FaceTec introduces scannable protocol for privacy-preserving biometric online IDV

A new biometric protocol for online identity verification has been developed by FaceTec for use with a wide range of end-user devices.

UR Codes store face biometric data which is digitally signed and binds the code-holder with their identity data. FaceTec says in an announcement that they provide unprecedented confidence, and protect the privacy of the user with signed data that cannot be reverse engineered into a facial image.

The UR Code protocol uses quick response (QR) encoding, and can be compared to the three dimensions of a live person’s face, or scanned by an application with free matching software for biometric matching and liveness detection. A single UR Code can also store multiple faces or biometric modalities.

Asymmetrical digital signatures enable validation while providing anti-tampering protection. The protocol combines security and privacy by design with universal support and very low implementation costs, FaceTec says.

The issuing authority encodes data from a 2D photo or 3D FaceMap, plus the appropriate PII for the use case and an account number. The biometric data, PII and account number are bound together for fast, safe and low-cost two-party interactions, with no PII passed to third parties.

The codes can be displayed on a screen or printed, including on ID documents like birth certificates or other official documents like diplomas or credit cards. They can be stored digitally in mobile driver’s licenses (mDLs), digital wallets, photo reels or blockchain.

FaceTec says its biometric matching delivers a false acceptance rate (FAR) of 1 in 2 million at a false rejection rate (FRR) of less than 1 percent.

The face verification software will be offered as a standalone product and built into FaceTec’s identity verification software suite. The FaceTec software suite is installed 2.6 million times each day, on average, and has been installed 1.8 billion times, according to the announcement.

Addressing an altered landscape

Online identity verification is typically performed with an uploaded photo of an ID document and a selfie for biometric comparison, FaceTec notes. This personally identifiable information (PII) is then passed onto a third-party KYC service, which must determine the authenticity of the document that forms the root of trust, for processing. The introduction of generative AI renders this approach impractical, and creates a need for a long-term solution for users, identity issuers and relying parties alike.

FaceTec compares the innovation to the launch of electronic biometric passports containing NFC chips back in 2005, which it says is the most notable attempt to fix identity security. The company acknowledges the security of this approach, but notes that challenges with usability, durability, and prohibitive costs prevent it from being use in most ID documents.

The company’s SVP of North American Operations Jay Meier argued that for maintaining the trustworthiness of digital IDs, “what matters is whether the stored data, however and wherever it’s stored, cannot be reused” in a recent examination with Biometric Update of the Digital Travel Credentials derived from the ICAO 9303 standard for biometric passports.

FaceTec says it is committed to keeping UR Codes free to encode for government entities issuing IDs, schools, non-profit and humanitarian organizations.

Demos are available for both UR Code encoding and verification.

Article Topics

biometric matching  |  biometrics  |  face biometrics  |  FaceTec  |  facial verification  |  identity verification  |  QR code  |  selfie biometrics  |  UR Codes