Incode Technologies, a global leader in identity security and fraud prevention, announced today that its face liveness technology has achieved Level 3 Presentation Attack Detection (PAD) conformance under ISO/IEC 30107-3, independently validated by iBeta PAD testing on both iOS and Android platforms with zero errors.

The achievement signifies that Incode’s technology successfully protects digital onboarding and authentication processes against sophisticated spoofing attempts such as printed photos, video replays, and advanced 3D masks. Ricardo Amper, Founder & CEO at Incode, stated, “We are the first company to independently achieve iBeta Level 3 conformance on both iOS and Android – with zero errors and without adding friction to users. That combination matters. It proves we can meet the highest bar for liveness assurance while keeping onboarding fast and easy, even in regulated and high-risk environments.” Incode’s solution is passive, completing verification with a single selfie, which minimizes user friction compared to challenge-based methods while maintaining robust defense against presentation attacks.

This Level 3 conformance represents a progression in Incode’s liveness technology development. In 2019, Incode became the first vendor to pass iBeta Level 1 using a passive liveness approach, designed to detect common 2D attacks. By 2022, the company expanded its defenses to include advanced 3D mask attacks and further strengthened its 2D detection capabilities, leading to iBeta PAD Level 2 testing success in early 2023. The recent Level 3 conformance extends this track record, confirming its perfect score on both mobile operating systems.

Evan Call, Business Development Manager and Director of Biometrics Sales and Marketing at iBeta Quality Assurance, commented on the rigor of the testing, stating, “iBeta Level 3 is designed to simulate well-resourced attackers using hyper-realistic masks and specialized fabrication techniques intended to challenge modern biometric systems. Incode’s results demonstrate conformance at Level 3 on both iOS and Android, with 0% APCER and 0% BPCER reported during testing.” APCER (Attack Presentation Classification Error Rate) measures if spoofing attempts are incorrectly accepted, while BPCER (Bona Fide Presentation Classification Error Rate) indicates if legitimate users are incorrectly rejected. Incode’s 0% on both metrics means no presentation attacks were accepted, and no legitimate users were rejected during the evaluation.

The relevance of this validation is heightened by the increasing reliance on digital onboarding as the primary gateway to financial services, marketplaces, and government platforms. Organizations are under pressure to reduce fraud losses while simultaneously ensuring a smooth user experience to maintain revenue. Independent testing at the highest available PAD level helps organizations identify solutions that can withstand the most demanding real-world conditions, including sophisticated presentation attacks across various devices and environments. This milestone underscores Incode’s commitment to proprietary innovation and its global engineering capabilities.

Incode operates at a significant scale, providing trusted experiences for eight of the top ten U.

S. banks, eight of the top nine telecom companies, the top three global neobanks, and four of the top five marketplaces worldwide. The company has processed over 7.1 billion trust checks to date. Incode is headquartered in San Francisco, with additional offices in Europe and Latin America.