The digital transformation and the proliferation of e-identity schemes have escalated the need for secure and reliable online identity verification methods, especially in light of the alarming trend of AI-generated “deepfakes.” As internet users have learned about the increasing threat of deepfakes, they have become increasingly concerned about their identities being spoofed online, according to a new study conducted by the FIDO Alliance. As a result, deepfake awareness and the risks associated with them have steadily increased.
Amidst this landscape, the FIDO Alliance released its newest research in the eBook, Remote ID Verification – Bringing Confidence to Biometric Systems Consumer Insights 2024, which reveals insights from an independent study surveying 2,000 respondents in the U.S. and the U.K. on consumer perceptions on remote identity verification, online security, and biometrics. While the data showed consumer awareness and adoption of biometrics is increasing, consumers also expressed concerns about the rise of AI-generated deepfakes – reinforcing the need for preventative strategies and technologies focused on secure remote identity verification.
What is a “deepfake”?
According to the Center for Internet Security, a deepfake consists of convincingly fabricated audio and video content designed to mislead audiences into believing that fabricated events or statements are real. These manipulations can create realistic yet entirely false representations of individuals through synthetic images or complete video footage. This manipulated audio/video content is dangerously effective at spreading false information. In cybersecurity, deepfakes are increasingly being used to spoof identities to fraudulently open accounts or take control of existing accounts.
With the advent of AI and the increasing use of face biometrics for remote identity verification, the deepfake risks to remote identity proofing (RIDP) methods have become a reality. Security researchers have been closely evaluating the identity verification risks associated with deepfakes to increase awareness of the rapidly changing threat landscape and support stronger countermeasures that enhance the trustworthiness and reliability of remote identity proofing (RIDP) methods. In the European Union Agency for Cybersecurity’s (ENISA) latest remote ID report, researchers observed that deepfake injection attacks are increasing and becoming more difficult to mitigate.
Users Express Concerns about Deepfakes and ID Verification
With the rise of generative AI and deepfake videos in the news, there has been a heightened consumer unease about the security of biometrics for online verification. In the FIDO Alliance’s study, the deepfake trends have not escaped consumers’ attention online, who are increasingly using face biometrics to authenticate identities online and are concerned about identity security.
On one hand, the study reinforced consumer preference for using biometrics in remote identity verification, with nearly half of the respondents indicating a preference to use face biometrics, especially for sensitive transactions, like financial services (48%).
On the other hand, just over half of respondents revealed they are concerned about deepfakes when verifying identities online (52%).
Building Consumer Trust in Face Biometrics
As the concerns around deepfake security threats gain prominence, the industry has taken a significant step forward with the FIDO Alliance’s newly introduced Identity Verification certification program for Face Verification. This industry-first testing certification program, based on ISO standards, with requirements developed by the FIDO Alliance, aims to measure accuracy, liveness (including deepfake detection), and bias (including skin tone, age, and gender) in remote biometric identity verification technologies. By providing a framework for testing biometric performance and a network of accredited laboratories worldwide, this certification program standardizes and evaluates the performance of face verification systems while mitigating the impact of bias and security threats, like deepfakes.
Certifying Identity Verification with the FIDO Alliance
The Identity Verification certifications that the FIDO Alliance provides offer industry providers the ability to demonstrate commitment to addressing bias and security threats in remote biometric identity verification technologies. With a focus on standardizing and enhancing the performance of face verification technologies, the Alliance released its new FIDO Certification Program to elevate the performance, security, and equity of biometric solutions for remote identity verification. Combined with its Document Authenticity (DocAuth) Certification Program, these two certifications work together to ensure identity verification solution providers can leverage FIDO’s independent testing and accredited laboratories as a market differentiator.
What is the value for IDV Biometric Vendors?
- Independent validation of biometric performance
- Opportunity to understand gaps in product performance to then improve and align with market demands
- Demonstrate product performance to potential customers
- Improve market adoption by holding an industry-trusted certification
- Leverage one certification for many customers/relying parties
- Benefit from FIDO delta and derivative certifications for minor updates and extendability to vendor customers
- Reduce need to repeatedly participate in vendor bake-offs
What is the value for Relying Parties?
- One-of-a-kind, independent, third-party validation of biometric performance assessing accuracy, fairness and robustness against spoofing attacks
- Provides a consistent, independent comparison of vendor products – eliminating the burden of maintaining own program for evaluating biometric products
- Accelerates FIDO adoption to password-less
- Commitment to ensure quality products for customers of the relying parties
- Requirements developed by a diverse, international group of stakeholders from industry, government, and subject matter experts
- Conforms to ISO
- FIDO Annex published in ISO standards
What is the value of accredited laboratories?
FIDO Accredited Laboratories are available worldwide and follow a common set of requirements and rigorous evaluation processes, defined by the FIDO Alliance Biometrics Working Group (BWG) and follow all relevant ISO standards. These laboratories are audited and trained by the FIDO Biometric Secretariat to ensure lab testing methodologies are compliant and utilize governance mechanisms per FIDO requirements. Laboratories perform biometric evaluations in alignment with audited FIDO accreditation processes. In contrast, bespoke, single laboratory biometric evaluations may not garner sufficient trust from relying parties for authentication and remote identity verification use cases.
What are the ISO Standards that FIDO certification conforms to?
When a vendor invests in FIDO’s Face Verification Certification, they and their accredited lab are adhering to the following ISO standards:
| Terminology ISO/IEC 2382-37:2022 Information technology — Vocabulary — Part 37: Biometrics |
| Presentation Attack Detection ISO/IEC 30107-3:2023 Information technology — Biometric presentation attack detection — Part 3: Testing and reportingISO/IEC 30107-4:2020 Information technology — Biometric presentation attack detection — Part 4: Profile for testing of mobile devices -FIDO Annex, published 2024 |
| Performance (e.g., FRR, FAR) ISO/IEC 19795-1:2021 Information technology — Biometric performance testing and reporting — Part 1: Principles and frameworkISO/IEC 19795-9:2019 Information technology — Biometric performance testing and reporting — Part 9: Testing on mobile devices -FIDO Annex, published 2019 |
| Bias (differentials due to demographics) ISO/IEC 19795-10:2024 Information technology — Biometric performance testing and reporting — Part 10: Quantifying biometric system performance variation across demographic groups -FIDO Annex, under development |
| Laboratory ISO/IEC 17025:2017, General requirements for the competence of testing and calibration laboratories |
Learn More about FIDO IDV Certification
As organizations and policymakers navigate the evolving landscape of digital identity verification, these consumer insights serve as a testament to the pressing need for independently tested and accurate biometric systems. The FIDO Alliance’s new Face Verification Certification Program offers solution providers the opportunity to demonstrate deepfake prevention to relying parties and end users by testing for security, accuracy, and liveness.
Download the Remote ID Verification eBook here today, and discover the world-class offerings from FIDO’s certified providers that have invested in independent, accredited lab testing with FIDO certification.
