Tag Archives: ibeta

Three Ways in Which My Identity/Biometric Experience Exhibits My “Bias”

Yeah, I’m still focused on that statement:

“I think too much knowledge is actually bad in tech: you’re biased.”

Why does this quote affect me so deeply? Because with my 30-plus years of identity/biometric experience, I obviously have too much knowledge of the industry, which is obviously bad. After all, all a biometric company needs is a salesperson, an engineer, an African data labeler, and someone to run the generative AI for everything else. The company doesn’t need someone who knows that Printrak isn’t spelled with a C.

Google Gemini.

In this post I will share three of the “biases” I have developed in my 30-plus years in identity and biometrics, and how to correct these biases by stripping away that 20th century experience and applying novel thinking.

And if that last paragraph made you throw up in your mouth…read to the end of the post.

But first, let’s briefly explore these three biases that I shamefully hold due to my status as a biometric product marketing expert:

  1. Independent algorithmic confirmation is valuable.
  2. Process is valuable.
  3. Artificial intelligence is merely a tool.
Biometric product marketing expert.

Bias 1: Independent Algorithmic Confirmation is Valuable

Biometric products need algorithms to encode and match the biometric samples, and ideally to detect presentation and injection attacks.

But how do prospects know that these algorithms work? How accurate are they? How fast are they? How secure are they?

My bias

My brain, embedded with over 30 years of bias, gravitates to the idea that vendors should submit their algorithms for independent testing and confirmation.

From a NIST facial recognition demographic bias text.

This could be an accuracy test such as the ones NIST and DHS administer, or confirmation of presentation attack detection capabilities (as BixeLab, iBeta, and other organizations perform), or confirmation of injection attack detection capabilities.

Novel thinking

But you’re smarter than that and refuse to support the testing-industrial complex. They have their explicit or implicit agendas and want to force the biometric vendors to do well on the tests. For example, the U.S. Federal Bureau of Investigation’s “Appendix F” fingerprint capture quality standard specifically EXCLUDES contactless solutions, forcing everyone down the same contact path.

But you and your novel thinking reject these unnecessary impediments. You’re not going to constrain yourself by the assertions of others. You are going to assert your own benefits. Develop and administer your own tests. Share with your prospects how wonderful you are without going through an intermediary. That will prove your superiority…right?

Bias 2: Process is Valuable

A biometric company has to perform a variety of tasks. Raise funding. Hire people. Develop, market, propose, sell, and implement products. Throw parties.

How will the company do all these things?

My bias

My brain, encumbered by my experience (including a decade at Motorola), persists in a belief that process is the answer. The process can be as simple as scribblings on a cocktail napkin, but you need some process if you want to cash out in a glorious exit—I mean, deliver superior products to your customers.

Perhaps you need a development processs that defines, among other things, how long a sprint should be. A capture and proposal process (Shipley or simpler) that defines, among other things, who has the authority to approve a $10 million proposal A go-to-market process that defines the deliverables for different tiers, and who is responsible, accountable, consulted, and informed. Or maybe just an onboarding process when starting a new project, dictating the questions you need to ask at the beginning.

Bredemarket’s seven questions. I ask, then I act.

Novel thinking

Sure all that process is fine…if you don’t want to do anything. Do you really want to force your people to wait two weeks for the latest product iteration? Impose a multinational bureauracy on your sales process? Go through an onerous checklist before marketing a product?

Google Gemini.

Just code it.

Just sell it.

Just write it.

Bias 3: Artificial Intelligence is Merely a Tool

The problem with experienced people is that they think that there is nothing new under the sun.

You talk about cloud computing, and they yawn, “Sounds like time sharing.” You talk about quantum computing, and they yawn, “Sounds like the Pentium.” You talk about blockchain, and they yawn, “Sounds like a notary public.”

My bias

As I sip my Pepperidge Farm, I can barely conceal my revulsion at those who think “we use AI” is a world-dominating marketing message. Artificial intelligence is not a way of life. It is a tool. A tool that in and of itself does not merit much of a mention.

Google Gemini.

How many automobile manufacturers proclaim “we use tires” as part of their marketing messaging? Tires are essential to an automobile’s performance, but since everyone has them, they’re not a differentiator and not worthy of mention.

In the same way, everyone has AI…so why talk about its mere presence? Talk about the benefits your implementation provides and how these benefits differentiate you from your competitors.

Novel thinking

Yep, the grandpas that declare “AI is only a tool” are missing the significance entirely. AI is not like a Pentium chip. It is a transformational technology that is already changing the way we create, sell, and market.

Therefore it is critically important to highlight your product’s AI use. AI isn’t a “so what” feature, but an indication of revolutionary transformative technology. You suppress mention of AI at your own peril.

How do I overcome my biases of experience?

OK, so I’ve identified the outmoded thinking that results from too much experience. But how do I overcome it?

I don’t.

Because if you haven’t already detected it, I believe that experience IS valuable, and that all three items above are essential and shouldn’t be jettisoned for the new, novel, and kewl.

  • Are you a identity/biometric marketing leader who needs to tell your prospects that your algorithms are validated by reputable independent bodies?
  • Or that you have a process (simple or not) that governs how your customers receive your products?
  • Or that your AI actually does unique things that your competitors don’t, providing true benefits to your customers?

Bredemarket can help with strategy, analysis, content, and/or proposals for your identity/biometric firm. Talk to me (for free).

By the way, here’s MY process (and my services and pricing).

Bredemareket: Services, Process, and Pricing.

The April 2, 2026 List of PAD 3 Conforming Solutions

Update to the March 25 version. Added BioID.

VendorModalityConfirming LabLink/Date
AwareFaceBixeLabNovember 2025
BioIDFaceTüvitAugust 2025 (1) (2)
FaceTecFaceBixeLabOctober 2025
IncodeFaceiBetaFebruary 2026
Oz ForensicsFaceBixeLabMarch 2026
ParavisionFaceIngeniumSeptember 2025
YotiFaceiBetaJanuary 2026

I’m slowly finding these vendors. I won’t maintain this list forever, but as long as there are so few Level 3 solutions, I want to highlight them.

Coincidentally, I just reviewed an eBook by one of the vendors listed above, detailing things that you should seek in your liveness detection vendor.

  • The eBook listed several items.
  • To no one’s surprise, this particular vendor provided ALL of these items in its liveness detection solution.
  • Surprisingly, however, the vendor did NOT mention independent confirmation of PAD capabilities.

The March 25, 2026 List of PAD 3 Conforming Solutions

Update to the March 3 version. Added Oz Forensics.

VendorModalityConfirming LabLink/Date
AwareFaceBixeLabNovember 2025
FaceTecFaceBixeLabOctober 2025
IncodeFaceiBetaFebruary 2026
Oz ForensicsFaceBixeLabMarch 2026
ParavisionFaceIngeniumSeptember 2025
YotiFaceiBetaJanuary 2026

Why Biometric Marketing Experience Beats Biometric Marketing Immaturity

I know that the experts say that “too much knowledge is actually bad in tech.” But based upon what I just saw from an (unnamed) identity verification company, I assert that too little knowledge is much worse.

As a biometric product marketing expert and biometric product marketing writer, I pay a lot of attention to how identity verification companies and other biometric and identity companies market themselves. Many companies know how to speak to their prospects…and many don’t.

Take a particular company, which I will not name. Here is the “marketing” from this company.

  • We have funding!
Google Gemini.
  • We offer lower pricing than selected competitors!
  • We claim high facial recognition accuracy but don’t publish our NIST FRTE results! (While the company claims to author its technology, the company name does not appear in either the NIST FRTE 1:1 or NIST FRTE 1:N results.)
  • We claim liveness detection (presentation attack detection) but don’t publish any confirmation letters! (Again, I could not find the company name on the confirmation letter lists from BixeLab or iBeta.)
Google Gemini.

So what is the difference between this company and the other 100+ identity verification companies…many of which explicitly state their benefits, trumpet their NIST FRTE performance, and trumpet their third-party liveness detection confirmation letters?

If you claim great accuracy and great liveness detection but can’t support it via independent third-party verification, your claim is “so what?” worthless. Prove your claims.

Now I’m sure I could help this company. Even if they have none of the certifications or confirmations I mentioned, I could at least get the company to focus on meaningful differentiation and meaningful benefits. But there’s no need to even craft a Bredemarket pitch to the company, since the only marketer on staff is an intern who is indifferent to strategy.

Google Gemini.

Because while many companies assert that all they need is a salesperson, an engineer, an African data labeler, and someone to run the generative AI for everything else…there are dozens of competitors doing the exact same thing.

But some aren’t. Some identity/biometric companies are paying attention to their long-term viability, and are creating content, proposals, and analyses that support that viability.

Take a look at your company’s marketing. Does it speak to prospects? Does it prove that you will meet your customers’ needs? Or does it sound like every other company that’s saying “We use AI. Trust us“?

And if YOUR company needs experienced help in conveying customer-focused benefits to your prospects…contact Bredemarket. I’ve delivered meaningful biometric materials to two dozen companies over the years. And yes, I have experience. Let me use it for your advantage.

The March 3, 2026 List (Probably Still Inaccurate) of PAD 3 Conforming Solutions

Update to the February 27 version. Added Incode.

VendorModalityConfirming LabLink/Date
AwareFaceBixeLabNovember 2025
FaceTecFaceBixeLabOctober 2025
IncodeFaceiBetaFebruary 2026
ParavisionFaceIngeniumSeptember 2025
YotiFaceiBetaJanuary 2026

The Latest, Probably Still Inaccurate, List of PAD 3 Conforming Solutions

I remember when I was working in Anaheim and keeping track of the latest BIPA lawsuits, back when you could count them on one hand…then on two hands…then there were too many.

I feel the same way about my previous attempts to track the vendors that offer solutions that conform to ISO 30107-3 Presentation Attack Detection Level 3. I thought I’d found them all, then I’d find another one.

So here’s my current (Friday afternoon) list of the PAD 3 conforming solutions.

VendorModalityConfirming LabLink/Date
AwareFaceBixeLabNovember 2025
FaceTecFaceBixeLabOctober 2025
ParavisionFaceIngeniumSeptember 2025
YotiFaceiBetaJanuary 2026

While Google Gemini informed me that Veridas had also received Level 3 confirmation from iBeta, that turned out to be a hallucination. Veridas realizes the importance of Level 3, though, as do other selected vendors, so I suspect this table will be outdated soon.

Oh, and just to confuse things further, some of the other tests, such as CEN/TS 18099 injection attack detection tests, also may apply in some way to presentation attacks. Or maybe not. We’ll see.

Even More On Presentation Attack Detection Level 3

This morning’s post listed three companies with independently demonstrated conformance to ISO 30107-3 presentation attack detection level 3: Aware, FaceTec, and Yoti.

The independent evaluators were BixeLab and iBeta.

But Ingenium provides PAD level 3 conformance assessments also.

And Ingenium testified to Paravision’s conformance.

So that’s a total of four companies at PAD Level 3: Aware, FaceTec, Paravision, and Yoti.

Who else did I miss?

And I will revisit my earlier question. Will consumers perceive that THEIR data is valuable enough to warrant Level 3 liveness detection? And avoid the solutions with “only” Level 2 conformance?

Four companies (so far) are betting on it.

More On Presentation Attack Detection Level 3

If you needed any confirmation that Presentation Attack Detection Level 2 is so last year, you have it now.

Last month I talked about Yoti achieving confirmation of PAD Level 3 in iBeta testing.

But iBeta isn’t the only entity performing PAD Level 3 testing.

  • FaceTec’s algorithm received PAD Level 3 confirmation from BixeLab in October.
  • Aware received a similar confirmation in November.

Will PAD Level 3 become the new floor for liveness detection? It depends upon your needs. Here’s how Mantra explains the difference between levels 2 and 3.

Level 2 (L2):

More realistic spoofs-high-quality 3D masks, composite fingers, better materials. Harder to detect, but still lab-craft attacks.

Level 3 (L3):

Advanced adversary scenarios-custom molds, hyper-realistic masks, lab-grade fabrication. Represents attackers with serious resources.

The “serious resources” part is key. Fraudsters will only spend “serious resources” if the target is valuable enough.

But will consumers perceive that THEIR data is valuable enough to warrant Level 3 liveness detection? And avoid the solutions with “only” Level 2 conformance?

Three companies (so far) are betting on it.

(Actually four. See my update.)

(And yes, the three hands on the fraudster should have been a giveaway…)

Additional Ingenium Injection Attack Detection Testing…Result

There are numerous independent testing laboratories, holding testing certifications from various entities, that test a product’s conformance to the requirements of a particular standard.

For presentation attack detection (liveness), organizations such as iBeta and BixeLab test conformance to ISO 30107-3.

  • Vendors who submit their products to iBeta may optionally choose to have the results published; iBeta publishes these confirmation letters here.
  • In a similar manner, BixeLab publishes its confirmation letters here.

For injection attack detection, Ingenium tests conformance to CEN/TS 18099:2025, as well as testing that exceeds the requirements of that standard.

Unfortunately, I was unable to locate a central source of all of Ingenium’s testing results. So I had to hunt around.

Known Ingenium Injection Attack Detection Testing Results

Biometric VendorIngenium Injection Attack Detection Test LevelNotes
FaceTec2Ingenium letter on FaceTec website
iProov4Bredemarket blog post “Injection Attack Detection, CEN/TS 18099:2025, and iProov

And…that’s all I could find.

Ingenium’s testing is relatively new, as is the whole idea of performing injection attack detection testing in general, so it shouldn’t be surprising that vendors haven’t rushed to get independent confirmation of injection attack capabilities.

But they should.

A brief reminder on Ingenium’s five testing levels

I’ve mentioned this before, but it’s worth exploring in more detail, since I only discussed Level 4. Here’s a complete list of all five of Ingenium’s testing evaluation tiers:

  • Level 1: CEN Substantial: This tier is equivalent to the CEN TS 18099:2025 ‘substantial’ evaluation level. A Level 1 test requires 25 FTE days and includes a focus on 2 or more IAMs and 10 or more IAI species. It’s a great starting point for assessing your system’s resilience to common injection attacks.
  • Level 2: CEN High: Exceeding the substantial level, this tier aligns with the CEN TS 18099:2025 ‘high’ evaluation level. This 30-day FTE evaluation expands the scope to include 3 or more IAMs and a higher attack weighting, providing a more rigorous test of your system’s defenses.
  • Level 3: This level goes beyond the CEN TS 18099:2025 standard to provide an even more robust evaluation. The 35-day FTE program focuses on a higher attack weighting, with a greater emphasis on sophisticated IAMs and IAI species to ensure a more thorough assessment of your system’s resilience.
  • Level 4: A 40-day FTE evaluation that further exceeds the CEN TS 18099:2025 standard. Level 4 maintains a high attack weighting while specifically targeting the IAI detection capabilities of your system. Although not a formal PAD (Presentation Attack Detection) assessment, this level offers valuable insights into your system’s PAD subsystem resilience.
  • Level 5: Our most comprehensive offering, this 50-day FTE evaluation goes well beyond the CEN TS 18099:2025 requirements. Level 5 includes the highest level of Ingenium-created IAI species, which are specifically tailored to the unique functionality of your system. This intensive testing provides the deepest insight into your system’s resilience to injection attacks.

Oh, and there’s a video

As I was publicizing my iProov injection attack detection post, I used Grok to create an injection attack detection video. Not for the squeamish, but injection attacks are nasty anyway.

Grok.

Yoti iBeta Confirmation of Presentation Attack Detection Level 3

We’ve talked about Levels 1 and 2 of iBeta’s confirmation that particular biometric implementations meet the requirements of ISO 30107-3. But now with Yoti’s confirmation, we can talk about iBeta Level 3.

From iBeta:

“The test method was to apply 1 bona fide subject presentation that alternated with 3 artefact presentations such that the presentation of each species consisted of 150 Presentation Attacks (PAs) and 50 bona fide presentations, or until 56 hours had passed per species. The results were displayed for the tester on the device as “Liveness check: Passed” for a successful attempt or “Liveness check: Failed” for an unsuccessful attempt.

“iBeta was not able to gain a liveness classification with the presentation attacks (PAs) on the Apple iPhone 16 Pro. With 150 PAs for each of 3 species, the total number of attacks was 450, and the overall Attack Presentation Classification Error Rate (APCER) was 0%. The Bona Fide Presentation Classification Error Rate (BPCER) was also calculated and may be found in the final report.

“Yoti Limited’s myface12122025 application and supporting backend components were tested by iBeta to the ISO 30107-3 Biometric Presentation Attack Detection Standard and found to be in compliance with Level 3.”

More from Yoti itself.

“Yoti’s MyFace is the first passive, single-selfie liveness technology in the world to conform to iBeta’s Level 3 testing under ISO/IEC 30107-3 – their highest level for liveness checks.”

Also see Biometric Update and UK Tech.

After all, facial age estimation is of no meaning whatsoever if the face is fake. So it was important that Yoti receive this confirmation.