Identy.io, a leader in biometric identification, has achieved NIST ISO 30107-3 Level 2 Presentation Attack Detection (PAD) Certification with a perfect score for its Face SDK v6.3.0 application, positioning it as the only mobile biometric vendor at this level offering both server-based and full on-device liveness processing with robust performance.

The certification was awarded following independent testing conducted by iBeta Quality Assurance, an entity accredited by NIST/NVLAP. The testing adhered to ISO/IEC 30107-3 standards, involving 1,500 attempted attacks against the Identy.io platform. These attacks utilized various sophisticated methods, including silicone masks, 3D-printed faces, latex masks, and AI deepfakes.

During the tests, which were performed on a Samsung Galaxy S20 running Android 12 and an Apple iPhone 15 running iOS 17.5.1, Identy.io’s technology demonstrated zero fake acceptances and a near-zero rate of real user rejections, with only 1 rejection out of 550 attempts. This assessment represents an update to a prior third-party liveness certification the company received several years ago from the FIDO-certified lab IDIAP Research Institute.

Jesus Aragon, CEO and Founder of Identy.io, highlighted the increasing challenges posed by digital fraud. “Fraud is a 20-billion-dollar problem. Deepfakes and sophisticated spoofing attacks are rising at an alarming pace and make it extremely difficult to decipher what’s real from what’s fake,” Aragon stated. He emphasized the importance of technology that can withstand such advanced threats: “Technology like our Face SDK that’s proven to keep pace with next-level spoofing attacks through testing under these types of federal standards—with zero successful attacks and near-zero user friction—will shape government’s ability to protect against attacks of the future.”

Facial biometrics technology has diverse applications in government and law enforcement, including identifying and tracking missing persons and enhancing public safety at major events such as the World Cup and Olympics. Aragon noted that PAD protection alone is insufficient against the evolving threat landscape. “At Identy.io, we’ve excelled in providing protection against all forms of digital attacks, whether image injection through emulators, virtual cameras, app cloning, memory hooks and more. We’ll continue to stay ahead of all types of advanced threats,” he added.

In addition to its facial recognition capabilities, Identy.io offers touchless fingerprint technology, which uses a standard smartphone rear camera and LED flash to capture high-quality fingerprints without physical contact. The liveness detection for this technology has also received perfect scores from a third-party laboratory. This enables users to identify individuals instantly using either the front or rear device camera, across various environments including indoors, outdoors, and low-light conditions. Identy.io’s on-device processing for both mobile facial and finger recognition software ensures smooth performance, high-quality image capture, and interoperability with external systems, such as government or corporate matching databases.

Headquartered in the US with additional offices in Brazil, Mexico, Spain, and India, Identy.io specializes in digital identity verification using touchless mobile biometrics. The company advocates for multi-factor authentication and aims to replace traditional identity verification methods like passwords, tokens, or OTPs (One Time Passwords), which they believe do not adequately guarantee user identity. Identy.io partners with institutions to enhance identity security in their business processes through the use of touchless biometrics from mobile devices, ensuring secure and scalable biometric deployment with its liveness authentication protection.