Biometric PAD testing reaches record numbers

Tests to confirm compliance with the international standard for biometric presentation attack detection have increased in number in recent years, and reached an all-time high last year.

iBeta Quality Assurance recently reached 100 biometrics providers confirmed compliant to the ISO/IEC 30107 standard for PAD, by AxonLabs’ count.

There were 46 confirmation letters to 36 PAD providers published in 2024, marking a significant increase from the previous high of 35 in a year, set in 2022. Of the 46 passed tests, 16 were for Level 2, 5 above the previous high set in 2021 and matched in 2023.

There are many familiar biometrics providers among those passing PAD tests, including Idemia, Thales, Veridas and Veriff from Europe, SenseTime, Tencent and Suprema from Asia. An increase in the PAD evaluations of Asia-based biometrics providers was noted by Biometric Update last year, and that trend continued throughout 2024, with half of the companies receiving compliance confirmation based in the region. Singapore-based rideshare platform Grab and ecommerce platform Shopee are notable as business for which biometrics is not part of their core.

BixeLab, Ingenium, Fime, CLR Labs, TÜViT and the Swiss Center for Biometrics Research and Testing (SCBRT) within the Idiap Research Institute are among the world’s few other labs accredited for ISO 30107 testing.

The “2025 Face Liveness Market Analysis & Buyer’s Guide” from Biometric Update and Goode Intelligence features explanations of the importance of PAD compliance evaluations and insights from leading biometrics testing labs around the world. One of the insights they shared is that the results of tests performed more than a few years ago may become stale and unhelpful to business that must rely on their effectiveness.

But renewals do not yet appear to be on the agenda for liveness providers, with no renewals publicly announced of an identical system previously confirmed PAD standard-compliant. The majority of tests have been performed within the past five years, however, so PAD compliance confirmation renewals may be a future development to watch for.

Despite the growing prominence of the PAD tests and their status as table stakes for many implementations, a few misconceptions persist. Among them, the incorrect impression that passing the test earns the provider “certification.”

Evaluations beyond ISO

Most of the liveness detection technologies referred to above are for face biometrics, but spoof attacks and therefore PAD testing can include any modality.

Union Biometrics has announced that its biometric authentication terminal, UBio-X LiveGuard, has passed a test of fingerprint spoof protection by the Korea Internet & Security Agency (KISA). The company has been awarded first-class certification for the PAD system, according to the announcement.

And the test of liveness detection as track three in the U.S. Department of Homeland Security’s (DHS’s) Remote Identity Validation Technology Demonstration (RIVTD) provides a snapshot of the state of the art.

Aware has revealed that it was one of the vendors submitting a passive PAD system to RIVTD, and says that it scored best-in-class performance.

FIDO biometrics testing also includes a PAD component.

Article Topics

AxonLabs  |  biometric liveness detection  |  biometrics  |  iBeta  |  ISO standards  |  ISO/IEC 30107-3  |  passive facial liveness  |  presentation attack detection  |  Union Biometrics