Tag Archives: customer focus

Injection Attack Detection, CEN/TS 18099:2025, and iProov

Most identity and biometric marketing leaders know that their products should detect attacks, including injection attacks. But do the products detect attacks? And do prospects know that the products detect attacks? (iProov prospects know. Or should know.)

I’ve mentioned injection attack detection a couple of times on the Bredemarket blog, noting its difference from presentation attack detection. While the latter affects what is shown to the biometric reader, the former bypasses the biometric reader entirely.

But I haven’t mentioned how vendors can secure independent confirmation of their injection attack defenses.

European Committee for Standardization (CEN)

Here’s part of what ID Tech Wire said a year ago.

“A new European technical standard, CEN/TS 18099:2025, has been published to address the growing concern of biometric data injection attacks. The standard provides a framework for evaluating the effectiveness of identity verification (IDV) vendors in detecting and mitigating these attacks, filling a critical gap left by existing regulations.”

Being a baseball hot dogs apple pie guy, I had never heard of CEN. Now I have.

“CEN, the European Committee for Standardization, is an association that brings together the National Standardization Bodies of 34 European countries.

“CEN provides a platform for the development of European Standards and other technical documents in relation to various kinds of products, materials, services and processes.”

And before you say that them furriner Europeans couldn’t possibly understand the nuances of good ol’ Murican injection attacks, look at all the countries that follow biometric interchange guidance from the American National Standards Institute (ANSI) and the National Institute of Standards and Technology (NIST).

So CEN is good.

But let’s get to THIS standard.

More on CEN/TS 18099:2025

The Biometric Data Injection Attack Detection standard can be found at multiple locations, including the aforementioned ANSI. From the current 2025 version:

“This document provides an overview of: 

– Definitions of biometric data injection attacks; 

– Use cases for injection attacks with biometric data on essential hardware components of biometric systems used for enrollment and verification; 

– Tools for injection attacks on systems using one or more biometric modalities. 

This document provides guidance for: 

– Injection Attack Instrument Detection System (defined in 3.12); 

– adequate risk mitigation for injection attack tools; 

– Creation of a test plan for the evaluation of an injection attack detection system (defined in 3.9).”

Like (most) good standards, you have to buy it. Current Murican price is $99.

You can see how this parallels the existing standard for presentation attack detection testing.

Which brings us to iProov…and Ingenium

iProov is a company in the United Kingdom. This post does not address whether the United Kingdom is part of Europe; I assigned that thankless task to Bredebot. But iProov does pay attention to European stands, according to this statement:

“[iProov] announced that its Dynamic Liveness technology is the first and only solution to successfully achieve an Ingenium Level 4 evaluation and the CEN/TS 18099 High technical specification for Injection Attack Detection, following an independent evaluation by the ISO/IEC 17025-accredited, Ingenium Biometric Laboratories. Ingenium Level 4 builds on the requirements outlined in CEN/TS 18099, providing an increased level of assurance with an extended period of active testing and inclusion of complex, highly-weighted attack types.”

Ingenium’s injection attack detection testing is arranged in five levels/tiers. The first two correspond to the “substantial” and “high” evaluation levels in CEN/TS 18099:2025. The final three levels exceed the standard.

Level 4:

“Level 4: A 40-day FTE evaluation that further exceeds the CEN TS 18099:2025 standard. Level 4 maintains a high attack weighting while specifically targeting the IAI detection capabilities of your system. Although not a formal PAD (Presentation Attack Detection) assessment, this level offers valuable insights into your system’s PAD subsystem resilience.”

Because while they are technically different, injection attack detection and presentation attack detection are intertwined. 

Does your product detect attacks?

And if you adopt a customer focus, the customer doesn’t really care about the TYPE of attack. The customer ONLY cares about the attack itself, and whether or not the vendor detected and prevented it.

Identity/biometric marketing leaders, does your product offer independent confirmation of its attack detection capabilities? If not, do you publicize your own self-assertion of detection?

Because if you DON’T explicitly address attack detection, your prospects are forced to assume that you can’t detect attacks at all. And your prospects will avoid you as dangerous and gravitate to vendors who DO assert attack detection in some way.

And you will lose money.

Regardless of whether you are in the United States, United Kingdom, or the European continent…losing money is not good.

So don’t lose money. Tell your prospects about your attack detection. Or have Bredemarket help you tell them. Talk to me.

Biometric product marketing expert. This is NOT in the United Kingdom.

Postscript: Non iProov injection attack detection here.

Why Identity/Biometric Prospects of Marketing and Writing Firms Benefit from Specificity

Bredemarket markets to identity/biometric firms that market to their own prospects.

And this quote from Aja Frost at HubSpot is relevant to anyone who markets to anyone, and wants to attract attention from people using Google Gemini, ChatGPT, and other large language models to answer questions. You need to practice answer engine optimization (AEO).

“In the old world, you’d be publishing ‘The Ultimate Guide to Content Marketing.’ And in the AEO world, you are publishing ‘The Ultimate Guide to Content Marketing If You Work at a Logistics Company in New Jersey’ because answer engines surface highly relevant, contextualized, tailored information to every person who is using them.

HubSpot preaches something very similar to Never Search Alone: when you cast a wide net, there are too many holes.

Google Gemini.

This reminded me that I need to narrow my focus whenever possible and address the issues important to marketing leaders at identity and biometric firms.

What types of “highly relevant, contextualized, tailored information” do identity/biometric prospects need?

What types of customer-focused benefits resonate with them?

How can a biometric product marketing expert help identity/biometric firms?

Why don’t you ask me, and we can work together to create that highly relevant content?

An IMEI Number Is NOT Unique to Each Mobile Phone

(Imagen 3)

Have you ever used the phrase “sort of unique”? Something is either unique or it isn’t. And International Mobile Equipment Identity (IMEI) numbers fail the uniquness test.

Claims that International Mobile Equipment Identity (IMEI) numbers are unique

Here’s what a few companies say about the IMEI number on each mobile phone. Emphasis mine.

  • Thales: “The IMEI (International Mobile Equipment Identity) number is a unique 15-digit serial number for identifying a device; every mobile phone in the world has one.”
  • Verizon: “An IMEI stands for International Mobile Equipment Identity. Think of it as your phone’s fingerprint — it’s a 15-digit number unique to each device.”
  • Blue Goat Cyber: “In today’s interconnected world, where our smartphones have become an indispensable part of our lives, it is essential to understand the concept of IMEI – the International Mobile Equipment Identity. This unique identifier plays a crucial role in various aspects of our mobile devices, from security to tracking and repairs.”

These and other descriptions of the IMEI prominently use the word “unique.” Not “sort of unique,” but “unique.”

Which means (for non-person entities, just like persons) that if someone can find a SINGLE reliable instance of more than one mobile phone having the same IMEI number, then the claim of uniqueness falls apart completely.

Examples of non-uniqueness of IMEI numbers on mobile phones

People who claim IMEI uniqueness obviously didn’t read my Bredemarket blog post of April 1, in which I WASN’T fooling.

  • I talked about an incident in India in which a cyber fraud operation “specialised in IMEI cloning.”
  • And an incident in Canada in which someone was scammed out of C$1,000, even though the phone had a valid IMEI.

IMEICheck.net even tells you (at a high level) how to clone an IMEI. It’s not easy, but it’s not impossible.

“In theory, hackers can clone a phone using its IMEI, but this requires significant effort. They need physical access to the device or SIM card to extract data, typically using specialized tools.

“The cloning process involves copying the IMEI and other credentials necessary to create a functional duplicate of the phone. However, IMEI number security features in modern devices are designed to prevent unauthorized cloning.”

So don’t claim an IMEI is unique when there is evidence to the contrary. As I said in my April post:

NOTHING provides 100.00000% security. Not even an IMEI number.”

What does this mean for your identity product?

If you offer an identity product, educate your prospects and avoid unsupportable claims. While a few prospects may be swayed by “100%” claims, the smarter ones will appreciate more supportable statements, such as “Our facial recognition algorithm demonstrated a 0.0022 false non-match rate in the mugshot:mugshot NIST FRTE 1:1 laboratory testing.”

When you are truthful in educating your prospects, they will (apologizes in advance for using this overused word) trust you and become more inclined to buy from you.

If you need help in creating content (blog posts, case studies, white papers, proposals, and many more), work with Bredemarket to create the customer-focused content you need. Book a free meeting with me.

Stop losing prospects! Use Bredemarket content for tech marketers

Biometric Marketers: What About WRITER Personas?

(Imagen 4)

Biometric marketing leaders already know that I’ve talked about reader personas to death. But what about WRITER personas? And what happens when you try to address ALL the reader and writer personas?

Reader personas

While there are drawbacks to using personas, they are useful in both content marketing and proposal work when you want to tailor your words to resonate with particular types of readers (target audiences, or hungry people).

I still love my example from 2021 in which a mythical Request for Proposal (RFP) was issued by my hometown of Ontario, California for an Automated Biometric Identification System (ABIS). The proposal manager had to bear the following target audiences (hungry people) in mind for different parts of the proposal.

  • The field investigators who run across biometric evidence at the scene of a crime, such as a knife with a fingerprint on it or a video feed showing someone breaking into a liquor store.
  • The examiners who look at crime scene evidence and use it to identify individuals. 
  • The people who capture biometrics from arrested individuals at livescan stations. 
  • The information technologies (IT) people who are responsible for ensuring that Ontario, California’s biometric data is sent to San Bernardino County, the state of California, perhaps other systems such as the Western Identification Network, and the Federal Bureau of Investigation. 
  • The purchasing agent who has to make sure that all of Ontario’s purchases comply with purchasing laws and regulations. 
  • The privacy advocate who needs to ensure that the biometric data complies with state and national privacy laws.
  • The mayor (Paul Leon back in 2021, and still in 2025), who has to deal with angry citizens asking why their catalytic converters are being stolen from their vehicles, and demanding to know what the mayor is doing about it. 
  • Probably a dozen other stakeholders that I haven’t talked about yet, but who are influenced by the city’s purchasing decision.

Writer personas

But who is actually writing the text to address these different types of readers?

Now in this case I’m not talking about archetypes (a topic in itself), but about the roles of the subject matter experts who write or help write the content.

I am currently working on some internal content for a Bredemarket biometric client. I can’t reveal what type of content, but it’s a variant of one of the 22 types of content I’ve previously addressed. A 23rd type, I guess.

Anyway, I am writing this content from a product marketing perspective, since I am the self-proclaimed biometric product marketing expert. This means that the internal content fits into a story, focuses on the customer, highlights benefits, and dwells on the product.

But what would happen if someone in a role other than product marketing consultant wrote this content?

  • An engineer would emphasize different things. Maybe a focus on the APIs.
  • A finance manager would emphasize different things. Maybe an ROI focus.
  • A salesperson may focus on different things. Maybe qualification of a prospect. Or eventually conversion.

So the final content is not only shaped by the reader, but by the writer.

You can’t please everyone so you’ve got to please yourself

With all the different reader and writer personas, how should you respond?

Do all the things?

Perhaps you can address everyone in a 500 page proposal, but the internal content Bredemarket is creating is less than 10 pages long.

Which is possibly already too long for MY internal target audience.

So I will NOT create the internal content that addresses the needs of EVERY reader and writer persona.

Which is one truth about (reader) personas in general. If you need to address three personas, it’s more effective to create 3 separate pieces than a single one.

Which is what I’m doing in another project for this same Bredemarket biometric client, this one customer-facing.

And the content targeted to latent examiners won’t mention the needs of Paul Leon.

In which I address the marketing leader reader persona

So now I, the biometric product marketing expert writer persona, will re-address you, the biometric marketing leader reader persona.

You need content, or proposal content.

But maybe you’re not getting it because your existing staff is overwhelmed.

So you’re delaying content creation or proposal responses, or just plain not doing it. And letting opportunities slip through your fingers.

Plug the leaks and stop your competitors from stealing from you. Bring Bredemarket on board. Schedule a free exploratory meeting today at https://bredemarket.com/cpa/.

CPA
Bredemarket’s “CPA.”

How to Isolate Your Unfocused Company

(StealthCo picture from Imagen 3)

So what are you doing, Jane?

“I’m a Scrum Master. Very busy.”

Who are you working for?

“I can’t tell you. We’re in stealth mode.”

When will you emerge?

“When we are ready to blow the world away.”

Um, how do you know that you will blow the world away?

“Our leader says so. And she knows what she’s talking about. She attended Stanford.”

But is anyone checking your assumptions?

“Of course. All 23 employees…forget I said that number.”

But what about your prospects? What are they saying?

“We know they will love it!”

Did they say they will love it?

“We know they will!”

What if the prospects learn about your stealth product and decide it sucks? And all the years you’ve spent developing in isolation are in vain because of a lack of true customer focus?

“That won’t happen. Our leader knows what she’s talking about. She founded one successful company, and uses that experience to guide us remotely from Texas.”

Who is this leader?

“Elizabeth Holmes. Have you heard of her?”

Elizabeth Holmes picture public domain.

Ending the Isolation

There are potentially valid reasons for entering stealth mode, including protecting trade secrets and keeping the competition away. 

But…there is a risk if you also keep the prospects away from your stealth mode operations and fail to engage with them. Who knows—maybe your prospects might have some ideas of what they need, and that information might be good to know. Your unicorn rockstar fearless dear leader may not know EVERYTHING.

If you want to work out a strategy for getting prospects engaged, let me ask you a few questions. Book a free meeting at https://bredemarket.com/cpa/

Are Your Competitors Stealing From You? The Ultimate Guide to Increasing Prospect Awareness

Technology marketers, do your prospects know who you are?

If they don’t, then your competitors are taking your rightful revenue.

Don’t let your competitors steal your money.

Before I tell you how Bredemarket can solve your technology company’s awareness problem, let me spill the secret of why I’m asking the question in the first place.

The wildebeest’s friend

Normally I don’t let non-person entities write Bredemarket content, but today I’m making an exception.

Sources.

My usual generative AI tool is Google Gemini, so I sent this prompt:

“What are the five most important types of marketing content to create for a technology software company?”

A little secret: if you want generative AI to supply you with 3 things, ask for more than that. Some of the responses will suck, but maybe the related ones are insightful.

In this case I only wanted ONE type of marketing content, but I reserve the right to “co-author” four more posts based upon the other responses.

Of the 5 responses from Google Gemini, this was the first:

 “In-depth Problem-Solving Content (Think Blog Posts, White Papers, Ebooks): Your potential customers are likely facing specific challenges. Content that dives deep into those problems and offers insightful solutions (even if it doesn’t directly pitch your product) builds trust and positions you as a thought leader. Think “The Ultimate Guide to [Industry Challenge]” or a white paper on “Navigating [Complex Technical Issue].””

Now you see where I got the idea for the title of this post. Normally I shy away from bombastic words like “ultimate,” but this sage is going a little wild.

So the bot tells me that the most important type of marketing content for a technology software company is short-form or long-form problem-solving content.

Going meta 

Let’s get a little meta (small m) here.

If your prospects don’t know who you are, create customer-focused content that explains how your company can solve their problems.

Solving problems.

Now let’s get meta meta.

If you need help creating this content, whether it’s blog posts, articles, white papers, case studies, proposals, or something else, Bredemarket can help you solve your problem.

Let’s talk about your problem and how we can work together to solve it. Book a free meeting via the https://bredemarket.com/cpa/ URL.

(All AI illustrations from Imagen 3 via Google Gemini, of course)

Bredemarket’s “CPA.”

Reel Customer Focus and Employee Focus

After creating my textual “Customer Focus and Employee Focus,” I used Facebook to repurpose the Imagen 3-created images as a short reel, “Do your prospects believe your claimed employee focus?”

See my original post for the answers to these and following questions:

  • Do J.P. Morgan Chase’s employees matter to Jamie Dimon?
  • Do Meta’s employees matter to Mark Zuckerberg?
  • Do federal employees matter to Elon Musk and Donald Trump?
  • Do Virgin employees matter to Richard Branson?

The song is Nick Gallant’s “Gonna Need A Little Help.”

Do your prospects believe your claimed employee focus?

Customer Focus and Employee Focus

(All images Imagen 3)

When you market to your prospects and customers, will they believe what you say? Or will you be exposed as a liar?

The Bredemarket blog has talked incessantly about customer focus from a marketing perspective, noting that an entity’s marketing materials need to speak to the needs of the customer or the prospect, not the selling entity.

But customer focus alone is not enough. When the customers sign up, they have to deal with someone.

Unless the customer is stuck in answer bot hell (another issue entirely), they will deal with an employee.

The expendables 

And some employees are not happy, because they feel they are expendable.

Steve Craig of PEAK IDV recently shared a long quote from J.P. Morgan Chase’s Jamie Dimon. Here’s a short excerpt:

“Every area should be looking to be 10% more efficient. If I was running a department with a hundred people, I guarantee you, if I wanted to, I couldn’t run it with 90 and be more efficient. I guarantee you, I could do it.”

So J.P. Morgan Chase is doing very well, Dimon is doing very well, but he’s implicitly saying that his people suck.

Another CEO, Meta’s Mark Zuckerberg, is more explicit about how much his people suck.

“This is going to be an intense year, and I want to make sure we have the best people on our teams. I’ve decided to raise the bar on performance management and move out low performers faster.”

You may have noticed my intentional use of the word “entity” at the beginning of this post. Because while businesses have attracted much attention in the current culture of “layoffs will continue until morale improves,” these businesses are themselves “low performers” in the shedding people category. Chief DOGE Elon Musk, fresh from reducing X’s headcount, is coordinating layoffs in the public sector.

“Federal agencies were ordered by Donald Trump to fire mostly probationary staff, with as many as 200,000 workers set to be affected and some made to rush off the premises.”

Zuckerberg could only dream of saying “you’re fired” to 200,000 people. That dream would certainly increase his masculine energy, but for now Musk has trumped Zuckerberg on that front.

  • Do J.P. Morgan Chase’s employees matter to Jamie Dimon?
  • Do Meta’s employees matter to Mark Zuckerberg?
  • Do federal employees matter to Elon Musk and Donald Trump?

Regardless of the answer (and one could assert that they like the “good” employees and don’t want them to be harmed by the bad apples), their views are not universal.

The other extreme

Richard Branson (reportedly) does not put his needs first at the Virgin companies he runs.

Nor does he prioritize investors.

Oh, and if you’re one of Virgin’s customers…your happiness isn’t critically important either.

Branson’s stance is famous, and (literally) sounds foreign to the Dimons and Zuckerbergs of the world.

“So, my philosophy has always been, if you can put staff first, your customer second and shareholders third, effectively, in the end, the shareholders do well, the customers do better, and yourself are happy.”

You could argue that this is a means to an end, and that employee focus CAUSES customer focus. What if employee focus is missing?

“If the person who’s working for your company is not given the right tools, is not looked after, is not appreciated, they’re not gonna do things with a smile and therefore the customer will be treated in a way where often they won’t want to come back for more.”

Think about this the next time you have a problem with your Facebook account or at a Chase Bank or with your tax return.

Whether back office issues matter to customers

Of course I may be over reading into this, because I have said that the customer doesn’t care about your company. If you solve their problems, they don’t care if you’re hiring 200,000 people or firing 200,000 people.

If you solve their problems.

I can’t cite the source or the company, but I heard a horror story about an unhappy customer. The company had heavily bought into the “layoffs will continue until morale improves” philosophy, resulting in turnover in the employees who dealt with customers. When the customer raised an issue with the company, it made a point of saying that employee John Jones (not the employee’s real name) could have solved the customer’s problem long ago if the company hadn’t removed Jones from the account.

What about your company’s marketing?

So think about this in your marketing. Before you brag about your best places to work award, make sure that your prospect will see evidence of this in the employees they encounter.

“Our 8th annual LinkedIn Top Companies list highlights the 50 best large workplaces to grow your career in the U.S. right now. Fueled by unique LinkedIn data, the methodology analyzes various facets of career progression like promotion rates, skill development and more among employees at each company.”

Number 1 on LinkedIn’s April 2024 list? J.P. Morgan Chase.

Number 2? Amazon.

Number 6? UnitedHealth Group.

Um, maybe not.

In the meantime, take care of yourself, and each other.


Jerry Springer. By Justin Hoch, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=16673259.

Discovery With Your Ears

(All images Imagen 3)

You probably have meetings with potential customers. The common term for these meetings is the “discovery call.”

Because I’m contrarian, I never use the term “discovery call,” and instead just refer to a “30 minute content needs assessment.” I should add, a “FREE 30 minute content needs assessment.” (Although 99% of these initial meetings are free anyway.)

Whatever you call the meeting, your job in the meeting isn’t to be like Christopher Columbus and chart new lands and persist in the mistaken belief that you’re in China.

Your primary job is to LISTEN.

It’s not all about me

Using Bredemarket as an example, my primary goal in the meeting isn’t to blather on about my 30 years in biometrics, or my more than 30 years of writing, or how I was a former Radio Shack Battery Club card holder, or how I shook Gerald Ford’s hand once.

There is a well-known marketer who starts every one of their webinars with a five-minute introductory video that describes how great the marketer is. After sitting through a few of these introductions, I resolved to intentionally attend the next webinar five minutes later so that I didn’t have to sit through that again. But as time passed, I found I wasn’t attending any of the marketer’s webinars at all.

It’s all about you

Returning to Bredemarket, my goal for the initial meeting is to listen and focus upon what the potential customer needs.

Another in-vogue term is “pain points,” and that’s a term that I actually DO use. The potential customer has a problem, and maybe Bredemarket can help solve it, or maybe Bredemarket can’t.

And I’m not going to know that if I don’t let the potential customer speak.

It’s all about us

Now if you’re a potential customer that needs content, proposal, or analysis marketing and writing services, you can read about Bredemarket’s services on my “CPA” page.

And you can decide whether you want to book a “Free 30 minute content needs assessment” with me.