Australia plans biometric liveness detection refresh for national digital ID

Australia plans to contract a biometric liveness detection capability to support the country’s national digital ID and protect it against advanced spoof attacks and emerging fraud threats.

The Australian Taxation Office (ATO), which manages myID within the Australian Governments Digital ID System (AGDIS),  has published an RFI for biometric liveness detection.

The government is also in the process of opening up the AGDIS to private sector identity verification providers.

The “Biometric Verification Capabilities to Support myID” must come as a SaaS solution, and support peak workloads of 10,000 verifications per hour with 95th percentile responses within one second.

The myID system is working towards adding two new identity proofing levels. IP1+ involves the confirmation of the individual’s name and date of birth through identity document verification. IP2+ includes authentication with Australia’s Face Verification Service (FVS) plus liveness detection.

ATO is hoping for responses from suppliers with identity verification expertise, particularly related to liveness detection and facial image capture, biometric matching and credential validation through technologies such as NFC.

The agency specifically wants to address advancements in liveness detection since 2021, when its current capability was sourced from iProov. Scalable biometric authentication is also a concern, given that myID is up to 14 million users, and the ATO also wants a capability to assess non-Australian ID documents for Australians living overseas.

Requirements include sufficient image quality capture for biometric comparison, based on ISO/IEC 29794-5. Biometric presentation attack detection (PAD) that “meets at least Evaluation Assurance Level 2 (Level B) as defined by ISO/IEC 30107-3:2023 and the Digital ID (Accreditation) Data Standards” must be present and integrated as part of a “single continuous process.” A qualified third party must attest to that level of PAD compliance.

The face biometrics matching algorithm must return a False Match Rate (FMR) of 0.01 percent or lower at a False Non-Match Rate (FNMR) of 3 percent or less, at a 90 percent confidence threshold, in line with ISO/IEC TS 19795-9:2019.

The tender documents also outline security, availability, maintenance and reporting requirements.

ATO does not indicate its budget for the capability, but the three-year contract iProov signed in 2021 was worth $10.7 million Australian (roughly US$8.3 million at the time). That was before the myGovID app was rebranded as myID.

Responses are due by May 28.

Article Topics

Australia  |  Australian Government Digital Identity System (AGDIS)  |  biometric liveness detection  |  face biometrics  |  myID Australia  |  presentation attack detection  |  procurement  |  tender