Most of us today are accustomed to unlocking our smartphones with a simple glance or touch. In the blink of the tech industry’s eye, biometric authentication has quickly become a normal part of our daily lives.

Consumers love the convenience and security of biometrics, which has helped propel its growth and mainstream adoption. In the FIDO Alliance’s last global barometer survey, biometrics ranked top as the most secure and the preferred way to log in by consumers.

But for biometrics to continue its success, there is a reputation issue and ‘elephant in the room’ that is holding back consumers, governments, and other implementers alike from full trust and confidence: bias.

Are biometric technologies biased?

Concerns have been circulating for some time about the accuracy of biometric systems in processing diverse demographics. In the UK in 2021, for example, Uber drivers from diverse ethnic backgrounds took legal action over claims its software had illegally terminated their contracts as its software was unable to recognize them.

In the FIDO Alliance’s recent study, Remote ID Verification – Bringing Confidence to Biometric Systems Consumer Insights 2024, consumers made clear that they are concerned about bias in biometric facial verification systems.

While over half of respondents indicated they believe face biometrics can accurately identify individuals (56%), others in the survey report a different experience. 

A quarter of respondents felt they had been discriminated against by biometric face verification systems (25%).

Organizations like NIST have been closely monitoring the disparities in bias performance for some time – with NIST’s most recent evaluation ​​of solutions across different demographics released this year. The headline is: Not all biometric systems are created equal.

As face verification has become adopted globally, the accuracy in identifying diverse demographics has gone from weakness to strength, with most leading solutions today operating with extremely small margins of error. However, less sophisticated solutions do exist and are perpetuating a far bigger reputational and adoption challenge.

Inclusivity and accessibility in remote identity

Inclusivity is just one part of the problem. Bias impacts the entire user experience and erodes faith in the technology overall. Half of American and British consumers in the survey said they would lose trust in a brand or institution if it were found to have a biased biometric system, and 22% would stop using the service entirely.

Remote identity solutions unlock huge benefits for governments, organizations, and consumers alike. Consider already how many more scenarios where we are asked to prove who we are virtually today – starting a new job, opening a bank account, signing legal documents. And, as outlined earlier, we know consumers already love using biometrics – 48% of those we surveyed preferred biometrics to enroll and verify themselves remotely.

However, the excitement of more remote identity solutions is understandably mixed with these bias concerns, causing some organizations to delay or reconsider implementation. We’re in an age where digital inclusivity is highly scrutinized, especially for public services, and governments are increasingly calling for a way to demonstrate equity.

Equitable biometrics systems are both a practical and a moral imperative. So how do we get there? 

Addressing bias in biometric systems

The FIDO Alliance has launched its Face Verification Certification program, with mitigating bias as a key priority. It assesses a face verification system’s performance across different demographics, including skin tone, age, and gender, in addition to far more wide-reaching security and  performance tests.

Why is independent certification for biometrics important?

Currently, testing levels are completed on a case-by-case basis, per organization. This means it’s expensive and time-consuming, and what ‘good’ looks like varies widely. The FIDO Alliance’s program is based on proven ISO standards and has been developed by a diverse, international panel of industry, government, and subject matter experts. This means it is unrivaled in its ability to set equitable performance benchmarks.

More broadly, certification and independent global testing catalyze innovation and technological adoption. Whether launching an identity verification solution or including it in related regulations, open standards and certification set a clear performance benchmark. It removes considerable duplicated efforts, improves the confidence of all stakeholders, and ultimately drives up the performance of all solutions on the market.

How is bias evaluated?

At this time, the FIDO Alliance program considers false reject rate (FRR) for bias, using FRR methodology, and is measured at the transaction level across skin tone, age, and gender. ISO 19795-10 has multiple options for measuring differential performance. One option is described in the Section: Reporting differential performance against a benchmark (Section 7.4.2). In this approach, testers seek to compare the performance of one or more demographic groups to a specific benchmark. FIDO has chosen this approach given the small sample size of the individual groups (50+ per group). For skin tone, groups are defined and distributed across three brackets based on the Monk Scale. For gender, groups are defined and distributed across male, female, and other. For age, groups are defined and evenly distributed across four age brackets. 

The benchmarks are set at 6% (95% confidence interval), based on bootstrapping simulations. These simulations covered a spectrum of scenarios, population sizes, correlation between attempts. The benchmark chosen reduces the probability that a group will be considered different when it actually is not, i.e., finding a difference by chance (<5%).

What is the value of certification for Biometric Vendors?

  • Independent validation of biometric performance
  • Opportunity to understand gaps in product performance to then improve and align with market demands
  • Demonstrate product performance to potential customers 
  • Improve market adoption by holding an industry-trusted certification
  • Leverage one certification for many customers/relying parties 
  • Benefit from FIDO delta and derivative certifications for minor updates and extendability to vendor customers
  • Reduce need to repeatedly participate in vendor bake-offs

What is the value of certification for Relying Parties?

  • One-of-a-kind, independent, third-party validation of biometric performance assessing accuracy, fairness and robustness against spoofing attacks
  • Provides a consistent, independent comparison of vendor products – eliminating the burden of maintaining own program for evaluating biometric products
  • Accelerates FIDO adoption to password-less
  • Commitment to ensure quality products for customers of the relying parties 
  • Requirements developed by a diverse, international group of stakeholders from industry, government, and subject matter experts
  • Conforms to ISO
  • FIDO Annex published in ISO standards

What is the value of certification with FIDO accredited laboratories?

FIDO Accredited Laboratories are available worldwide and follow a common set of requirements and rigorous evaluation processes, defined by the FIDO Alliance Biometrics Working Group (BWG) and follow all relevant ISO standards. These laboratories are audited and trained by the FIDO Biometric Secretariat to ensure lab testing methodologies are compliant and utilize governance mechanisms per FIDO requirements. Laboratories perform biometric evaluations in alignment with audited FIDO accreditation processes. In contrast, bespoke, single laboratory biometric evaluations may not garner sufficient trust from relying parties for authentication and remote identity verification use cases.

What are the other ISO Standards that FIDO certification conforms to?

In addition to ISO/IEC 19795-10, vendors and their accredited lab are adhering to the following ISO standards:

Terminology
ISO/IEC 2382-37:2022 Information technology — Vocabulary — Part 37: Biometrics
Presentation Attack Detection
ISO/IEC 30107-3:2023 Information technology — Biometric presentation attack detection — Part 3: Testing and reporting
ISO/IEC 30107-4:2020 Information technology — Biometric presentation attack detection — Part 4: Profile for testing of mobile devices
– FIDO Annex, published 2024
Performance (e.g., FRR, FAR)
ISO/IEC 19795-1:2021 Information technology — Biometric performance testing and reporting — Part 1: Principles and framework
ISO/IEC 19795-9:2019 Information technology — Biometric performance testing and reporting — Part 9: Testing on mobile devices
– FIDO Annex, published 2019
Bias (differentials due to demographics)
ISO/IEC 19795-10:2024 Information technology — Biometric performance testing and reporting — Part 10: Quantifying biometric system performance variation across demographic groups – FIDO Annex, under development
Laboratory
ISO/IEC 17025:2017, General requirements for the competence of testing and calibration laboratories

Enhancing Confidence in the Biometrics of Identity Verification

The FIDO Alliance continues to champion the cause of combating bias and enhancing security measures in remote biometric identity verification technologies through its Identity Verification and Biometric Component certifications. The FIDO Certification Programs offer reliability, security, and standardization to certify biometric solutions for remote identity verification, and has specifically set benchmarks for face verification technologies to test for bias.

In addition to the Face Verification program, the FIDO Alliance emphasizes the importance of rigorous testing and certification processes in ensuring that identity verification solutions are trustworthy and secure, including the Document Authenticity (DocAuth) Certification. These programs offer solution providers the opportunity to differentiate themselves in the market by leveraging FIDO’s independent, accredited test laboratories and industry-recognized brand.

Learn More about FIDO Biometric Certifications

As digital identity verification landscapes evolve, the demand for independently verified and unbiased biometric systems becomes increasingly vital. The introduction of the FIDO Alliance’s Face Verification Certification Program reinforces the commitment of solution providers to proactively address trust, security, and inclusivity in biometric identity verification technologies.

To learn more, download the in-depth consumer research on remote ID verification here, and discover the certified providers backed by FIDO certification to stay ahead with secure and trustworthy biometric identity verification technologies.


More

FIDO APAC Summit 2024: Unlocking a Secure Tomorrow by Accelerating the Future of Authentication in Asia-Pacific

Building on the success of last year’s summit in Vietnam, the FIDO APAC Summit 2024…

Read More →

Passkeys Hackathon Tokyo: A Showcase of Innovation and Excellence

By Atsuhiro Tsuchiya, APAC Market Development Sr. Manager In June, Google and the FIDO Alliance…

Read More →

Authenticate Update: 2024 Agenda Released

Carlsbad, Calif, August 14, 2024 – The FIDO Alliance has announced its agenda today for…

Read More →