July 24, 2017 -
Biometrics companies may have more options than they realize to improve their technologies and prove their credibility by testing them against established standards. Different standards for biometrics application performance are still evolving, along with the technology and markets for those applications. A standard originally set for Electronic Prescription of Controlled Substances (EPCS) is benefiting a growing number of companies, including ones that do not offer technologies for that particular application, says Gail Audette, quality manager for leading independent testing firm iBeta.
Standards provided by the International Organization for Standardization (ISO) tend to be the most well-known in many fields, including biometrics. However the Drug Enforcement Agency (DEA) EPCS Biometric Subsystem Certification provides an opportunity to test to a different, federally recognized standard, Audette told Biometric Update in an exclusive interview.
“We happen to offer testing for use in electronic prescribing that is a certification process for biometric devices, and a lot of our customers are drawn to that type of testing because it is faster and lower cost than the graded performance ISO standards,” Audette says. “We can test a biometric vendor against the federal DEA regulations and those results are published. The clients get testing, and they get the publicity of having a report that can compare to all the other modalities, from an independent third-party test lab, posted right on our website.”
iBeta is the only company accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP) for biometric test procedures in accordance with ISO/IEC 17025:2005. Its biometric testing services for all biometric modalities can provide certification and help companies meet standards for FAR and FRR to ensure security and a low-friction user experience. End-to-end testing on live subjects enables iBeta to do this while also effectively evaluating spoofing and liveness detection capabilities, Audette explains. “Just doing the matching part of it with static data is too small a piece of the puzzle to provide results to a client who’s thinking of using this in their banking system or health system.”
iBeta tests custom hardware provided to it by clients, but most of iBeta’s customers want to test a biometric solution’s effectiveness on certain popular mobile devices and platforms. The company has noted an increase in SDKs and iOS apps since the full launch of TouchID, as well as increasing adoption of biometrics for banking and credit card-related applications.
The DEA’s EPCS certification became effective in 2010, and its biometric subsystem requirements include a false match rate of 0.001 or lower, and that this rate be established at a DEA-approved laboratory. It also requires that the system conform to NIST Personal Identity Verification authentication biometric acquisition specifications, and that it protect biometric data, among other criteria.
Electronic subscriptions control systems are a growing field, with regulatory changes such as New York moving to all electronic prescriptions in 2016. Beyond that, however, the standards give EPCS certification value for biometrics companies, openly assuring prospective customers and partners that their systems have been proven effective by independent, third-party testing against strong, nationally recognizes standards.
“We’re seeing customers come to use that may not even be thinking about the health care space and electronic prescribing,” Audette says, “but we’re able to offer them a certification to a federal standard that’s publicly posted.”
While testing to the EPCS standard provides both product insight and assurance, it can be completed in a month, or even less, according to Audette. Despite this, many companies are not aware of the standard, or its potential benefit to them.
“Some companies come to us specifically for EPCS certification, a lot just need something,” Audette point out.
iBeta tests the effectiveness of biometric systems with a wide demographic range of individuals, including subjects of different sexes, ages, ethnicities and occupational backgrounds, which can impact accuracy. This definitively shows the tested system’s capability for uses such as banking applications, in which it is intended to deliver frictionless use for the whole population.
NVLAP is also a signatory to several international mutual recognition arrangements, including the International Laboratory Accreditation Cooperation (ILAC), enabling iBeta’s accreditation to be recognized throughout the world. Testing by an organization which is both highly accredited and fully independent provides the best quality of information, and the strongest assurance of accurate, credible results, Audette stresses. “If a vendor is not getting independent results published, then they are going to have to defend their own results to their clients.”
In an increasingly competitive market, having performance independently verified by a leading nationally accredited laboratory gives biometrics providers credibility, and gives their potential customers confidence.