Identity/biometrics/technology marketing and writing services
Update to the March 3 version. Added Oz Forensics.
| Vendor | Modality | Confirming Lab | Link/Date |
| Aware | Face | BixeLab | November 2025 |
| FaceTec | Face | BixeLab | October 2025 |
| Incode | Face | iBeta | February 2026 |
| Oz Forensics | Face | BixeLab | March 2026 |
| Paravision | Face | Ingenium | September 2025 |
| Yoti | Face | iBeta | January 2026 |
I know that the experts say that “too much knowledge is actually bad in tech.” But based upon what I just saw from an (unnamed) identity verification company, I assert that too little knowledge is much worse.
As a biometric product marketing expert and biometric product marketing writer, I pay a lot of attention to how identity verification companies and other biometric and identity companies market themselves. Many companies know how to speak to their prospects…and many don’t.
Take a particular company, which I will not name. Here is the “marketing” from this company.
So what is the difference between this company and the other 100+ identity verification companies…many of which explicitly state their benefits, trumpet their NIST FRTE performance, and trumpet their third-party liveness detection confirmation letters?
If you claim great accuracy and great liveness detection but can’t support it via independent third-party verification, your claim is “so what?” worthless. Prove your claims.
Now I’m sure I could help this company. Even if they have none of the certifications or confirmations I mentioned, I could at least get the company to focus on meaningful differentiation and meaningful benefits. But there’s no need to even craft a Bredemarket pitch to the company, since the only marketer on staff is an intern who is indifferent to strategy.
Because while many companies assert that all they need is a salesperson, an engineer, an African data labeler, and someone to run the generative AI for everything else…there are dozens of competitors doing the exact same thing.
But some aren’t. Some identity/biometric companies are paying attention to their long-term viability, and are creating content, proposals, and analyses that support that viability.
Take a look at your company’s marketing. Does it speak to prospects? Does it prove that you will meet your customers’ needs? Or does it sound like every other company that’s saying “We use AI. Trust us“?
And if YOUR company needs experienced help in conveying customer-focused benefits to your prospects…contact Bredemarket. I’ve delivered meaningful biometric materials to two dozen companies over the years. And yes, I have experience. Let me use it for your advantage.
Update to the February 27 version. Added Incode.
| Vendor | Modality | Confirming Lab | Link/Date |
| Aware | Face | BixeLab | November 2025 |
| FaceTec | Face | BixeLab | October 2025 |
| Incode | Face | iBeta | February 2026 |
| Paravision | Face | Ingenium | September 2025 |
| Yoti | Face | iBeta | January 2026 |
I remember when I was working in Anaheim and keeping track of the latest BIPA lawsuits, back when you could count them on one hand…then on two hands…then there were too many.
I feel the same way about my previous attempts to track the vendors that offer solutions that conform to ISO 30107-3 Presentation Attack Detection Level 3. I thought I’d found them all, then I’d find another one.
So here’s my current (Friday afternoon) list of the PAD 3 conforming solutions.
| Vendor | Modality | Confirming Lab | Link/Date |
| Aware | Face | BixeLab | November 2025 |
| FaceTec | Face | BixeLab | October 2025 |
| Paravision | Face | Ingenium | September 2025 |
| Yoti | Face | iBeta | January 2026 |
While Google Gemini informed me that Veridas had also received Level 3 confirmation from iBeta, that turned out to be a hallucination. Veridas realizes the importance of Level 3, though, as do other selected vendors, so I suspect this table will be outdated soon.
Oh, and just to confuse things further, some of the other tests, such as CEN/TS 18099 injection attack detection tests, also may apply in some way to presentation attacks. Or maybe not. We’ll see.
This morning’s post listed three companies with independently demonstrated conformance to ISO 30107-3 presentation attack detection level 3: Aware, FaceTec, and Yoti.
The independent evaluators were BixeLab and iBeta.
But Ingenium provides PAD level 3 conformance assessments also.
And Ingenium testified to Paravision’s conformance.
So that’s a total of four companies at PAD Level 3: Aware, FaceTec, Paravision, and Yoti.
Who else did I miss?
And I will revisit my earlier question. Will consumers perceive that THEIR data is valuable enough to warrant Level 3 liveness detection? And avoid the solutions with “only” Level 2 conformance?
Four companies (so far) are betting on it.
If you needed any confirmation that Presentation Attack Detection Level 2 is so last year, you have it now.
Last month I talked about Yoti achieving confirmation of PAD Level 3 in iBeta testing.
But iBeta isn’t the only entity performing PAD Level 3 testing.
Will PAD Level 3 become the new floor for liveness detection? It depends upon your needs. Here’s how Mantra explains the difference between levels 2 and 3.
Level 2 (L2):
More realistic spoofs-high-quality 3D masks, composite fingers, better materials. Harder to detect, but still lab-craft attacks.
Level 3 (L3):
Advanced adversary scenarios-custom molds, hyper-realistic masks, lab-grade fabrication. Represents attackers with serious resources.
The “serious resources” part is key. Fraudsters will only spend “serious resources” if the target is valuable enough.
But will consumers perceive that THEIR data is valuable enough to warrant Level 3 liveness detection? And avoid the solutions with “only” Level 2 conformance?
Three companies (so far) are betting on it.
(Actually four. See my update.)
(And yes, the three hands on the fraudster should have been a giveaway…)
There are numerous independent testing laboratories, holding testing certifications from various entities, that test a product’s conformance to the requirements of a particular standard.
For presentation attack detection (liveness), organizations such as iBeta and BixeLab test conformance to ISO 30107-3.
For injection attack detection, Ingenium tests conformance to CEN/TS 18099:2025, as well as testing that exceeds the requirements of that standard.
Unfortunately, I was unable to locate a central source of all of Ingenium’s testing results. So I had to hunt around.
| Biometric Vendor | Ingenium Injection Attack Detection Test Level | Notes |
| FaceTec | 2 | Ingenium letter on FaceTec website |
| iProov | 4 | Bredemarket blog post “Injection Attack Detection, CEN/TS 18099:2025, and iProov“ |
And…that’s all I could find.
Ingenium’s testing is relatively new, as is the whole idea of performing injection attack detection testing in general, so it shouldn’t be surprising that vendors haven’t rushed to get independent confirmation of injection attack capabilities.
But they should.
I’ve mentioned this before, but it’s worth exploring in more detail, since I only discussed Level 4. Here’s a complete list of all five of Ingenium’s testing evaluation tiers:
- Level 1: CEN Substantial: This tier is equivalent to the CEN TS 18099:2025 ‘substantial’ evaluation level. A Level 1 test requires 25 FTE days and includes a focus on 2 or more IAMs and 10 or more IAI species. It’s a great starting point for assessing your system’s resilience to common injection attacks.
- Level 2: CEN High: Exceeding the substantial level, this tier aligns with the CEN TS 18099:2025 ‘high’ evaluation level. This 30-day FTE evaluation expands the scope to include 3 or more IAMs and a higher attack weighting, providing a more rigorous test of your system’s defenses.
- Level 3: This level goes beyond the CEN TS 18099:2025 standard to provide an even more robust evaluation. The 35-day FTE program focuses on a higher attack weighting, with a greater emphasis on sophisticated IAMs and IAI species to ensure a more thorough assessment of your system’s resilience.
- Level 4: A 40-day FTE evaluation that further exceeds the CEN TS 18099:2025 standard. Level 4 maintains a high attack weighting while specifically targeting the IAI detection capabilities of your system. Although not a formal PAD (Presentation Attack Detection) assessment, this level offers valuable insights into your system’s PAD subsystem resilience.
- Level 5: Our most comprehensive offering, this 50-day FTE evaluation goes well beyond the CEN TS 18099:2025 requirements. Level 5 includes the highest level of Ingenium-created IAI species, which are specifically tailored to the unique functionality of your system. This intensive testing provides the deepest insight into your system’s resilience to injection attacks.
As I was publicizing my iProov injection attack detection post, I used Grok to create an injection attack detection video. Not for the squeamish, but injection attacks are nasty anyway.
We’ve talked about Levels 1 and 2 of iBeta’s confirmation that particular biometric implementations meet the requirements of ISO 30107-3. But now with Yoti’s confirmation, we can talk about iBeta Level 3.
From iBeta:
“The test method was to apply 1 bona fide subject presentation that alternated with 3 artefact presentations such that the presentation of each species consisted of 150 Presentation Attacks (PAs) and 50 bona fide presentations, or until 56 hours had passed per species. The results were displayed for the tester on the device as “Liveness check: Passed” for a successful attempt or “Liveness check: Failed” for an unsuccessful attempt.
“iBeta was not able to gain a liveness classification with the presentation attacks (PAs) on the Apple iPhone 16 Pro. With 150 PAs for each of 3 species, the total number of attacks was 450, and the overall Attack Presentation Classification Error Rate (APCER) was 0%. The Bona Fide Presentation Classification Error Rate (BPCER) was also calculated and may be found in the final report.
“Yoti Limited’s myface12122025 application and supporting backend components were tested by iBeta to the ISO 30107-3 Biometric Presentation Attack Detection Standard and found to be in compliance with Level 3.”
More from Yoti itself.
“Yoti’s MyFace is the first passive, single-selfie liveness technology in the world to conform to iBeta’s Level 3 testing under ISO/IEC 30107-3 – their highest level for liveness checks.”
Also see Biometric Update and UK Tech.
After all, facial age estimation is of no meaning whatsoever if the face is fake. So it was important that Yoti receive this confirmation.
(Part of the biometric product marketing expert series)
When marketing your facial recognition product (or any product), you need to pay attention to your positioning and messaging. This includes developing the answers to why, how, and what questions. But your positioning and your resulting messaging are deeply influenced by the characteristics of your product.
There are hundreds of facial recognition products on the market that are used for identity verification, authentication, crime solving (but ONLY as an investigative lead), and other purposes.
Some of these solutions ONLY use face as a biometric modality. Others use additional biometric modalities.
Your positioning depends upon whether your solution only uses face, or uses other factors such as voice.
Of course, if you initially only offer a face solution and then offer a second biometric, you’ll have to rewrite all your material. “You know how we said that face is great? Well, face and gait are even greater!”
It’s no secret that I am NOT a fan of the “passwords are dead” movement.
It seems that many of the people that are waiting the long-delayed death of the password think that biometrics is the magic solution that will completely replace passwords.
For this reason, your company might have decided to use biometrics as your sole factor of identity verification and authentication.
Or perhaps your company took a different approach, and believes that multiple factors—perhaps all five factors—are required to truly verify and/or authenticate an individual. Use some combination of biometrics, secure documents such as driver’s licenses, geolocation, “something you do” such as a particular swiping pattern, and even (horrors!) knowledge-based authentication such as passwords or PINs.
This naturally shapes your positioning and messaging.
So position yourself however you need to position yourself. Again, be prepared to change if your single factor solution adopts a second factor.
Every company has its own way of approaching a problem, and your company is no different. As you prepare to market your products, survey your product, your customers, and your prospects and choose the correct positioning (and messaging) for your own circumstances.
And if you need help with biometric positioning and messaging, feel free to contact the biometric product marketing expert, John E. Bredehoft. (Full-time employment opportunities via LinkedIn, consulting opportunities via Bredemarket.)
In the meantime, take care of yourself, and each other.
Remember in mid-August when I said that the U.S. National Institute of Standards and Technology was splitting its FRVT tests into FRTE and FATE tests?
Well, the FATE side of the house has released its first two studies, including one entitled “Face Analysis Technology Evaluation (FATE) Part 10: Performance of Passive, Software-Based Presentation Attack Detection (PAD) Algorithms” (NIST Internal Report NIST IR 8491; PDF here).
I’ve written all about this study in a LinkedIn article under my own name that answers the following questions:
My LinkedIn article, “Why NIST Cares About Presentation Attack Detection…and Why You Should Also,” can be found at the link https://www.linkedin.com/pulse/why-nist-cares-presentation-attack-detectionand-you-should-bredehoft/.
Bredemarket