Important Standards and Certifications for Facial Recognition Technologies
BANDAR SUNWAY – In an international marketplace, checks and balances need to be in place. This ultimately helps overcome the difficulty of maintaining consistency and quality across industries and nations. International standards help to keep a level playing field, and one such organisation is the International Organization for Standardization (ISO). Organisations want to be known for adhering to quality assurance and manufacturing standards. Therefore, ISO certification guarantees the entity meets global standards for business, especially in trade situations.
What Is ISO?
ISO is a non-governmental organisation that determines specifications for products, services, and systems for quality and efficiency. Standards set forth by this organisation are valuable to international trade as they have strict requirements that goods must meet. Their goal is to improve industrial welfare worldwide by increasing the levels of safety and security for all.
The full process of creating a standard takes about three years on average. The process begins when a need in the market is identified. Then, experts in a particular subject area gather to discuss ways of further improvement. At the end of these discussions, a voting process brings the organisation to a consensus.
Why Are ISO Certifications Important?
Obtained from third parties, ISO certifications act as a company’s proof that they abide by the standards set by the ISO. Having an ISO certification establishes credibility and trust among consumers, stakeholders, and other business partners.
Additionally, ISO certifications also prove a company’s commitment to essential business objectives such as customer satisfaction and production. Some public and private sector entities even request that a company have ISO certification before conducting any business with them.
ISO 30107: The Foundation of Biometric Presentation Attack Detection
Biometric data can be easily obtained and then used to create spoofs to launch an attack. Common presentation attacks reported in the field include images printed out or displayed on a screen, either as a still image or video. When a biometric spoof is presented to a biometric sensor, it can be detected by what is known as presentation attack detection (PAD).
The ISO and International Electrotechnical Commission (IEC) standard for PAD is 30107. It exists to provide a foundation for PAD by defining terms and establishing a framework through which presentation attack events can be identified. Part 1 provides the framework, while Part 2 covers data formats.
Part 3 which is the ISO/IEC 30107-3 sets a testing standard for tests and reporting of full biometric PAD systems. The standard requires that the accuracy of the PAD subsystem be measured in attack presentation classification error rate (APCER) and bona fide presentation classification error rate (BPCER). However, it does not specify accuracy thresholds for compliance.
In order to specify the test method in a more exact manner, these are the levels of testing that have been identified by iBeta. The testing levels and performance requirements are identified as:
| Level | Time | Expertise | Artefact source | Limit |
| 1 | 8 hours per subject or species | None | Cooperative subject and equipment are readily available in a normal home or office environment | 0% penetration or match rate allowed |
| 2 | 2-4 days per subject or species | Moderate – participated in at least 1 other PAD test with the target modality and has an understanding of the liveness detection functionality of the test target | Cooperative subject and equipment are more expensive (such as a 3D printer, resin mask, latex mask) | 1% penetration or match rate allowed |
What Is NIST and Why Is It Important?
Founded in 1901, the National Institute of Standards and Technology (NIST) is responsible for establishing technology, standards, and metrics to be applied to the science and technology industries. NIST is the body that offers guidelines such as how to adequately protect data, and they have a major impact on businesses in both the public and private sectors. Through having NIST-outlined standards, there is a level of uniformity when it comes to cybersecurity.
Though most companies should be concerned with cybersecurity, NIST compliance is particularly important for companies that conduct business with the U.S. government. Examples are government agencies or outside contractors who provide goods or services to the government. In fact, even subcontractors may be required to meet NIST standards. The guidelines provided by NIST are important for these particular organisations because government agencies and their contractors deal with highly sensitive data that can easily be targeted by hackers.
Aligning with NIST standards could give a business an advantage over its competition. Many companies want to feel confident that the contractors and subcontractors they partner with will execute all the necessary steps in order to protect their data. So, if both a company and its competitor put in bids for a contract, but the former can guarantee NIST compliance and controlled unclassified information (CUI) protection, while the latter cannot, the former’s business is more likely to win the contract.
NIST Face Recognition Vendor Test (FRVT)
When it comes to evaluating facial recognition algorithms for verification and identification, the NIST Face Recognition Vendor Test (FRVT) is the most respected benchmark. FRVT provides independent evaluations of commercially available and prototype face recognition technologies, which include e-KYC technology. Participation is free of charge, and it is open to a global audience of face recognition developers.
The test measures the performance of automated face recognition technologies applied to a wide range of security applications across civil, corporate, and government entities, and this includes the image checks for visas, the deduplication checks on passport photographs, and the checks during digital customer onboarding in the financial sector.
For companies providing face recognition technology, achieving top rankings on the NIST FRVT proves that their facial recognition algorithm provides accurate and secure results. Moreover, their achievement also proves their ability to develop non-biased solutions in terms of gender, ethnicity, and age, while also highlighting the trustworthiness of their biometric algorithms at the level of government or consumer use.
About WISE AI
WISE AI is an award-winning Artificial Intelligence company specialising in digital identity technologies. We develop world-class emerging deep tech that is adopted by the government and multiple industries. Our AI-powered solutions include EKYC, digital ID, digital signature, and blockchain. Our technology is optimised for the recognition of ASEAN faces.
