Identity/biometrics/technology marketing and writing services
From the Ontario International Airport Community Event at the National Guard Hangar on Saturday, February 14, 2026.
Arriving at today’s ONT Community Event.
Our war of independence happened 10 years ago. Hollywood noticed.
Consumer heaven. Except for Quakes fans.
Stories sometimes obscure the facts, which is something we definitely remember—or don’t—on February 14.
Did you know there are THREE people who are considered by the Roman Catholic Church to be Saint Valentine?
Petal and Poem discusses all three.
This Valentine was a priest in Rome who defied Roman Emperor Claudius II. Supposedly the Emperor believed that single men made better soldiers, but Valentine defied the Emperor and secretly married people. This resulted in his execution on February 14 in about AD 270.
But…there is another.
Elsewhere on the Italian peninsula, Valentine of Terni (or Interamna) ran afoul of the same Emperor, and was executed on February 14 a few years later (in about AD 273).
But…there is another.
Less is known about the third Valentine, other than the fact that he also was martyred. The scant information about him, as well as more extensive information on African influence on Christianity, is contained here.
So the next time that you say that the chocolates your beloved gave you are to die for, ensure you don’t take the phrase literally.
And Cupid, a Roman god, is decidedly NOT Roman Catholic.
At least temporarily, Bredemarket is focusing on:
There are numerous independent testing laboratories, holding testing certifications from various entities, that test a product’s conformance to the requirements of a particular standard.
For presentation attack detection (liveness), organizations such as iBeta and BixeLab test conformance to ISO 30107-3.
For injection attack detection, Ingenium tests conformance to CEN/TS 18099:2025, as well as testing that exceeds the requirements of that standard.
Unfortunately, I was unable to locate a central source of all of Ingenium’s testing results. So I had to hunt around.
| Biometric Vendor | Ingenium Injection Attack Detection Test Level | Notes |
| FaceTec | 2 | Ingenium letter on FaceTec website |
| iProov | 4 | Bredemarket blog post “Injection Attack Detection, CEN/TS 18099:2025, and iProov“ |
And…that’s all I could find.
Ingenium’s testing is relatively new, as is the whole idea of performing injection attack detection testing in general, so it shouldn’t be surprising that vendors haven’t rushed to get independent confirmation of injection attack capabilities.
But they should.
I’ve mentioned this before, but it’s worth exploring in more detail, since I only discussed Level 4. Here’s a complete list of all five of Ingenium’s testing evaluation tiers:
- Level 1: CEN Substantial: This tier is equivalent to the CEN TS 18099:2025 ‘substantial’ evaluation level. A Level 1 test requires 25 FTE days and includes a focus on 2 or more IAMs and 10 or more IAI species. It’s a great starting point for assessing your system’s resilience to common injection attacks.
- Level 2: CEN High: Exceeding the substantial level, this tier aligns with the CEN TS 18099:2025 ‘high’ evaluation level. This 30-day FTE evaluation expands the scope to include 3 or more IAMs and a higher attack weighting, providing a more rigorous test of your system’s defenses.
- Level 3: This level goes beyond the CEN TS 18099:2025 standard to provide an even more robust evaluation. The 35-day FTE program focuses on a higher attack weighting, with a greater emphasis on sophisticated IAMs and IAI species to ensure a more thorough assessment of your system’s resilience.
- Level 4: A 40-day FTE evaluation that further exceeds the CEN TS 18099:2025 standard. Level 4 maintains a high attack weighting while specifically targeting the IAI detection capabilities of your system. Although not a formal PAD (Presentation Attack Detection) assessment, this level offers valuable insights into your system’s PAD subsystem resilience.
- Level 5: Our most comprehensive offering, this 50-day FTE evaluation goes well beyond the CEN TS 18099:2025 requirements. Level 5 includes the highest level of Ingenium-created IAI species, which are specifically tailored to the unique functionality of your system. This intensive testing provides the deepest insight into your system’s resilience to injection attacks.
As I was publicizing my iProov injection attack detection post, I used Grok to create an injection attack detection video. Not for the squeamish, but injection attacks are nasty anyway.
In late 2022 I wrote a Bredemarket blog post entitled “Candy Street Market is coming.” It covered a business on Holt Boulevard in Ontario, California.
I referred to this post a couple of other times, making clear that Bredemarket was NOT Candy Street Market.
Well, at least I thought I did.
Until Bredemarket recently received an email from a janitorial company that included the following:
Hello Candy Street Market,
We’ll be around your area this week.
Happy to drop by and give you a simple cleaning quote should you need it. Does that work?
I didn’t respond.
If the janitorial company stops by Candy Street Market anyway, they’re in for a rude surprise.
Candy Street Market closed a long time ago.
CHECK YOUR MAILING LISTS.
Most identity and biometric marketing leaders know that their products should detect attacks, including injection attacks. But do the products detect attacks? And do prospects know that the products detect attacks? (iProov prospects know. Or should know.)
I’ve mentioned injection attack detection a couple of times on the Bredemarket blog, noting its difference from presentation attack detection. While the latter affects what is shown to the biometric reader, the former bypasses the biometric reader entirely.
But I haven’t mentioned how vendors can secure independent confirmation of their injection attack defenses.
Here’s part of what ID Tech Wire said a year ago.
“A new European technical standard, CEN/TS 18099:2025, has been published to address the growing concern of biometric data injection attacks. The standard provides a framework for evaluating the effectiveness of identity verification (IDV) vendors in detecting and mitigating these attacks, filling a critical gap left by existing regulations.”
Being a baseball hot dogs apple pie guy, I had never heard of CEN. Now I have.
“CEN, the European Committee for Standardization, is an association that brings together the National Standardization Bodies of 34 European countries.
“CEN provides a platform for the development of European Standards and other technical documents in relation to various kinds of products, materials, services and processes.”
And before you say that them furriner Europeans couldn’t possibly understand the nuances of good ol’ Murican injection attacks, look at all the countries that follow biometric interchange guidance from the American National Standards Institute (ANSI) and the National Institute of Standards and Technology (NIST).
So CEN is good.
But let’s get to THIS standard.
The Biometric Data Injection Attack Detection standard can be found at multiple locations, including the aforementioned ANSI. From the current 2025 version:
“This document provides an overview of:
– Definitions of biometric data injection attacks;
– Use cases for injection attacks with biometric data on essential hardware components of biometric systems used for enrollment and verification;
– Tools for injection attacks on systems using one or more biometric modalities.
This document provides guidance for:
– Injection Attack Instrument Detection System (defined in 3.12);
– adequate risk mitigation for injection attack tools;
– Creation of a test plan for the evaluation of an injection attack detection system (defined in 3.9).”
Like (most) good standards, you have to buy it. Current Murican price is $99.
You can see how this parallels the existing standard for presentation attack detection testing.
iProov is a company in the United Kingdom. This post does not address whether the United Kingdom is part of Europe; I assigned that thankless task to Bredebot. But iProov does pay attention to European stands, according to this statement:
“[iProov] announced that its Dynamic Liveness technology is the first and only solution to successfully achieve an Ingenium Level 4 evaluation and the CEN/TS 18099 High technical specification for Injection Attack Detection, following an independent evaluation by the ISO/IEC 17025-accredited, Ingenium Biometric Laboratories. Ingenium Level 4 builds on the requirements outlined in CEN/TS 18099, providing an increased level of assurance with an extended period of active testing and inclusion of complex, highly-weighted attack types.”
Ingenium’s injection attack detection testing is arranged in five levels/tiers. The first two correspond to the “substantial” and “high” evaluation levels in CEN/TS 18099:2025. The final three levels exceed the standard.
Level 4:
“Level 4: A 40-day FTE evaluation that further exceeds the CEN TS 18099:2025 standard. Level 4 maintains a high attack weighting while specifically targeting the IAI detection capabilities of your system. Although not a formal PAD (Presentation Attack Detection) assessment, this level offers valuable insights into your system’s PAD subsystem resilience.”
Because while they are technically different, injection attack detection and presentation attack detection are intertwined.
And if you adopt a customer focus, the customer doesn’t really care about the TYPE of attack. The customer ONLY cares about the attack itself, and whether or not the vendor detected and prevented it.
Identity/biometric marketing leaders, does your product offer independent confirmation of its attack detection capabilities? If not, do you publicize your own self-assertion of detection?
Because if you DON’T explicitly address attack detection, your prospects are forced to assume that you can’t detect attacks at all. And your prospects will avoid you as dangerous and gravitate to vendors who DO assert attack detection in some way.
And you will lose money.
Regardless of whether you are in the United States, United Kingdom, or the European continent…losing money is not good.
So don’t lose money. Tell your prospects about your attack detection. Or have Bredemarket help you tell them. Talk to me.
Postscript: Non iProov injection attack detection here.
(Explaining why the event was important. Using less than 300 words that could be delivered in less than two hours. Including a call of action to remember. We did.)
Fourscore and seven years ago our fathers brought forth on this continent, a new nation, conceived in Liberty, and dedicated to the proposition that all men are created equal.
Now we are engaged in a great civil war, testing whether that nation, or any nation so conceived and so dedicated, can long endure. We are met on a great battle-field of that war. We have come to dedicate a portion of that field, as a final resting place for those who here gave their lives that that nation might live. It is altogether fitting and proper that we should do this.
But, in a larger sense, we can not dedicate-we can not consecrate-we can not hallow-this ground. The brave men, living and dead, who struggled here, have consecrated it, far above our poor power to add or detract. The world will little note, nor long remember what we say here, but it can never forget what they did here. It is for us the living, rather, to be dedicated here to the unfinished work which they who fought here have thus far so nobly advanced. It is rather for us to be here dedicated to the great task remaining before us-that from these honored dead we take increased devotion to that cause for which they gave the last full measure of devotion-that we here highly resolve that these dead shall not have died in vain-that this nation, under God, shall have a new birth of freedom-and that government of the people, by the people, for the people shall not perish from the earth.
I missed this January story. Apparently World installed an iris-reading Orb inside a San Francisco Gap store…for better visibility.
“At Gap, we believe in originality, authenticity — what makes us human,” the plaque reads. “That’s why we’re partnering with World, to bridge the gap between humans and technology.”
However, it seems to be a visibility stunt. Gap doesn’t care whether its clothing is purchased by humans, and it would be delighted to sell individuals multiple pairs of jeans, even if they had previously purchased a pair.
If you’re an identity/biometric marketing leader who requires content, proposal, and analysis expertise from a biometric product marketing expert, make sure you read the following:
It will be worth your while.
I’m putting myself in the shoes of someone reading stuff on LinkedIn or Facebook.
Are “Bredemarket” and “Bredemarket Identity Firm Services” two separate entities?
No.
They overlap.
So if your specific interest is biometrics, or secure documents, or other identity factors, visit Bredemarket Identity Firm Services.
If your interests are more general (such as product marketing), visit Bredemarket.
Bredemarket