appeared, on paper, to be exactly what the firm needed.
He attended the P300 EEG session with, by his account, no concerns. The session returned findings across all three probe sets.
The three red flags — summary before detail
The certification was fabricated
Ross had submitted a certificate document and verification code that cleared the issuing body's online checker. P300 EEG established that he held no neurological memory of having genuinely studied for or completed the qualification — his brain had no knowledge of the course content, examination process, or specific technical material the certification covers.
A 14-month "independent consulting" period concealed a dismissed role
Ross's CV described a 14-month period as independent freelance consulting. P300 EEG established that he held neurological memory of having worked for a specific organisation during that period — one not listed on his CV, and from which he had subsequently been dismissed following a client data handling incident.
He had been removed from a professional register
Following the client data handling incident in red flag 02, a professional body had issued a formal sanction and suspended his registration for 18 months. He had not disclosed this. P300 EEG established that he held specific neurological knowledge of the sanction process and its outcome.
What Each Check Found — and Missed
| Check | False certification | Concealed employer | Professional sanction |
|---|---|---|---|
| Enhanced DBS | — Not applicable | — Not applicable | ✓ No criminal record |
| Reference checks | — Not tested | ✗ Covered 2 of 3 roles only | ✗ Referees not aware of sanction |
| Certificate verification | ✗ Document checked — not knowledge | — Not applicable | — Not applicable |
| P300 EEG screening | ⚡ False — no genuine study memory | ⚡ Concealed — real employer identified | ⚡ Confirmed — sanction knowledge present |
The certificate document that passed the online verification checker was authentic in the sense that it existed in the issuing body's system — it had been fraudulently obtained by another individual and its verification code used by Ross. Document verification confirms the existence and format of a certificate. It cannot confirm that the person presenting it is the person who earned it, nor that they hold the knowledge the qualification represents. P300 EEG tests the knowledge directly.
The P300 Data: Three Probe Sets, Three Findings
The waveform graphs below show the P300 data from Ross's session — specifically the response to the probe stimuli on Probe Set 1 (certification) versus a genuine contractor tested for comparison. All three probe sets returned similar patterns; Probe Set 1 is shown in detail because the false certification finding is the most counterintuitive — it demonstrates how P300 EEG catches what document verification cannot.
Event-Related Potential (ERP) — Pz Electrode · Pre-Engagement Screening Session
Left: Ross — probe stimuli contain genuine course content of claimed certification. Right: Comparison — a contractor who holds the qualification legitimately. Blue region = P300 analysis window (250–450ms)
All three probe set findings — Ross's session
Probe Design
Probe Set 1 — Certification knowledge verification No genuine knowledge
Stimuli drawn from specific technical content within the claimed certification's curriculum — module-specific terminology, examination scenario formats, and procedural frameworks that are specific to this qualification and not available through general professional reading. A genuine holder of the certification stores these as real learning experiences. Ross produced probe responses indistinguishable from control responses across all stimuli — his brain had encountered none of the material before. The certification document existed; the knowledge behind it did not.
Probe Set 2 — Employment history completeness Concealment indicated — 94%
Stimuli including the name, location, and specific internal terminology of the organisation hypothesised as the missing employer — built from open-source analysis of Ross's professional activity during the declared gap period. A person who had never worked there would produce no recognition response to these specific internal details. Ross produced a 12.7 μV P300 peak at 309ms — consistent with strong neurological familiarity with the organisation and its internal environment.
Probe Set 3 — Professional sanction knowledge Confirmed — 91%
Stimuli built around the specific procedural details of the professional body's sanction process — investigation stage names, outcome categories, and registration status terminology that only an individual who had been through the process would hold in neurological memory. Ross produced an 11.9 μV P300 peak at 322ms — consistent with having experienced and retained the specific details of a formal sanction procedure.
Results
Key Investigation Findings
- Probe Set 1 (false certification) returned the inverted pattern — an absence of P300 response to the probe stimuli — consistent with having no genuine knowledge of the qualification's content. The certificate document existed and verified; the underlying knowledge did not. Document verification and knowledge verification are different tests.
- Probe Set 2 (concealed employer, 94%) identified the specific organisation from the CV gap period through neurological recognition of internal terminology and environmental details — information not available from public sources and only familiar to someone who had worked there.
- Probe Set 3 (professional sanction, 91%) confirmed knowledge of the specific sanction process — detail-level familiarity consistent with having been through it, not merely being aware of its existence from professional literature.
- Standard background checks, references, and document verification had returned clean results on all three areas. None of the conventional pre-engagement checks had a mechanism for testing what the brain knows rather than what documents say.
- Ross's conditional offer was withdrawn on the same day as the session. The investigation findings were documented in the firm's recruitment file. No further action was taken — the firm's obligation was to not engage him, which was accomplished. The professional body was notified as a courtesy.
What This Case Demonstrates
Document verification confirms the document — not the knowledge behind it
The most counterintuitive finding in this case is the certification. The document verified. The online checker confirmed the code. The certificate was real — it had been legitimately issued to someone else, and Ross was using its verification credentials. Document verification at this level is now a sophisticated, well-funded fraud category. P300 EEG addresses it by testing the actual knowledge that a qualification represents. You cannot fake the neurological memory of having learned something any more than you can fake the memory of having been somewhere.
CV gaps require specific scrutiny in high-trust roles
Ross had described fourteen months as independent consulting. This is one of the most common CV presentations for a period that ended badly — it is unverifiable by reference, plausible for any senior professional, and provides a clean explanation for a gap that would otherwise require explanation. P300 EEG is specifically effective at gap period screening because it tests neurological familiarity with specific organisations and environments — something that cannot be fabricated regardless of how the CV describes the period.
The role of consent in making screening effective
Three candidates had declined screening since the firm introduced this process. None had been engaged. The three who declined are not cases — the process cannot determine what they were concealing, if anything. But the disclosure requirement serves a deterrent function alongside its evidential one: individuals with significant undisclosed history must calculate whether to consent and be found out, or decline and be declined. The firm described this as an intended secondary effect of the process, not a coincidence.
Engaging High-Trust Contractors?
P300 EEG pre-engagement screening tests what documents cannot — the knowledge behind qualifications, the reality behind CV gaps, and the completeness of professional disclosure. Disclosed to candidates at offer stage. Same-day result. Written report with EEG data.