Side-Step Fingerprint Spoofs With ISO 30107-3 PAD Level 2 Compliance
Using fingerprints to authenticate people is a popular practice. It’s extremely fast, accurate and efficient given the extraordinary technology available today.
But each time a digit is pressed against a sensor, there’s an opportunity for criminals to spoof the system. They, like dangerous viruses, mutate to survive and constantly evolve their techniques and bad behavior.
Staying steps ahead and wrapping appropriate protective measures around biometric technologies is crucial. Continue reading to learn about the next-level security points you want associated with your fingerprint reader devices.
The Broad Reach of Biometrics
Authenticating and verifying ourselves based on our unique biological traits is convenient, accurate and fast. The use cases for biometrics are ever-expanding across industries and international institutions. In North America, the government and law enforcement sectors drive growth for the category. In the Asia-Pacific region, benefits distribution initiatives — like the Aadhaar program in India — are one of the many massive undertakings that rely on digital fingerprint systems to identify citizens. Across Europe, biometrics lift efficiencies and security measures throughout banks and financial institutions, as well as the European Union’s mandate to include biometric data in national ID cards.
Fingerprint biometrics are surging in popularity, which also makes them a popular target for hackers. Two efforts helping to fortify the fingerprint biometric landscape are presentation attack detection (PAD) to prevent fraudulent attempts to bypass security measures, and 3D fingerprint scanning for greater accuracy. These features help some manufacturers achieve a stricter designation for their advanced fingerprint readers. This is referred to as ISO 30107-3 PAD Level 2 compliance, and it can be a very important box to check when selecting a biometric reader.
Thwart Fraud With Secure Biometrics
Bad guys are crafty. When it comes to tricking biometric systems, they often assemble their art supplies and etch fingerprint patterns into soft, flexible materials like rubber, glue, clay or gelatin in an attempt to gain access to protected assets.
To defend against this type of deception, manufacturers design various security features into fingerprint readers to determine if the presented fingerprint data is real or fake. This presentation attack detection is a comprehensive approach to detecting spoofs.
It’s important to gauge how well biometric products on the market can accurately ferret out a fake finger. The use of industry standards and certifications help set guidelines, establish a level playing field among industry players, and assist customers in comparing products.
Keep these two things in mind as you consider your biometric device options:
- ISO 30107-3 — The International Standards Organization (ISO) is a body that develops and publishes international standards containing practical information and best practices. In particular, the ISO 30107-3 standard sets forth guidelines for biometric presentation attack detection testing and reporting.
- Certification by Independent Testing Labs — When it comes to conforming with standards, independent testing labs play an important role in this landscape by offering a third-party testimonial around a product’s performance. This gives customers an apples-to-apples comparison as they navigate their way to a biometric solution that’s the best fit for their requirements.
HID® Lumidigm® — ISO PAD Level 2 Compliant!
We are proud to promote the HID Lumidigm readers bearing the ISO 30107-3 PAD Level 2 compliance designation. ISO 30107-3 PAD Level 2 involves different levels of testing intensity when it comes to presentation attack detection.
Level 1 PAD testing focuses on basic presentation attacks typically of a 2D nature. Some applications today require stronger PAD, and this is where ISO PAD Level 2 comes into play. It offers an advanced and coveted mark in the biometrics industry by detecting much more sophisticated spoofing attempts based on 3D-type artifacts like those crafted from resin, latex, silicone and prosthetics. The intensity of PAD Level 2 compliance requires that products successfully block 99% of spoof attempts.
This builds on our PAD Level 1 accomplishment and deems the HID Lumidigm readers one of the only fingerprint reader portfolios in the industry to conform with the ISO PAD Level 2 standards.
HID tapped iBeta, an accredited independent test lab by the NIST NVLAP (National Voluntary Laboratory Accreditation Program) and the first FIDO Alliance accredited biometric test lab, to provide quality ISO assurance for our high-performance fingerprint readers. iBeta replicated user enrollment steps and tested against a range of potential imposter attacks. This effort entailed running a series of tests with an assortment of live subjects and spoofs made from non-living material to ensure the biometric system worked as intended.
Being ISO PAD Level 2 compliant indicates HID’s Lumidigm products function to the highest global standards for PAD and biometric recognition performance.
HID Lumidigm Readers: In a League of Their Own
A key feature that sets these readers apart is HID’s patented multispectral imaging (MSI) technology. Using different colors of light projected into a finger from different angles, MSI captures biometric data not only on the surface of the finger — or one’s “external print” — but also the subsurface or the “internal print.” This unique feature enables the Lumidigm readers to capture all types of skin conditions (e.g., dry, dirty, damaged, oily, wet and aged) in challenging environments (e.g., direct sunlight, shadow, heat, cold, rain and snow). Combining surface and subsurface biometric data delivers next-level accuracy and performance for a more reliable and effective fingerprint capture system.
Additional magic designed into HID’s select biometric readers includes secure endpoint technology. This feature prohibits cyber criminals from gaining unauthorized access to networks by turning fingerprint readers into secure endpoints.
We dive deeper into ISO 30107-3 PAD Level 2 and the HID exclusive MSI fingerprint technology in our eBook, ISO PAD Level 2 Compliance: What Is It and Why Is It a Big Deal in Biometrics?
Explore HID’s biometric fingerprint technology >>