FIDO Alliance launches Biometrics Certification Program – globally performance standards are fit for commercial use

Biometric user verification has become a popular way to replace passwords and PINs, but the lack of an industry-defined program to validate performance claims has led to concerns over variances in the accuracy and reliability of these solutions. To fill this gap, the FIDO Alliance today announced its Biometric Component Certification Program – the first such program for the industry at large, according to the press release. The program utilizes accredited independent labs to certify that biometric subcomponents meet globally recognized performance standards[i] for biometric recognition performance and Presentation Attack Detection (PAD)[ii] and are fit for commercial use.

The FIDO Alliance aims to deliver several benefits to providers and users of biometric recognition systems through the new Biometric Component Certification Program. Until now, due diligence was performed by enterprise customers who had the capacity to conduct such reviews. This required biometric vendors to repeatedly prove performance for each customer.

The FIDO Alliance program allows vendors to test and certify only once to validate their system’s performance and re-use that third-party validation across their potential and existing customer base, resulting in substantial time and cost savings. For customers, such as regulated online service providers, OEMs and enterprises, it provides a standardized way to trust that the biometric systems they are relying upon for fingerprint, iris, face and/or voice recognition can reliably identify users and detect presentation attacks.

“The lack of standards has long been an issue in biometrics, forcing security professionals to ‘get deep in the weeds’ to not only understand the attributes that are important but subsequently evaluate vendors on those attributes. An unbiased Alliance-based certification program expedites solution evaluation for companies but also eases adoption by providing assurances to the C-suite of proper choice,” said Frank Dickson, research vice president, IDC.

“With biometrics being a popular option for mobile and web applications implementing FIDO Authentication, there is a growing need for those service providers to appropriately assess the risk of fraud from lost or stolen devices. While border control and law enforcement markets have mature assessment programs for their biometric systems, we were surprised that no such program existed for this rapidly growing consumer market,” said Brett McDowell, executive director of the FIDO Alliance. “As an organization that is driven by our members’ real-world business requirements, and already experienced at delivering globally scalable high-quality certification programs, the FIDO Alliance was the organization our members chose to fill this gap in the market.”

Program Details

The Biometric Component Certification Program is open to all biometric authenticator subcomponents. Those vendors who achieve certification receive a Biometric Subcomponent Certificate to show they have passed the well-defined testing administered by the FIDO Alliance and accredited labs.

To fully meet anticipated customer requirements, a vendor may also choose to go through the FIDO Authenticator Certification Program to validate that the biometric authenticator conforms to cryptographic FIDO specifications, interoperates with other products in the market and meets certain security requirements in addition to biometric performance. For authenticators that incorporate biometric sensors, the biometric subcomponent certificate is required in order to achieve the highest levels of FIDO Authenticator security certification but remains optional for the lower levels of assurance. Only those that successfully complete the FIDO Authenticator Certification Program can use the FIDO or FIDO Certified trademarks.

Biometric technology suppliers interested in participating in the program can visit https://fidoalliance.org/biometric-component-certification-program to get started.

About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

[i] ISO standards: ISO/IEC 19795; ISO/IEC 30107

[ii] PAD (Presentation Attack Detection) i.e. liveness detection/detection of a spoof attack.