This resource is provided free of charge by Jim McConnell, Principal Owner, Ask McConnell, LLC — a Converged Security Services Provider with 36+ years of experience. It is a starting point, not a legal standard. Please consult your legal counsel and insurance provider for requirements specific to your organization.
Jim McConnell | info@askmcconnell.com | askmcconnell.com
Applicant Tracking System (ATS) Enhancements
Updated: 04 August 2025
As recruiting fraud, job-seeker scams, and AI-generated fake applications continue to rise, Applicant Tracking Systems have become a front-line security tool — whether their developers intend them to be or not. The following 20 enhancements are Jim McConnell’s recommendations to ATS developers and HR technology vendors for improving the fraud, security, safety, and trust capabilities of their platforms. Organizations evaluating ATS vendors may also use this list as a capability scorecard.
These recommendations were submitted to and discussed with ATS vendors and LinkedIn’s Executive Escalation team. They reflect real gaps observed in live recruiting environments — not theoretical risk.
| Tracking # | Enhancement Description |
|---|---|
| ATS-2025-001 | Limit applicants to certain GeoIP (basic on job country, or high-risk countries) |
| ATS-2025-002 | Block IP Addresses or blocks of IP Addresses from applying |
| ATS-2025-003 | Support a cross-ATS industry IOC IP/email block list |
| ATS-2025-004 | Ability to stream ATS (login, email, transactional) event logs to common SIEMs / SIEM formats |
| ATS-2025-005 | Ability to flag / notify clients when applicants show high velocity login or application submission |
| ATS-2025-006 | Allow for uploading of headshot (require by default) |
| ATS-2025-007 | Allow for upload of photo ID (require by default) |
| ATS-2025-008 | Allow for comparison of photo ID to headshot (require by default) |
| ATS-2025-009 | Ability to search and alert on job descriptions appearing on platforms not explicitly pushed to via the ATS |
| ATS-2025-010 | Support 2MFA for all users (require by default) |
| ATS-2025-011 | Ability to red-flag applicants where their email, phone, or IP address does not match the same country |
| ATS-2025-012 | Ability to detect, alert, and block on referral codes being misused |
| ATS-2025-013 | Ability to detect, alert, and block on referral employee information being misused |
| ATS-2025-014 | Ability to support CAPTCHA before submission (require by default) |
| ATS-2025-015 | Ability to have Red Flag indicator support |
| ATS-2025-016 | Ability to support an ATS-developed or client-developed AI / LLM to detect fraudulent applications |
| ATS-2025-017 | All logs (see #004 above) include IP address whether from login, transaction actions, or email (pulled from SMTP headers) |
| ATS-2025-018 | Red Flag alerts where IP address is a known (industry) AUP violator or known-bad email domain |
| ATS-2025-019 | Ability to scan attachments and any included URLs through tools like VirusTotal |
| ATS-2025-020 | Ability to check submitted resumes for partial duplicate content across applicants and job postings |
🖶 To save or print this document, use your browser’s Print function (Ctrl+P / Cmd+P) and select “Save as PDF” if needed.