Visions for future of digital identity verification converge around interoperability
The question of who will vouch for you applies everywhere from the underworld to the most exclusive social clubs, and it is increasingly central to biometrics and remote identity verification. But instead of secret handshakes, the ID verification sector uses standards and certification as the badges and codes that show its members who can be trusted.
FIDO opens the box on face verification certification program
In a recent webinar sponsored by iProov, Dr. Stephanie Schuckers and others open the hood on the FIDO Alliance’s pioneering face verification certification program, to explain why certification matters in a compliance-based industry that deals in trust – and is currently undergoing a massive shift powered by AI, including a surge in new kinds of identity fraud.
FIDO’s program is the first biometric testing initiative for remote face verification and the only one to integrate face matching, liveness detection and bias testing. Citing the increasing flimsiness of passwords as a security solution and the steady uptake of FIDO’s passkey certification program, the panel looks ahead to a future in which secure identity verification technology and regulatory standards can work in concert to preserve privacy and reduce fraud.
Matching, liveness, bias three key requirements for FIDO face verification test
Face verification certification, says Schuckers, boils down to three requirements.
“The first relates to matching,” she says – “the thing that everybody thinks of first when they think of biometrics. How well does the thing match? And so we are measuring that. But the other key component to make a biometric work is what we call liveness, formerly known in the ISO standard world as ‘presentation attack detection’. How well does the system reject attempts to fake or bypass the system settings through uses of images or deep fakes? And the third major aspect is related to equity. Does the solution work well for all?”
Schuckers says what differentiates FIDO’s program is that it is an end-to-end test. “We’re not just looking at one little piece like matching or the liveness. We’re looking at the end-to-end performance, as a customer might see it. It’s very important to do this kind of testing, because it relates to the overall security of the system as you put everything together, but also relates to the customer experience. And I know that’s a priority for many folks, to ensure that this is an easier solution than what might have been in place.”
Head of Product for Biometrics at iProov Anthony Lam says the market has been waiting for a hybrid certification of this kind, which is reflected in enthusiastic uptake internationally. “It was waiting for something that really combined three aspects of matching liveness and bias and equity,” Lam says. “We’ve seen adoption in Southeast Asia, where the Vietnamese and the Malaysian central banks are looking to bring this into some of their programs or requirements.”
Three key metrics measure matching capability, defense against attacks
Lam breaks the program’s key requirements down into a trio of key metrics. Impostor Attack Presentation Acceptance Rate (IAPAR) must be <4.0 percent; Lam says FIDO’s is the first certification program to factor deepfakes into the process at any scale. For matching, the required False Rejection Rate (FRR) is <7.0 percent and the required False Acceptance Rate (FAR) is <1.0 percent.
“It’s a very adept set of tests that the lab performs on the product,” Schuckers says. “That end-to-end testing is critical to truly understand the user experience.”
FIDO Director of Certification Paul Heim says the requirements are not, however, all about the customer, but about striking a balance such that the program is feasible to vendors. “FIDO certification has been a balancing act against multiple programs, and I think we’ve nicely set the start line here on requirements for face certification. As more evaluations and more products get certified, we’ll also see the industry driving requirements that also help push this program forward.”
Equity and bias formally enters the standards mix
With an ISO standard on demographic differentials on the horizon, the issue of equity or bias is set to become even more central to the conversation about biometric technology. Schuckers says the digital identity community has been working hard to address the problem, both from a “product point of view – which is what the companies are doing” and also from a more philosophical and research-oriented perspective.
“How do we progress this so you can trust it, right? That’s where the certification comes in, and that’s why we’re doing this testing. We’re leaning on the experts across the world that are heavy in this space, developing the ISO standards, running studies, doing the hard research that it takes. This is not an easy problem. So this definition is by no means everything that we can look at. But it’s a good start, in that we consider skin tone and gender as well as age range.”
“We’re proud that we’re the first to come out with a program like this that’s open to the international community, with an international set of accredited labs to deliver on the certification.”
Intersekt panel finds ‘some good nuggets’ in fractured digital ID ecosystem
The future of identity verification was also front of mind for panelists at the recent Intersekt fintech conference in Australia. Speakers from IDVerse, ConnectID and the Department of Government Services discuss what can be expected from the digital ID market in the coming years – and the answer is complex.
“Inherently, doing identity proofing is simple,” says Paul Warren-Tape, general manager of risk and compliance for IDVerse. “I am who I say I am: I can turn up with a government-issue document and go, ‘Hello I am Paul.’ But there’s so much complexity underneath because of all of our frameworks,” multitudes of documentation, and the tireless innovation of fraudsters.
Warren-Tape says Australia is still number one in the world for cyber breaches “because we’re using physical identity documents in a digital world.”
“Identity proofing strength has to be at the highest level when we start talking about moving into the digital sense, because if we don’t have strong identity proofing and some fraudster gets a digital identity they have just got free reign to go everywhere. So we really need to think and concentrate on those frameworks.”
Come together right now on interoperability
Interoperability between frameworks, however, remains a core challenge. Andrew Black, managing director of ConnectID, notes the various efforts to mount a cohesive digital ID project, including Ausroads work on aligning mobile drivers’ licenses with ISO standards, and the federal government’s digital identity Trust Exchange. But, he says, between and among the public and private sectors, “there’s a lot of work to do to connect the dots up.” And current efforts, including the Digital ID Bill, are not moving at the rapid pace of fraud.
“What annoys me to a degree,” says Warren-Tape, “is there’s technology now which can solve the problem. What we don’t have is the regulation and people following that consistently in order to solve the problem. Fraud is rife, it’s on the rise, GenAI just created another toolbox for fraudsters to start using. We’ve got the tools at our disposal; they’re just not being used consistently – and the inconsistency is the problem.”
The full conversation is available here.
Article Topics
biometric liveness detection | biometric matching | biometric testing | biometric-bias | digital identity | Entersekt | facial verification | FIDO Alliance | interoperability | standards
Comments