For immediate release: 29 August 2019

The Biometrics Institute has launched a new guiding document to provide clarification around presentation attack detection (PAD) and liveness. The document explains what PAD and liveness is and suggests some general considerations and questions users may want to ask when choosing a biometric product. It also points to standards and additional information sources available.

Biometric data, obtained either directly or covertly from a person online or through hacked systems, is sometimes used to attack a biometric system by creating spoofs or fakes. This attack might use a printed photo, an image or video of a person on a tablet or by presenting a 3D mask or fake silicone fingerprint. A biometric spoof that is detected when presented to a biometric sensor is known as presentation attack detection.

The specific detection of whether a sensor is viewing a live biometric – as opposed to a recording, picture or another non-living spoof – is commonly known as liveness. Liveness detection is therefore a subset of the potential attacks that might be detected through PAD.

Isabelle Moeller, the Biometrics Institute’s chief executive says, “We’re pleased to add this PAD document to our growing suite of guiding materials. Spoofing attacks pose a high security risk for those involved with biometric technology operations, so mitigating the risk and understanding presentation attack detection better is a priority for our members and stakeholders.”

The document is the result of consultation with the Biometrics Institute Security and Integrity Expert Group (BSIEG), which comprises a broad spectrum of security and authentication specialists from around the globe.

Ted Dunstone, head of the BSIEG says, “When it comes to good practice in biometrics, testing for vulnerabilities and accuracy, alongside privacy and IT security, are key areas for review. Seriously considering the risk of a presentation attack and devising appropriate countermeasures is highly recommended.”

The Biometrics Institute invites members to deepen their understanding of biometric vulnerabilities further at a new half-day workshop: Biometric Vulnerabilities – how robust is your system? in London on 28 October 2019. The workshop will take place as part of the Biometrics Institute Congress and Biometrics Week 2019 and will focus on biometric vulnerabilities, presentation attack detection, testing, accreditation and red-teaming (rigorously challenging assumptions by adopting an adversarial approach). The workshop will be run by Stephanie Schuckers, head of the Biometrics Institute Academic Research and Innovation Group and director of the Center of Identification Technology Research (CITeR), and Ted Dunstone, head of the Biometrics Institute Security and Integrity Expert Group, and CEO of Biometix.

Other guiding materials available to Biometrics Institute members include:

• Universal Privacy Guidelines for Biometrics
• Understanding Biometrics – Considerations for Implementing a Biometric System
• Ethical Principles for Biometrics
• Top 10 Vulnerability Questions
• Annual Industry Survey

Members can download the PAD document here.

ENDS

Notes to editors:

The Biometrics Institute is the independent and impartial international membership organisation for biometric users and other interested parties. It was established in 2001 to promote the responsible use of biometrics and has offices in London and Sydney.

With more than a thousand members from 240 membership organisations spread across 30 countries, it represents a global and diverse multi-stakeholder community. This includes banks, airlines, government agencies, biometric experts, privacy experts, suppliers and academics.

The Biometrics Institute connects the global biometrics community. It shares knowledge with its members and key stakeholders and most importantly, develops good-practices and thought leadership for the responsible and ethical use of biometrics.

For more information, please email Claire Fox Baron: clairefb@biometricsinstitute.org