HID, FPT IS, TransUnion Achieve Level 2 PAD Compliance

Published Date : 9/5/2025 

iBeta Quality Assurance confirms Level 2 PAD compliance for HID, FPT IS, TransUnion, and Private Identity, reinforcing the robustness of their biometric systems against sophisticated attacks. 

A wave of new biometric presentation attack detection (PAD) evaluations based on the ISO/IEC 30107-3 standard by iBeta Quality Assurance has resulted in new compliance confirmations for several companies. HID stands out among them with its multi-spectral imaging cameras demonstrating Level 2 compliance.

HID’s U.ARE.U Face Module allowed zero successful attacks in 750 attempts with mid-level presentation attack instruments (PAIs). More sophisticated attacks like those assessed in Level 2 have become more common, the company says in a blog post, prompting the industry to turn to more rigorous PAD tests to show they can meet the raised stakes.

The observation aligns with those of iBeta Director of Biometrics Ryan Borgstrom and Deputy Director of Biometrics David Yambay in an interview with Biometric Update for the June launch of their Level 3 PAD compliance testing service. HID states that the level of performance reached by U.ARE.U Face Module shows that facial recognition can now deliver both user-friendly experiences and a high level of resistance to fraud. The company has also explored how to achieve these benefits in different real-world use cases and scenarios in a couple of recent posts.

A compliance confirmation letter for U.ARE.U Face Module’s Level 2 compliance is posted to HID’s website.

More PAD compliance confirmations were recently announced by iBeta, revealing that several companies have passed liveness assessments. Private Identity, FPT IS, Chunghwa Telecom’s HiFace, Identy, and TransUnion all received compliance letters from iBeta in August.

Vietnamese IT leader FPT IS had its FPT eID liveness detection confirmed compliant to Level 2. FPT is a development partner for Ho Chi Minh City’s Digital Citizen App and passed a Level 1 test earlier this year. TransUnion’s TruValidate Anti-Deepfake Liveness was confirmed compliant with a Level 2 test at the beginning of the month, following a partial Level 1 test in May.

Private Identity had its PrivateID Verify software confirmed compliant to Level 2 at the end of August, following Level 1 confirmation at the end of July. Iris ID also received Level 1 PAD compliance confirmation for its iBar 600E scanner in July.

These confirmations highlight the growing importance of biometric liveness detection in ensuring the security and reliability of biometric systems. As attacks become more sophisticated, companies are increasingly turning to rigorous testing to demonstrate their systems' robustness against presentation attacks. 

Frequently Asked Questions (FAQS): 

Q: What is biometric presentation attack detection (PAD)?

A: Biometric presentation attack detection (PAD) is a process used to determine whether a biometric sample, such as a face or fingerprint, is genuine or a spoof. It helps prevent unauthorized access by detecting fake biometric inputs.

Q: What does Level 2 PAD compliance mean?

A: Level 2 PAD compliance means that a biometric system has been tested and proven to effectively detect sophisticated presentation attacks, such as high-quality fake images or 3D masks, under mid-level attack conditions.

Q: Which companies have achieved Level 2 PAD compliance?

A: HID, FPT IS, TransUnion, and Private Identity have all achieved Level 2 PAD compliance for their biometric systems, as confirmed by iBeta Quality Assurance.

Q: Why is PAD testing important for biometric systems?

A: PAD testing is crucial for biometric systems because it ensures that they can accurately distinguish between genuine and fake biometric inputs, thereby enhancing security and preventing unauthorized access.

Q: What is the ISO/IEC 30107-3 standard?

A: The ISO/IEC 30107-3 standard provides guidelines for biometric presentation attack detection (PAD) testing, ensuring that biometric systems are evaluated for their ability to detect and prevent spoof attacks. 

More Related Topics :