Cybersecurity

FIDO Alliance announces identity-proofing certification

The certification gives licensing companies added assurance that a vendor “is performing well,” FIDO’s CEO said.
article cover

Francis Scialabba

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Like a teacher on their first day of class or a new hire at the company party, some biometrics have trouble matching faces to names.

The FIDO Alliance—an org of 250+ vendors dedicated to reducing reliance on passwords—announced in May a certification for manufacturers that offer user biometric verification services to check live likeness with a trusted document. The Face Verification Certification, which creators of the program and early recipients consider the “first of its kind,” provides a stamp of approval for both manufacturers and buyers of remote identity verification technology.

“The goal here is to test the biometric tied to the identity proofing and onboarding process,” Andrew Shikiar, executive director and CEO of the FIDO Alliance, told IT Brew.

Using ISO and industry standards, FIDO-accredited laboratories test for:

  • Security. Demonstrating that providers can accurately verify users’ identities.
  • Liveness. Ensuring that there is a live human present and not just a portrait on a popsicle stick.
  • Bias. Testing that a system works effectively with different skin tones, genders, and ages.

Who’s in? While the pandemic highlighted the need for remote identification services, government agencies see a continued importance today.

Given the increasing use of identity proofing to enable electronic transitions in Europe, the European Union Agency for Cybersecurity released in March released a Remote ID Proofing Good Practices report.

The US General Service Administration also announced in April that its single sign-on Login.gov platform will soon provide virtual options for identity verification, adhering to NIST’s 800-63-3 IAL2 guidelines and including pilot facial matching.

Proov it! The Deloitte Center for Financial Services said that fraud aided by generative AI and deepfake tech could “enable fraud losses to reach $40 billion in the United States by 2027,” citing an incident earlier this year in which a Hong Kong-based employee of a multinational corporation wired $25 million to an imposter CFO.

Treefort Technologies, a Canadian company that employs mechanisms like facial verification to check the identity of players in real estate transactions, uses iProov—the first recipient of FIDO’s face certification—to confirm that a client’s online likeness matches the image presented on an ID.

“We’re constantly convincing more people to do standards and testing. And we believe that that’s the way that industry itself is going to move quicker, to be able to adopt better technologies, and weed out the ones that really aren’t as good, and aren’t as fair, or are biased,” Ajay Amlani, president, head of the Americas at iProov, told IT Brew.

The Face Verification Certification program exists alongside the organization’s Biometric Component Certification and Document Authenticity (DocAuth) Certification.

Many companies are doing remote identity verification, and they tend to trust a vendor’s metrics, according to Shikiar, but the lack of standardization may be problematic.

“I’m not saying those vendors are not telling the truth. But there’s no way to independently verify that. And so this gives licensing companies an added level of assurance that a vendor is performing well,” Shikiar said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.