As online transactions become more common, so does the risk of identity fraud. According to the TransUnion 2023 State of Omnichannel Fraud Report, identity theft fraud has increased by 81% between 2019 and 2022, with synthetic identity fraud witnessing an alarming 132% surge.
To address these challenges, the National Institute of Standards and Technology (NIST) has taken a proactive approach through its pioneering evaluation of Presentation Attack Detection (PAD). In this blog post, we will dive deep into what the NIST PAD assessment entails, spotlighting Veridas’ exceptional performance in this critical domain.
Understanding Presentation Attacks
According to the NIST, a presentation attack is a deliberate act of tampering with the functioning of a biometric system by presenting forged or altered biometric data. Simply put, it involves manipulating the system by submitting fake or corrupted biometric information.
Imagine a scenario where a fraudulent actor attempts to deceive a facial recognition system using a photograph or video of someone else’s face, trying to gain unauthorized access to secure areas or sensitive information.
Such deceptive practices, referred to as presentation attacks, pose a significant threat to the integrity of biometric systems, demanding robust liveness detection software to distinguish between genuine and fraudulent attempts.
The Evaluation Process
NIST’s meticulous evaluation emphasized impartiality, ensuring all participants entered on equal terms without prior knowledge of the assessment criteria or attack types. This approach minimized potential biases, contributing to a fair and comprehensive provider comparison.
The evaluation process included a thorough assessment of 82 software algorithms from 45 distinct providers, making it one of the most comprehensive evaluations to date.
NIST strategically divided the evaluation scenarios into two primary use cases:
- Impersonation, where attackers attempt to assume false identities.
- Evasion, where the goal is to conceal true identities to avoid detection.
In the context of Identity Verification, impersonation is more pertinent, while evasion is better suited for surveillance and identification contexts.
The evaluation process was designed around two key points specified by the ISO/IEC 30107-3[2] standard: one focusing on user convenience and the other on system security.
- The convenience point (APCER @ BPCER = 0.01) aims to uncover undetected presentation attacks while minimizing false alarms.
- The security point (BPCER @ APCER = 0.01) aims to reveal how often genuine users were wrongly flagged as attackers while keeping security levels to the maximum.
These metrics, dictated by the ISO standard, allowed for a balance in error rates, ensuring a fine-tuned approach to decision-making in biometric systems.
It is imperative to highlight that NIST only evaluates the algorithm for Presentation Attack Detection rather than the entire system. Therefore, results do not fully reflect a company’s capability to prevent fraud attempts, as various other factors contribute to the overall system’s effectiveness.
Veridas' Performance and Success
Veridas has established itself as a front-runner in the field of Presentation Attack Detection, demonstrated by its iBeta Level 2 certification, adhering to the ISO 30107-3 standards since April 2022.
The company has actively participated in critical evaluations such as NIST FRTE 1:1 and 1:N and NIST FATE PAD, positioning itself as a leader in delivering exceptional results across all assessments.
Notably, its ongoing advancements are evident in the remarkable progress of its Presentation Attack Detection engine, now four times more precise than the version presented to NIST in February.
Veridas’ dedication to comprehensive security solutions is highlighted by its robust liveness detection capabilities, leveraging active and passive liveness detection technology.
This solution has enabled Veridas to detect over 99% of technology impersonation attacks according to real-production data, showcasing the company’s relentless commitment to safeguarding biometric systems in real-world environments.