Biometric Update https://www.biometricupdate.com Biometrics News, Companies and Explainers Sat, 07 Mar 2026 19:00:21 +0000 en-US hourly 1 66434804 Biometrics back digital government gains around the world https://www.biometricupdate.com/202603/biometrics-back-digital-government-gains-around-the-world https://www.biometricupdate.com/202603/biometrics-back-digital-government-gains-around-the-world#respond Sat, 07 Mar 2026 19:00:21 +0000 https://www.biometricupdate.com/?p=334477 Digital government was in the spotlight this week on Biometric Update with the release of the OECD rankings and a full day of focused coverage on Tuesday. Amadeus could soon take on additional elements of government digital transformation beyond airport biometrics if it acquires Idemia Public Services, and a couple of influential organizations released white papers on connecting digital ID and payments, whether through dedicated credentials or digital wallets. Other top stories of the week introduce workforce fraud solutions, the next step in age assurance and advanced liveness detection.

Transforming public services, payments and borders

The University of Cambridge launched a project to help governments establish and enforce effective regulations for digital identity with a presentation including representatives from the Gates Foundation, the Upanzi Network, Mastercard and Ethiopia’s NIDP. The Cambridge DPI Regulatory Programme: Digital Identity consists of a series of reports, workshops, and a knowledge-sharing hub. The OECD Digital Government Index shows a significant improvement compared to the 2023 version, but also challenges for governments to keep up with the pace of change and public demands. Countries like Portugal and Chile showing major gains in public sector digital transformation celebrated the results. Beyond the OECD, a new authentication framework for public service access has been introduced by St. Lucia. The NAF provides a digital ID accessed through the DigiGov portal or a coming mobile app for secure access to digital government services, including civil registration and online payments. The UK’s sudden pivot, at least in name, from the DIATF to the Trust Framework for Digital Verification Services, included recognition that a private sector DVS market is already in place, and should be fostered. DVS providers will be less encouraged by the suggestion that the public sector should handle access to public services. Idemia Public Security holds a robust portfolio of contracts related to digital government, including for mobile driver’s licenses (mDLs) in the U.S., as well as in biometrics for airport modernization. This could explain why Amadeus has emerged as a suitor in Idemia PS’ sale by Advent, at a price that could exceed $3 billion. Three unnamed countries are behind schedule implementing EES, the EC says. Otherwise, eu-LISA says the system is in a normal, stable operational state, as it lays out its plans for interoperability between the EES, ETIAS and Eurodac biometric systems. A World Bank white paper proposes a conceptual model for reusable digital IDs specifically for fast payments. The Payments Identity Credential would be based on VCs and involve the cooperation of national ID authorities and fast payment systems. Visa considers how digital identity wallets can improve public service delivery and payments in a white paper of its own. Moving beyond ID-only wallets could for example allow people to use the same credential to view their tax information and make a settlement payment.

Workforce fraud protections

Checkr and Oracle have each introduced biometric identity verification systems to protect against different forms of workforce fraud. Checkr has partnered with Socure for face biometrics, liveness and document analysis to catch fraud in the hiring process. Oracle has built biometrics and liveness from vendors including Daon and Clear into its enterprise IAM platform for access control and reauthentication throughout the identity lifecycle.

Other top stories

AI chatbots are the next age assurance target for regulators in a handful of countries, citing risks from nonconsensual porn to emotional dependency. On social media age restrictions, the UK is consulting and Poland has joined the fray. The Center for Strategic and International Studies warns that ICE’s collection of many millions of people’s personal information may create a counterintelligence vulnerability for the U.S. Data aggregated by Palantir software provides a valuable target for foreign intelligence services, according to the report. Incode has passed iBeta’s Level 3 biometric presentation attack detection evaluation, with no false matches or non-matches on either iOS or Android. The Deepsight liveness detection software was developed specifically to handle sophisticated attacks including deepfakes. Trulioo CTO Hal Lonas says on this week’s episode of The Biometric Update Podcast that in identity verification, the bad guys are the early technology adopters. He also talks about his background in rocket science and drawing inspiration from the Apollo 13 mission. Biometric anonymization provider Attain Insight has joined the Biometrics Institute, in line with its commitment to ensuring responsible technology deployment. The Biometrics Institute has grown to more than 200 member organizations, 25 years since its inception. Please let us know of any podcasts, white papers or other content you think we should share with the people in biometrics and digital identity in the comments below or through social media.]]> https://www.biometricupdate.com/202603/biometrics-back-digital-government-gains-around-the-world/feed 0 334477 MOSIP delves into biometric data quality considerations https://www.biometricupdate.com/202603/mosip-delves-into-biometric-data-quality-considerations https://www.biometricupdate.com/202603/mosip-delves-into-biometric-data-quality-considerations#respond Fri, 06 Mar 2026 22:27:05 +0000 https://www.biometricupdate.com/?p=334465 Biometric data quality was in focus at MOSIP Connect 2026 in Rabat, Morocco, from policies for ensuring good enrollment practices to tools for assessment. Among significant developments at the even was the launch of openbq, the open-source MOSIP implementation of the BQAT biometric data quality investigation tool developed by Biometix. Brownfield implementations of MOSIP, which were another theme of the event, require the migration of biometric data. But biometrics migration can degrade data quality if not managed carefully. Uganda, which recently completed the first migration of a legacy biometric database to MOSIP’s SBI, did not experience this problem, which NIRA ED Rosemary Kisembo attributed in part to the effectiveness of the software previously provided by Neurotechnology. But Kisembo experienced the problem of face biometrics capture performing worse for people with dark skin herself, and also notes Ugandans with lighter skin were told the light was too bright. Understanding how to handle exceptional faces in the ABIS took time, she said during a day 1 keynote. Ethiopia’s NIDP was faced with a dilemma when poor fingerprint quality led to matches against other people’s biometrics, as explained during a day 2 presentation. “Bad quality will always match with bad quality,” Biometix and BixeLab CEO Ted Dunstone noted during the presentation. If Ethiopia’s biometric enrollment device operators were allowed to make exceptions for people enrolling, the system would end up with too many people registered without the main system’s main biometric. In cases where people did not have fingerprints to collect, such as those without fingers, manual exceptions were allowed, but low-quality fingerprints were assessed post-capture to take the decision away from enrollment operators, and allow for biometric data quality to be balanced with inclusion. Dunstone made the case for dedicated biometric data quality teams to be responsible for the characteristic, and empowered to take action. He also noted that many people find biometrics capture difficult and stressful, making it important to avoid repeated attempts, let alone re-enrollment. One way to do that is to identify data quality issues during the pilot stage. Another way is by using an enrollment device certified under the MACP (MOSIP Advanced Compliance Program), for which BixeLab is the first accredited testing body. MOSIP Biometric Ecosystem Head Sanjith Sundaram reviewed the program, which has so far certified biometric devices from IriTech and Thales.

openbq’s implications

During the seminar, Dunstone described openbq as an “aggregator of quality algorithms,” which is designed more to produce actionable feedback than as an assessment of data on the way into the system. “In large-scale digital identity programmes, biometric quality is a primary determinant of enrolment success, downstream matching accuracy, and long-term system sustainability,” Dunstone told Biometric Update in emailed comments on the launch. “Within MOSIP implementations, openbq introduces objective, standards-aligned quality analytics that enable programme owners to detect systemic capture deficiencies early. By reducing avoidable enrolment failures and improving consistency across devices and environments, openbq strengthens inclusion outcomes, particularly for diverse and hard-to-enrol populations.” Biometric quality is not just a technical parameter, but a governance control, Dunstone says. Assessing it at the time of capture can help avoid costly re-enrollment and manual reviews. “openbq provides independent, standards-based quality measurement, enabling governments to monitor trends, benchmark vendor performance, and exercise evidence-based oversight at national scale.” Quality assessment provides evidence to inform policy, including for training, and procurement, and enables early identification of risks so timely corrective action can be taken. “The result is fewer avoidable enrolment failures, stronger accountability, improved inclusion, and greater public confidence at national scale,” says Dunstone.]]> https://www.biometricupdate.com/202603/mosip-delves-into-biometric-data-quality-considerations/feed 0 334465 NIST nominee pressed on AI standards, facial recognition oversight https://www.biometricupdate.com/202603/nist-nominee-pressed-on-ai-standards-facial-recognition-oversight https://www.biometricupdate.com/202603/nist-nominee-pressed-on-ai-standards-facial-recognition-oversight#respond Fri, 06 Mar 2026 22:10:22 +0000 https://www.biometricupdate.com/?p=334455 The Senate Committee on Commerce, Science and Transportation on Thursday considered the nomination of Arvind Raman to serve as Under Secretary of Commerce for Standards and Technology and Director of the National Institute of Standards and Technology (NIST), a position that places him at the center of the federal government’s efforts to shape technical standards for biometrics, AI, and other emerging technologies. While Raman’s prepared testimony stayed largely at the level of innovation policy and industrial competitiveness, the hearing revealed that senators are paying close attention to how NIST’s work intersects with one of the most contentious areas in modern technology policy. That includes the federal government’s role in evaluating facial recognition systems and setting standards for how AI technologies are tested and deployed. Raman, currently the John A. Edwardson Dean of Engineering at Purdue University, presented himself as a technologist and long-time collaborator with NIST who understands the agency’s role in measurement science and industrial standards. In his opening statement he emphasized NIST’s historical contribution to American innovation, highlighting its work in areas ranging from quantum science to cybersecurity guidance and AI metrology. “If confirmed, I am excited to help NIST deliver on the President’s AI action plan and help maximize innovation along the entire American AI tech stack, in semiconductors, in our quantum industrial base, in biotechnology, and in advanced manufacturing,” Raman said in his written remarks. Raman’s prepared statement, however, made no direct mention of facial recognition technology, biometric testing programs, or the controversial debate over algorithmic bias in surveillance systems. Instead, it focused on the broader role of standards development and the importance of helping American technologies scale globally. NIST, founded in 1901, has long served as the federal government’s central laboratory for measurement science and technical standards. The agency does not regulate technology directly, but its testing programs and technical benchmarks often shape procurement decisions across government and industry. Nowhere is that influence more visible than in the field of facial recognition. For more than a decade NIST has operated the world’s most influential benchmarking programs for facial recognition systems. These programs measure the accuracy and performance of algorithms used by government agencies, law enforcement bodies and private companies. Today those efforts are organized primarily under two initiatives. The Face Recognition Technology Evaluation measures how accurately systems can match one image of a person’s face to another. The Face Analysis Technology Evaluation examines a broader set of automated facial analysis capabilities, including demographic estimation and other analytic functions applied to images. These evaluations have become a global reference point for biometric developers and government buyers. Vendors routinely submit their algorithms to NIST testing to demonstrate accuracy claims, while agencies across the federal government rely on the results when evaluating systems for investigative or security uses. Although Raman did not raise those programs in his opening statement, they surfaced during questioning from members of the committee. Senator Ed Markey of Massachusetts pressed Raman about NIST’s ongoing work evaluating facial recognition systems and asked whether he would support the continuation of those testing programs. “Mr. Raman, while these tools are still being used across the government, will you commit that NIST will continue its testing program and maintain full public access to NIST facial recognition test results?” Markey asked. Raman’s response was measured and technical. Rather than taking a position on the policy debates surrounding facial recognition, he emphasized NIST’s role as an impartial standards body whose responsibility is to evaluate technologies through rigorous measurement science. “What I will say is, that, as I said, I am fully committed to the AI action plan that the president has laid out …,” Raman began to answer when Markey cut him off to bluntly ask whether he “will you continue full public access to NIST’s facial recognition test results, yes or no?” “Senator, I am not aware of exactly what the status of that particular tool is. But rest assured that if confirmed I will really lean in to making sure that NIST continues its leadership in the metrology of AI systems,” Raman said. That framing is consistent with how NIST has historically approached controversial technologies. The agency’s evaluations do not determine whether a technology should be used, but instead provide performance data that policymakers, regulators and agencies can use when making decisions. Markey said he was “disappointed in [Raman’s] answer,” saying, “I’m not getting a clear answer on that issue, and at the same time the American people are actually experiencing the consequences of this technology … and I’m going to continue to sound the alarm on this, cause I just think we cannot allow policies that fundamentally turn this into an Orwellian nation.” Markey has been one of the most vocal critics in Congress of facial recognition technology, arguing that inaccuracies and demographic bias could lead to wrongful identification and civil liberties violations. His line of questioning reflected growing congressional scrutiny of how federal agencies test and deploy biometric surveillance systems. The exchange highlighted the broader context in which Raman’s nomination is unfolding. AI standards are rapidly becoming a geopolitical battleground, with governments and companies competing to influence the technical rules that shape the global digital economy. During the hearing Raman repeatedly emphasized the importance of the U.S. maintaining leadership in international standards bodies. He argued that when American institutions help shape those standards, the resulting frameworks are more likely to reflect democratic values and market oriented innovation. “If the United States leads in global technology standards, then those standards will reflect American values,” Raman said. That focus on standards leadership was echoed by members of the committee, though often from different policy perspectives. Chairman Ted Cruz of Texas argued that NIST should concentrate on its traditional role developing voluntary measurement standards rather than drifting into regulatory territory. Cruz criticized the Biden administration’s AI Risk Management Framework and suggested the agency should return to a more narrowly technical mandate. Ranking Member Maria Cantwell of Washington framed the issue differently. She highlighted bipartisan legislation aimed at strengthening NIST’s role in AI research and standards development, including proposals to expand the agency’s work testing and evaluating artificial intelligence systems. Despite those differing emphases, both sides of the committee appeared to agree on one point. NIST’s work setting technical standards is becoming increasingly important as AI systems spread across government, industry and everyday life. That includes technologies that have already sparked intense public debate. Facial recognition systems are now used in law enforcement investigations, border security screening and identity verification services. At the same time, researchers and civil liberties groups have raised concerns about potential bias, misidentification and large scale surveillance. Because NIST’s testing programs serve as the benchmark for evaluating those systems, the agency sits at the center of that debate even though it does not regulate their use. The fact that Raman’s prepared testimony avoided direct discussion of facial recognition may reflect the delicate position the agency occupies. As NIST director he would oversee the programs that measure how these technologies perform, but the ultimate policy decisions about whether and how they should be deployed would remain with lawmakers and regulators. Still, the hearing underscored how closely Congress is watching NIST’s role in shaping the technical foundations of AI governance. If confirmed, Raman would inherit responsibility for an agency whose work now extends far beyond traditional industrial measurements. From cybersecurity frameworks to AI risk guidance and biometric algorithm testing, NIST increasingly defines the technical standards that underpin the modern digital state. And as the Senate hearing made clear, the decisions made inside NIST’s laboratories about how technologies are measured and evaluated can ripple outward into some of the most consequential debates about privacy, surveillance and the future of AI.]]> https://www.biometricupdate.com/202603/nist-nominee-pressed-on-ai-standards-facial-recognition-oversight/feed 0 334455 Trulioo’s Hal Lonas on how he applies aeronautics principles to fighting fraud https://www.biometricupdate.com/202603/trulioos-hal-lonas-on-how-he-applies-aeronautics-principles-to-fighting-fraud https://www.biometricupdate.com/202603/trulioos-hal-lonas-on-how-he-applies-aeronautics-principles-to-fighting-fraud#respond Fri, 06 Mar 2026 21:42:32 +0000 https://www.biometricupdate.com/?p=334445 Rocket science is routinely held up as the ultimate example of a highly complex discipline. But Trulioo’s Hal Lonas found it a little dull. “I have a degree in aeronautics and astronautics, and did that really early in my career. And you know, what I found was that I was a little bit impatient.” Not wanting to spend years working on something he might never see realized, Lonas turned his attention to a faster-moving sector: cybersecurity and fraud prevention. “You know, I think identity verification and the things we do with biometrics are, are very, very close to cybersecurity, with kind of good guys and bad guys and a lot of technology going on all the time,” says Trulioo’s chief technology officer. “And we see the bad guys really taking advantage of the technology. They’re early adopters, you know, and they take advantage of things like the advances in chips and GPUs and AI. They’ve created this pretty impressive sort of toolbox for creating a synthetic identity or a deepfake that’s indistinguishable from a human being.” Lonas cites the heroes of the Apollo 13 mission among those who inspire him to tackle the problem of synthetic identity fraud at scale. “I think that kind of slogan that, you know, the famous thing, ‘failure is not an option’ goes back to how you build systems and how you think about building trust and making sure that identities are secure.”

Listen now: SpotifyAppleYouTubePodbean

Runtime: 00:21:31]]> https://www.biometricupdate.com/202603/trulioos-hal-lonas-on-how-he-applies-aeronautics-principles-to-fighting-fraud/feed 0 334445 Vouched donates MCP-I framework to Decentralized Identity Foundation https://www.biometricupdate.com/202603/vouched-donates-mcp-i-framework-to-decentralized-identity-foundation https://www.biometricupdate.com/202603/vouched-donates-mcp-i-framework-to-decentralized-identity-foundation#respond Fri, 06 Mar 2026 20:50:27 +0000 https://www.biometricupdate.com/?p=334420 An announcement from Seattle-based Vouched says it has formally donated its Model Context Protocol – Identity (MCP-I) framework to the Decentralized Identity Foundation (DIF). A release says the contribution “marks a milestone for establishing open standards that define how AI agents verify identity, authority, and trust across digital ecosystems.” The Model Context Protocol (MCP) was originally developed by Anthropic and open-sourced under the Agentic AI Foundation (Linux Foundation). It is designed to negotiate access to traditional data stores for external agents. Per the release from Vouched, MCP-I extends this framework by introducing a complete identity and delegation layer for AI agents, leveraging Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to enable cryptographically secure verification of agents and human principals without prior coordination. The company says it “defines a framework in which agents carry cryptographically verifiable identities, delegation is represented as tamper-evident credentials with explicit scope, and the entire chain from human principal to agent action can be verified by any service that the agent approaches.” It compares it to power of attorney: “the delegation credential is the notarized document, the agent is the attorney, and any service they approach can verify the chain of authority on the spot.” Under stewardship of the DIF Trusted AI Agents Working Group, and kicking off via a dedicated MCP-I Task Force, MCP-I is to be further developed under an open, community-driven governance model. Vouched says MCP-I “joins DIF not as a finished artifact but as a starting point for community co-development.” “It is time to recontextualize authentication systems designed for humans to one where AI agents increasingly operate autonomously,” says Rosalyn Curato, chief innovation officer and GM of agentic security at Vouched. “At Vouched, our ambition is to create a system that supports productive orchestration of AI while eliminating the threat of bad actors. We look forward to partnering with the innovators and thinkers, like DIF, leading this transformation.” “Vouched is making a significant contribution to DIF with its MCP-I protocol and participation in our Trusted AI Agents Working group,” says Grace Rachmany, executive director at DIF. “At a time when many companies are turning towards proprietary solutions, Vouched has recognized the importance of open source and open standards for the industry. MCP-I is a major step in that direction, and we are excited to collaborate on this effort to deploy Agentic AI safely.”

DIF perfect fit for MCP-I

A blog from DIF explains the rationale behind the arrangement. “It is worth being direct about something: Vouched did not begin with a commitment to Decentralized Identifiers or Verifiable Credentials,” it says. Rather, the company began with the problem. “The first step was to look at the requirements: cryptographic verifiability, decentralized infrastructure control, tamper-resistance, and interoperability across platforms and organizations that have no prior relationship. The technologies that matched the requirements are DIDs and VCs. These are the tools the identity community has spent years developing precisely for problems like this one. The fit is not coincidental; it is the result of those standards being built to solve hard problems in trust infrastructure.” That’s also why DIF is “the right home for MCP-I.” “DIF exists at the intersection of open standards and practical implementation. Its community includes the people who built DIDs and VCs, who understand the hard-won lessons behind them, and who are best positioned to extend MCP-I into a robust, broadly adopted standard.”]]> https://www.biometricupdate.com/202603/vouched-donates-mcp-i-framework-to-decentralized-identity-foundation/feed 0 334420 California’s OS-based age verification law challenges open-source community https://www.biometricupdate.com/202603/californias-os-based-age-verification-law-challenges-open-source-community https://www.biometricupdate.com/202603/californias-os-based-age-verification-law-challenges-open-source-community#respond Fri, 06 Mar 2026 20:05:05 +0000 https://www.biometricupdate.com/?p=334393 California’s new online safety bill, AB 1043 (the Digital Age Assurance Act), adopts a declared age model for operating systems. Under the law, which is set to take effect on January 1, 2027, when a user sets up a new device, the operating system is required to ask for their age or date of birth. This declared age will be used to curate what’s available on the app store, and can be shared with developers on request to ensure age-appropriate experiences. An article in PC Gamer points out that this “sounds incompatible with many of today’s open source software, including Linux.” The open source community is wrestling with the problem of how to comply with the laws while also not violating core privacy principles. The piece muses on technical solutions, quoting Jef Spaleta, project leader for popular Linux distribution, The Fedora Project, who says “this might be as simple as extending how we currently map uid to usernames and group membership and having a new file in /etc/ that keeps up with age.” Or, “it might be as simple as that and we extend the administrative cli and gui tools to populate that file as part of account creation. That might be simplest and it solves the problem for the full ecosystem of Linux OSes. Then applications just have to start choosing to look at the file.” To Spaleta, this suggests a D-Bus Service, which allows communication between programs. Ubuntu, another Linux distribution, is also unsure of how to respond, and says it is consulting with its lawyers before making a plan.

California age law does not compute with DB48X

The point is, in putting the onus on operating systems to collect age data, AB 1043 is causing headaches for open source nerds. Both California’s bill and a like-minded bill in Colorado, SB26-051, have drawn the ire of the creators of an open source calculator, DB48X, described as “a project to rebuild and improve upon the ‘legendary’ HP48 family of calculators and RPL programming language, and for modding newer calculators to utilise it.” Rather than comply, DB48X has opted to restrict access for Californians and Coloradans when (and, in Colorado’s case, if) their laws come into effect. A legal-notice file for the project says “DB48X is probably an operating system under these laws. However, it does not, cannot and will not implement age verification.” Per PC Gamer, “you know you’ve messed up when you’ve angered the math lot.” The calculator guys are not alone. Ground News has a roundup of articles expressing variations of grievance. WebProNews says California’s law “forces a surveillance mandate on every developer – including those who can’t comply.” The Daily Economy says “California is embedding age verification directly into digital devices. For those of us concerned with personal liberties, this is an emergency.”

No verification required, actually

PC Gamer also notes the challenges of enforcing a law that means “the job of checking whether people have installed its OS falls onto Californian authorities to deal with.” “Both Californian and Coloradan bills set out civil fines of $2,500 for unintentional breaches and $7,500 for intentional breaches, but how would the majority of breaches be discovered in the first place?” Another criticism asks why California does not specify what level or extent of age verification it requires. If it’s just a date of birth, Spaleta says, “a simple dropdown interface may suffice,” meaning “the effectiveness of such a system appears to be based on an honour system.” Self-declaration at the root negates the entire process; this would-be age verification law, in fact, does not mandate age verification at all. Technically, it’s not even age assurance. California’s law is less than a year away from taking effect, and Colorado’s bill (which more properly labels its goal “age attestation”), if passed, would take effect January 1, 2028. Ironically, the piece ends up lamenting the speed at which new technology is becoming normalized: the laws, it says, are “coming at a time when age verification is being rolled out more widely across the globe and facing stern criticism, such as an open letter from scientists and researchers that notes the many pitfalls of ill-thought-out verification methods.” The letter in question has provided a common reference for those opposed to age assurance laws and technologies for various reasons. The open source community now joins social media tycoons, privacy advocates and pornographers in opposing such laws, which they say are invasive and dangerous – but which lawmakers insist parents are asking for, as they work to find the right legal model.]]> https://www.biometricupdate.com/202603/californias-os-based-age-verification-law-challenges-open-source-community/feed 0 334393 87% of failed biometric verifications in Southern Africa due to AI spoofing: Smile ID https://www.biometricupdate.com/202603/87-of-failed-biometric-verifications-in-southern-africa-due-to-ai-spoofing-smile-id https://www.biometricupdate.com/202603/87-of-failed-biometric-verifications-in-southern-africa-due-to-ai-spoofing-smile-id#respond Fri, 06 Mar 2026 19:53:05 +0000 https://www.biometricupdate.com/?p=334383 A new report spotlights deepfake fraud posing an acute problem for Africa. Digital identity, banking and e-government are being used to streamline and more efficiently facilitate financial inclusion and disbursement of funding, along with helping underserved communities access healthcare and other essential public services. Smile ID’s 2026 Digital Identity Fraud Report has some jaw-dropping findings. In Southern Africa, almost nine in ten (87 percent) rejected biometric verification attempts were connected to AI-assisted impersonation and spoofing. The report says “fraud is overwhelmingly biometric in Southern Africa,” a region that encompasses countries including Botswana, South Africa and Zimbabwe. Meanwhile, Africa’s percentage of adults owning a financial account has risen from 34 percent to nearly 60 percent over the past decade. However, identity verification systems have largely stood still — tied to a one-time checkpoint model, Smile ID warns. Fraud has accelerated with the arrival of AI. The figures were compiled from 200 million identity checks by Smile ID’s customer base across dozens of industries and 35 countries in 2025. The analysis covers the full identity lifecycle — onboarding, authentication, and high-risk account events — examining how fraud manifests at different stages of trust. Smile ID found more than 160,000 fraudulent verification attempts in a single month in 2025, all of which were traced back to just 100 facial identities. “Some of these faces appeared over 12,000 times across multiple platforms,” the report says. Another case saw attackers use the same identity for more than a thousand account registration attempts within a space of 30 minutes. “The most consequential fraud attacks today are targeted account takeovers (ATOs) — not fake IDs or isolated spoofs, but coordinated operations that compromise the capture pipeline, reuse real identities at scale, and exploit moments after approval when controls are lighter through highly scalable AI-powered tooling,” the reports claims. This is a professionalized process with fraudsters coming in later in the customer journey, often colluding with insiders, and making use of large facial biometric and identity data sets. AI-powered tools are employed to analyze the data and to scale attacks. Generative AI has lowered the barriers to entry, reducing costs; creating high-quality synthetic documents and imagery while automating biometric manipulation, when this was previously uncommon or costly. Now the cost of each try is marginal — approaching zero — attackers can reuse the same identity assets across hundreds of thousands attempts. Defenses built for a previous era are straining under the barrage. “Fraud defences must now assume abundance and use networked intelligence to spot patterns and turn the volume generated by fraudsters’ attacks against them,” the Smile ID report argues. Smile ID discovered that nearly 90 percent of verifications rejected for suspected fraud in 2025 were found to be using mobile SDK integrations. This was up from 15 percent in 2023 and 65 percent in 2024. Mobile SDKs can capture additional on-device signals, such as image integrity and user behavior, that API-only verification flows cannot see. Biometric injection attacks have surged to over 100,000 per month, with Smile ID detecting the shadow of emulators, tampered capture and virtual cameras.

Continuously on defense and network intelligence

Mark Straub, CEO of Smile ID, comments that defense has to move beyond just the end of the pipeline. “Fraud is no longer a ‘KYC’ problem — it is a continuous cybersecurity challenge,” he says. “Effective defence now requires network intelligence: By leveraging these privacy-preserving indicators throughout the customer lifecycle, we enable real-time adaptation. Identity has entered the security era, where eco-system wide protection is essential to safeguarding the individual,” he believes. Modern fraud defense should operate across four interconnected zones, Smile ID argues, which form a continuous security infrastructure. These are trusted capture; verification and signal extraction; enforcement and feedback; intelligence and pattern detection, which all flow into another. Three strategic priorities build on this further. Of these, priority two — harden authentication at high-value moments — is perhaps notable for its granular detail. For example, multi-factor authentication at high-risk moments, which in practical terms would mean requiring biometric verification in addition to OTP for password resets or device changes or high-value transactions. The other two priorities are lifecycle intelligence, revealing where fraud will concentrate, and trusted capture, with capture integrity enabling richer signals. “Fraud now operates as repeatable, networked infrastructure,” the report concludes. “Defence must do the same.” “This approach — a Network Defence — connects signals across the identity lifecycle, detects coordination that isolated systems miss, and strengthens with every verification.” Smile ID’s 2026 Digital Identity Fraud in Africa Report can be downloaded here.]]> https://www.biometricupdate.com/202603/87-of-failed-biometric-verifications-in-southern-africa-due-to-ai-spoofing-smile-id/feed 0 334383 Scotland explores non-biometric IDV for ScotAccount https://www.biometricupdate.com/202603/scotland-explores-non-biometric-idv-for-scotaccount https://www.biometricupdate.com/202603/scotland-explores-non-biometric-idv-for-scotaccount#respond Fri, 06 Mar 2026 17:58:44 +0000 https://www.biometricupdate.com/?p=334363 Scotland’s digital identity scheme, ScotAccount, is hoping to expand identity verification options for users beyond biometrics. According to an equality impact assessment (EQIA) published by the Scottish government on Thursday, the project should develop knowledge-based verification (KBV) to provide alternatives for users. KBV validates a user's identity by requiring them to answer questions only they should know. The assessment also recommends exploring alternative sources of trusted public sector data sources for identity verifications, to reduce reliance on gathering data from financial transactions. Scotland has already introduced some alternatives to draw more people to ScotAccount. The government introduced landline-based two-factor authentication for older users without mobile phones and accepted the Young Scot National Entitlement Card (NEC) for biometric proof. It also commissioned a Civtech challenge to explore the possibility of vouching for people without traditional IDs such as passports and driving licenses. The efforts seem to be working: In May last year, the Scottish government’s Chief Technology Officer Alistair Hann said that the online verification service could enroll half of the Scottish adult population by 2027-28. The equality impact assessment revealed other information about the digital ID program. ScotAccount has an overall positive impact on equality, according to its conclusion. However, risks of indirect discrimination remain for individuals lacking traditional identity proofs or a digital footprint. “Mitigations include expanding non-biometric verification routes, knowledge-based checks, and alternative data sources, alongside maintaining offline service channels and ongoing stakeholder engagement,” says the impact assessment. The ScotAccount service launched in 2023 as a private beta in collaboration with Disclosure Scotland, allowing users to view their disclosure results online. Since then, the platform has expanded access to other public services, including the Witness Gateway, which allows witnesses to access case information online, and ScotPayments, which enables public sector organisations to make quick and secure payments to payees. Another service in the works is MySafe, which stores verified personal information and makes it reusable. In July 2025, the platform launched its public beta, allowing a larger group of users to test the service. The government has also announced that an app is in development in collaboration with Danish firm Netcompany. The app is expected to be ready in 2026 and will allow users to show a digital proof of age. The age range for users is still to be determined. The ScotAccount sign-in service is currently available to anyone with an email address. The platform is also examining interoperability with GOV.UK One Login.]]> https://www.biometricupdate.com/202603/scotland-explores-non-biometric-idv-for-scotaccount/feed 0 334363 Why Switzerland postponed the rollout of its digital ID https://www.biometricupdate.com/202603/why-switzerland-postponed-the-rollout-of-its-digital-id https://www.biometricupdate.com/202603/why-switzerland-postponed-the-rollout-of-its-digital-id#respond Fri, 06 Mar 2026 17:42:29 +0000 https://www.biometricupdate.com/?p=334352 Switzerland announced earlier this week that the launch of its e-ID program has been postponed to December 1st, 2026. Behind this decision is an audit performed by the country's top financial oversight body, which highlighted that several key tasks related to e-ID issuance and its trust infrastructure remain uncompleted. The Swiss Federal Audit Office (SFAO) published its second audit of the Swiss e-ID program in February, citing concerns with areas such as data encryption. The developers of the eID, for instance, plan to introduce end-to-end encryption of the eID user data transmitted between participants. The agency warns that the concept of encryption has not yet been finalized, even though its deadline was the end of 2025. This means security gaps remain open. SFAO also highlighted that the current public beta test version includes beta ID processes developed specifically for demonstration purposes. Although future e-ID processes will incorporate the principles of the beta ID, they are still under development. The agency also flagged that the integration of Federal Police (Fedpol) e-ID issuance processes is still not completed. Swiss citizens are expected to apply for the digital ID through the FedPol by scanning their identity card, passport, or residence card. Another finding centers on verifier accountability. Under current plans, the program does not intend to use the trust registry established under the Swiss e-ID Act to verify the legitimate purposes for which organizations request e-ID data. The SFAO considers this a gap and recommends introducing a voluntary process for checking the legitimate purposes of verifiers. The SFAO audit concludes that correcting these issues will take time, meaning that the project will not complete the stabilization and final approval phase scheduled for summer 2026. ​The Swiss government has assured the public that the project will continue with new deadlines and that current budget cuts will not affect the security of the e-ID and or its trust infrastructure. The introduction of a national electronic identity (e-ID) is among the key themes of Switzerland’s digitalization strategy in 2026. Meanwhile, other stakeholders have expressed their own wishes for the upcoming Swiss eID.

Advice on improving the Swiss eID pours in

The Swiss Bankers Association (SBA) wants the Swiss e-ID to serve as a fully-fledged identification document usable for both online and offline identification. In cases where the e-ID already offers a high level of security, any additional requirements, such as address checks or bank transfers, should be waived. ​Finally, the organization believes that the Swiss e-ID should be internationally compatible and interoperable with the EU Digital Identity (EUDI). Regulations should be worded in a technology-neutral way, allowing them to cover solutions that are not yet developed, SBA concludes. Others want the Swiss e-IDs to apply self-sovereign identity (SSI) principles more effectively. The entire verification infrastructure of the e-ID depends on centrally operated availability, according to Swiss consultant Martina Kolpondinos. “Even when using decentralized building blocks such as DIDs and Verifiable Credentials, the core of the e-ID trust infrastructure remains dependent on central operational integrity and availability,” she writes in a blog post. The SFAO wants its trust registry to indicate which purposes for requesting specific e-ID data fields are legitimate. A more SSI-informed lens would question whether a person can make a meaningful decision about their data, according to Kolpondinos. Kolpondinos also comments on the developer's plan to introduce end-to-end encryption of the e-ID user data transmitted between participants at a later date. Security should be treated as a “foundational property of the system,” as encryption that arrives late risks “being layered on.”]]> https://www.biometricupdate.com/202603/why-switzerland-postponed-the-rollout-of-its-digital-id/feed 0 334352 Florida House passes bill to relaunch mDL program https://www.biometricupdate.com/202603/florida-house-passes-bill-to-relaunch-mdl-program https://www.biometricupdate.com/202603/florida-house-passes-bill-to-relaunch-mdl-program#respond Fri, 06 Mar 2026 16:59:31 +0000 https://www.biometricupdate.com/?p=334344 A package of transportation laws have been approved by Florida’s House of Representatives, setting up the potential return of mobile driver’s licenses (mDL) to the state. HB 543 contains a wide range of changes, touching everything from red light cameras to enforcement of rules about excessive vehicle noise, and was passed by a 107-1 margin. For mDLs, the bill establishes new data privacy protections and limit how businesses can use data from a digital ID. Florida has a mobile driver’s license program, but pulled its Florida Smart ID from the iOS and Android app stores in mid-2024. At the time the Department of Highway Safety and Motor Vehicles said a new app could be ready by early-2025. “Many of us, I’ve noticed, walk around without a wallet, a physical wallet,” the bill’s sponsor Fiona McFarland said, as reported by Florida Politics. “We have it all on our phone today. Other states have a digital driver’s license. It’s a convenience that I think we all want to enjoy in the state of Florida, I included, but we should make sure that there are significant data protections — whether it’s information communicating back to the government or information communicating between retailers.” “Communicating back to government” is also referred to as “phoning home,” and is generally not implemented in mDLs. The bill specifies that Florida’s mDL should  comply with ISO/IEC 18013-5 and 18013-7, and that data from it should be used only for the purpose it was initially shared for unless its holder authorizes further sharing or reuse. The data should then be deleted or irreversibly anonymized, except in cases where there are narrow requirements for its retention. The state would be able to store only the data on the mDL required by law. The mDL should be capable of selective disclosure and its holder should be able to audit verification requests. Transactions should not be linkable. The bill still needs to pass through the state senate and be signed by the governor to become law.]]> https://www.biometricupdate.com/202603/florida-house-passes-bill-to-relaunch-mdl-program/feed 0 334344