HID Global Lumidigm solution achieves spoofing certification
20 September 2018 15:21 GMT

Identity tech firm HID has announced its patented Lumidigm multispectral imaging solution is the first fingerprint technology certified to the ISO/IEC 30107-3 Presentation Attack Detection (PAD) standard, which focuses on anti-spoofing and liveness detection to determine whether fingerprint data captured from the sensor is from a real, living person or from a plastic fake or other artificial copy.

The firm noted that since the specification’s release more than a year ago, only the Lumidigm V-Series solution has stopped all fake-finger attacks to receive a perfect certification score in a Level 1 test, which was administered by iBeta Quality Assurance and certified by the National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP).

“This industry certification is an important accomplishment which validates the security- and privacy-enhancing capabilities of our multispectral fingerprint capture technology,” said Michael Chaudoin, Vice President of Product Management and Marketing, Extended Access Technologies business unit with HID Global.  “Deployed globally, these fingerprint sensors authenticate billions of transactions annually.  They provide trust whenever they are used to validate a person’s identity to grant access, deliver services or distribute funds, because each time they ensure that fingerprint data is from a real person rather than a fake or stolen sample.”

The independent test result is based on the global ISO/IEC 30107-3 standard, which established procedures for testing and reporting a device’s level of susceptibility to fake fingerprints, also called spoofing attacks. During these tests, the fake fingerprint is presented to a biometric capture device by an imposter to gain unauthorized access, steal an identity for fraudulent use, or evade a watch list. Receiving a perfect score during Level 1 certification testing means the Lumidigm technology detected 100 percent of spoof attempts while correctly authenticating legitimate users.

“Liveness detection is a critical component of a trusted fingerprint biometric security architecture that also includes capture and template-matching capabilities,” said Michael Thieme, Novetta Vice President of Special Projects and Editor of ISO/IEC 30107-3. "Organizations deploying biometric systems should consider independently-validated PAD solutions to help ensure the biometric products they deploy defend against these types of attacks."

Liveness detection is increasingly important for ensuring the integrity of what Acuity Market Intelligence forecasts will be more than one trillion cloud-based biometric transactions annually by 2022. In 2015, more than 21.5 million people were affected by a breach of the U.S. Office of Personnel Management (OPM) systems that compromised 15 years of biometric fingerprint identity data.  This and other breaches at companies in financial services, healthcare, and other industries have fueled concerns about the fraudulent use of stolen biometric data, which liveness detection can help prevent.

According to Acuity’s principal analyst, Maxine Most, “One of the main challenges ahead is educating markets about what constitutes the integrity of a biometric system, including how to apply best practices for liveness detection.”  The firm said in its September 2017 financial services whitepaper that liveness detection is a critical component of a secure, well-architected biometric solution, and one of the most important countermeasures to biometric spoofing and presentation attacks.