Germany Top in Biometric Integrity with Face Morphing Detection

Published Date : 10/2/2025 

Germany is taking a proactive approach to prevent biometric spoof attacks in ID documents like passports. The EAB's Live Enrollment Workshop discussed the practical application and effectiveness of these measures, including the use of kiosks and advanced morphing detection technologies. 

Germany is leading the way in preventing biometric spoof attacks, particularly in breeder ID documents such as passports. The European Association for Biometrics (EAB) presented these steps and discussed their practical application and effectiveness during a Live Enrollment Workshop held on Wednesday.

Christoph Busch highlighted that the community has been aware of the threat of biometric morphing attacks for a decade, but the frequency of these attacks remains uncertain. 'No-one can answer this question. It is impossible to answer,' he stated. A survey during the IFPC conference organized by NIST provided some insights, with ten out of 112 respondents reporting more than 200 morphing attacks in 2024, and six seeing at least 50.

To mitigate these risks, live enrollment at kiosks or with certified photographers is recommended. However, until every country adopts this approach, morphing detection technologies will be essential. Dr. Uwe Seidel from the BKA provided the ICAO perspective on biometric enrollment, noting that the ISO/IEC 39794 standard for biometric encoding is a significant change since the introduction of the ePassport. Inspection systems are expected to handle the new encoding standard by January 1, 2026, though full adoption is not required until 2030.

Seidel also explained that morph attack images can result from importing just 30 percent of another person's facial features. The EU has invested around 20 million euros in research into biometric morphing detection through projects like Fidelity, SOTAMD, and iMARS. In the meantime, Germany has rolled out kiosks to municipalities for passport applications, featuring presentation attack detection (PAD) for face and fingerprint biometrics, and a larger facial image.

NIST has evaluated the effectiveness of morph detection technologies with its FRVT Morph, noting significant improvements from 2020 to 2025. The best algorithms are now approaching a two percent false negative rate (FNR) and false positive rate (FPR), which experts consider suitable for operational thresholds against low-quality morphs.

Riccardo Konig of the BMI discussed Germany’s modernization of its ID document issuing process, including the development of the PointID live enrollment system by state-owned printer Bundesdruckerei. The decentralized structure of the German state poses significant challenges, but having a single system provider can help. Anna Stratmann of BSI described the certification process for biometric capture devices, emphasizing that facial images can be delivered to the agency’s network from the cloud under certain conditions.

For live enrollments in August, roughly half of the images were captured on-site, while the other half were delivered via digital cameras, scans, or the cloud. BSI has received 18 applications for certification of live facial enrollment devices from five vendors since May, with 14 finalized.

Patrizia Knoppchen of Bundesdruckerei explained PointID, a modular device rolled out at around 5,500 locations across Germany. The device selects the best image from a one-second video capturing up to 30 images. In addition to PAD capabilities, PointID devices also feature background elimination. Speed Biometrics, another provider, has deployed more than 500 solutions in over 200 municipalities, despite the requirement for installed capture devices to be observable at all times.

Marcos Kramer of ME Group presented the company’s approach to providing photo booths and kiosks for unsupervised facial image acquisition, emphasizing that security arises from the combination of process and human controls. Biometric Solutions, represented by Michael Barsoe, expressed hope that other countries will follow Germany’s lead on secure biometric enrollment. The company developed both self-service terminals and smartphone software, Biometric Go, for biometrics enrollment in Denmark. There are 2,600 active installations of Biometric Go in Germany.

Overall, Germany’s proactive approach to biometric enrollment integrity, including the deployment of advanced technologies and kiosks, sets a strong precedent for other nations to follow in enhancing the security of ID documents and reducing the risk of biometric spoof attacks. 

Frequently Asked Questions (FAQS): 

Q: What is a biometric morphing attack?

A: A biometric morphing attack involves creating a biometric image that combines features from two different individuals, making it difficult to accurately identify the true subject. This can be used to bypass biometric security systems.

Q: How is Germany addressing biometric morphing attacks?

A: Germany is implementing live enrollment systems and kiosks equipped with presentation attack detection (PAD) for face and fingerprint biometrics. Additionally, they are investing in research and development of advanced morphing detection technologies.

Q: What is the ISO/IEC 39794 standard?

A: ISO/IEC 39794 is a standard for biometric data interchange formats. It is considered a significant change since the introduction of the ePassport and is expected to be implemented by January 1, 2026.

Q: What is the PointID system?

A: PointID is a modular live enrollment system developed by Bundesdruckerei for biometric data collection. It is deployed at around 5,500 locations across Germany and features advanced presentation attack detection (PAD) and background elimination capabilities.

Q: How is BSI involved in biometric enrollment in Germany?

A: The Federal Office for Information Security (BSI) is responsible for certifying biometric capture devices used in the live enrollment system. They have received 18 applications for certification from five vendors, with 14 finalized. 

More Related Topics :