FIDO Boosts Authentication With Biometric Certification

Fido Alliance has launched a certification program for biometrics systems to create a “framework for the certification of biometric subsystems that can in turn be integrated into FIDO-certified authenticators.”

The not-for-profit Fido Alliance, which has a board that includes security executive reps from companies such as Amazon, GoogleMicrosoft and more, explained on its website that the program is using accredited independent labs to make sure that biometric subcomponents meet “globally recognized performance standards for biometric recognition performance and Presentation Attack Detection (PAD).” By testing the accuracy and reliability of these systems, it can then be determined if they are safe used for commercial use.

“For customers such as regulated online service providers, OEMs and enterprises, it provides a standardized way to trust that the biometric systems they are relying upon for fingerprint, iris, face and/or voice recognition can reliably identify users and detect presentation attacks,” the company explained.

And poorly implemented biometrics can allow hackers access to Android devices using facial or iris recognition technology, putting a user’s personal information at risk.

“This program, motivated by our online services community, mitigates that risk for mobile and desktop biometrics by providing a commercial-grade benchmark and independent lab assessment for performance features and spoof attack detection security considerations,” said Brett McDowell, executive director of the Alliance. “Another benefit of the program is a clear way for service providers to prove compliance with strong authentication regulation, which is becoming the norm for financial services. This trend is expected to expand to other sectors as passwords continue to be exploited at increasingly alarming rates.”

Right now only one lab has been accredited to perform components testing for the program: iBeta, which is located in the U.S. But a spokeswoman for the Fido Alliance told reporters that “the Alliance is actively working to bring in additional labs.”


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.