Biometric user verification has become a popular way to replace passwords and PINs, but the lack of an industry-defined programme to validate performance claims has led to concerns over variances in the accuracy and reliability of these solutions.
To fill this gap, the FIDO Alliance today announced its Biometric Component Certification Programme - the first such programme for the industry at large. The programme utilises accredited independent labs to certify that biometric subcomponents meet globally recognised performance standards1 for biometric recognition performance and Presentation Attack Detection (PAD)2 and are fit for commercial use.
The FIDO Alliance aims to deliver several benefits to providers and users of biometric recognition systems through the new Biometric Component Certification Programme. Until now, due diligence was performed by enterprise customers who had the capacity to conduct such reviews. This required biometric vendors to repeatedly prove performance for each customer. The FIDO Alliance programme allows vendors to test and certify only once to validate their system’s performance and re-use that third-party validation across their potential and existing customer base, resulting in substantial time and cost savings. For customers, such as regulated online service providers, OEM’s and enterprises, it provides a standardised way to trust that the biometric systems they are relying upon for fingerprint, iris, face and/or voice recognition can reliably identify users and detect presentation attacks.
“The lack of standards has long been an issue in biometrics, forcing security professionals to ‘get deep in the weeds’ to not only understand the attributes that are important but subsequently evaluate vendors on those attributes. An unbiased Alliance-based certification programme expedites solution evaluation for companies but also eases adoption by providing assurances to the C-suite of proper choice,” said Frank Dickson, research vice president, IDC.
“With biometrics being a popular option for mobile and web applications implementing FIDO Authentication, there is a growing need for those service providers to appropriately assess the risk of fraud from lost or stolen devices. While border control and law enforcement markets have mature assessment programmes for their biometric systems, we were surprised that no such programme existed for this rapidly growing consumer market,” said Brett McDowell, executive director of the FIDO Alliance. “As an organisation that is driven by our members’ real-world business requirements, and already experienced at delivering globally scalable high-quality certification programme, the FIDO Alliance was the organisation our members chose to fill this gap in the market.”