March 9, 2024
In today’s digital landscape, remote identity verification has become crucial for ensuring security and trust. Facial biometric verification has emerged as one of the most secure and trusted methods. However, organizations require a level of confidence that they are choosing a proven solution.
Conformance testing plays a vital role in ensuring the effectiveness and integrity of biometric systems. It can provide a benchmark for accuracy, capability, and interoperability – which instils trust, enhances system performance, and reduces the risk of fraud or unauthorized access.
iProov, a pioneer in the biometric identity verification space, has undergone extensive efforts to make its Biometric Solutions Suite one of the most accredited, thoroughly tested, and robust in the world.
First, we will review iProov’s existing conformance testing framework certifications, and then consider how biometric security must go beyond those existing frameworks.
iProov Conformance Achievements
iProov has achieved the following certifications and accreditations, demonstrating commitment to industry-leading standards and best practices.
FIDO Alliance Certification
iProov Dynamic Liveness® is the world’s first FIDO-certified solution for remote Face Verification, accredited by Ingenium Biometrics. This certification represents a significant milestone in the field of biometric identity verification.
What is it?
The FIDO Face Verification Certification is the most rigorous evaluation program that assesses the reliability, usability, and security of remote identity verification systems.
What does it mean?
- Dynamic Liveness has undergone extensive evaluation of its face matching and liveness detection capabilities, conformant to ISO 19795 and ISO 30107 standards.
- The technology successfully thwarted every type of presentation attack, including photos, masks, face morphs, videos, and presented deepfakes.
- This certification confirms the solution’s robustness, affirming its unparalleled defense against evolving threats throughout the entire identity lifecycle.
- It sets a quality standard and highlights iProov’s ability to protect consumers from presentation attacks and presented deepfakes.
ISO/IEC 27001:2013
ISO is a standard that seeks to ensure organizations have adequate and appropriate information security management systems in place. It provides credibility that an organization is protecting customer data and taking data security seriously.
- Frequent voluntary audits by the British Assessment Bureau reinforce iProov’s commitment to protecting customer data.
- Our ISO Certificate number is 231387 and can be verified here.
SOC 2 Type II
SOC 2 is an internationally recognized standard that verifies the effectiveness of controls managing customer data in a cloud-hosted environment.
- This certification assures that iProov’s system is designed with suitable organizational controls to protect sensitive information.
- Linford & Co conducts annual audits, ensuring iProov’s ongoing commitment to data confidentiality and privacy.
- Learn more about iProov and SOC 2 Type II here
Web Content Accessibility Guidelines (WCAG) 2.2 AA
Web Content Accessibility Guidelines (WCAG) are an internationally recognized accessibility best-practice standard for digital experiences. All iProov facial biometric products are conformant to WCAG 2.2 AA, demonstrating iProov’s user-centric design, emphasising inclusivity and accessibility.
- iProov is the world’s first biometric vendor to conform, reflecting our dedication to setting industry standards.
- Conformance testing was carried out by external accessibility experts TetraLogical, a member of the W3C and contributor to standards, including WCAG.
- Learn more about WCAG 2.2 and the importance of “non-cognitive function tests” here
European eIDAS Regulation To Qualified Trust Service Level And eID Level Of Assurance High
iProov solutions conform to EN 319-401, certified by independent auditors including TÜV Austria and Ernst & Young for conformance to eIDAS Clause 24 1(d). In addition, it is modular certified as compliant with eIDAS regulations for the provision of biometric verification and authentication services, ETSI EN 319 411-1 and ETSI EN 319 411-2.
eIDAS Levels of Assurance refers to the “degree of confidence in the claimed identity of a person”. Conformance with LoA High provides confidence in the rigour and strength of the solution.
- iProov’s compliance with eIDAS regulations enables iProov to supply onboarding and authentication services to Qualified Trust Service Providers (QTSPs) throughout the European Union (EU) without complicated integration audits being required.
- iProov is the first to achieve LoA High conformance, setting the international standard for security.
- Learn more about the significance of eIDAS and iProov’s association here.
UK Digital Identity and Attributes Trust Framework (DIATF)
- iProov is a certified Digital Identity Service Provider (IDSP), having undergone a rigorous independent assessment.
- Annual audits by EY British Assessment Bureau attest to iProov’s adherence to the highest standards in technology, security, and processes.
iBeta ISO/IEC 30107-3 and ISO 9001-2015
iProov conforms to the relevant requirements of ISO/IEC 19795-1:2006 and ISO/IEC 30107-3:2017.
- Our methodologies for testing presentation attack detection sufficiently conform to ISO standards – audited by both iBeta and the UK National Physical Laboratory (NPL).
- iProov also conforms to ISO 9001:2015, audited by the British Assessment Bureau, ensuring comprehensive testing practices.
CSA Star Attestation
The CSA Star Attestation is the “industry’s most powerful program for security assurance in the cloud.”
- Annual audits by EY ensure iProov’s employees are professionally developed to achieve cloud security competency.
Australian IRAP (Information Security Registered Assessor Program)
- iProov conforms with IRAP in line with Australian Signals Directorate (ASD) policies and standards.
- Annual audits by Foresight establish iProov’s ongoing conformance to high-security standards set by the Australian government.
iProov has also been exhaustively tested outside of conformance standards: The Department of Homeland Security deployed cutting-edge techniques to spoof iProov, but were unsuccessful. iProov was also verified by the UK, Singapore, and Australian governments as part of their National Due Diligence.
In essence, these achievements signify iProov’s dedication to industry-leading standards, emphasizing the effectiveness of our biometric solutions and our commitment to user accessibility, data security, and global regulatory compliance.
Visit our Compliance Repository to learn more.
What’s The Difference Between Compliance And Conformance Testing?
Conformance testing is voluntary, whereas compliance with regulations is a legal requirement. For example, all entities that process data in the EU must be compliant with GDPR by law. Accordingly, iProov complies with the UK Data Protection Act and EU GDPR. Conformance testing, however, is not a legal requirement – organizations choose to conform to standards such as ISO, WCAG, eIDAS, and iBeta of their own volition.
If you are evaluating biometric vendors, examining which standards those vendors conform should be an important step in selecting the right supplier. Achieving conformance to a variety of standards indicates that a given biometric supplier has been third-party tested, and may identify if the vendor is equipped to meet your needs.
Limitations On Existing Conformance Testing For Biometric Solutions
Conformance testing is well suited for demonstrating adherence to relatively stable goals, such as the usability and accessibility of a technology.
But when it comes to biometric cybersecurity, the threat landscape is anything but static. Evaluation to ISO/IEC standards for presentation attack detection (PAD) are among the most common testing provided by certified, independent laboratories. But in today’s threat landscape, this does not go far enough.
Sophisticated attacks that involve digital injection, face swaps, and generative AI have skyrocketed. But he industry currently has no standards to certify a solution’s ability to detect and defend against digital injection attacks or metadata manipulation – leaving a vacuum that threat actors are eager to fill. It’s important to certify defenses against what we already know and understand, but biometric vendors also need to observe and understand novel, evolving threats like injection attacks in real-time – and be able to roll out defenses against them as quickly as possible.
Leading analyst Gartner urges businesses to choose a vendor that takes a proactive approach to security, after announcing that “30% of Enterprises Will Consider Identity Verification and Authentication Solutions Unreliable in Isolation Due to AI-Generated Deepfakes by 2026”. This highlights the need for biometric vendors to proactively address novel and evolving threats, rather than solely relying on testing against known attack vectors.
How Does iProov Go “Beyond” Conformance Testing?
Given the transformative nature of generative AI and the scalability of digital injection attacks, it is imperative that biometric security be actively managed 24/7. iProov monitors traffic in real-time through our iProov Security Operations Centre (iSOC) to detect attack patterns across multiple geographies, devices, and platforms.
This enables iProov to monitor attackers’ methods, sources, and patterns – and constantly adapt to them. You can read more about this in our 2024 biometric threat intelligence report.
By supplementing software with scientific analysis and human expertise, iProov delivers world-leading liveness technology that not only stops today’s threats but also mitigates those of tomorrow. Learn about our evolving and adaptive approach to security here.
Closing Thoughts
As evidenced through our array of certifications and achievements, iProov’s pursuit of industry-leading standards extends beyond “good enough”. By setting new industry standards, such as being the world’s first biometric vendor to achieve WCAG 2.2 AA conformance and eIDAS Level of Assurance High, iProov raises the bar for biometric security.
As we continue to navigate this dynamic landscape of biometric cybersecurity, iProov remains dedicated to staying ahead of emerging threats and consistently delivering world-leading liveness technology. For those assessing biometric vendors, our certifications and adaptive security measures demonstrate iProov’s capability to meet both existing and evolving needs.
- For more information please see our Compliance Repository.
- Sign up for a live, tailored demonstration of how iProov technology can support you.