Biometric Update https://www.biometricupdate.com Biometrics News, Companies and Explainers Mon, 01 Jun 2026 01:25:28 +0000 en-US hourly 1 66434804 TSA seeks biometric identity management support https://www.biometricupdate.com/202605/tsa-seeks-biometric-identity-management-support https://www.biometricupdate.com/202605/tsa-seeks-biometric-identity-management-support#respond Mon, 01 Jun 2026 01:10:29 +0000 https://www.biometricupdate.com/?p=343601 The Transportation Security Administration (TSA) is preparing to acquire new contractor support for one of its most sensitive identity management portfolios, seeking industry input for Secure Identity Management Support work tied to biometric vetting, recurrent background checks, rap sheet automation, data quality, and the modernization of enrollment and credentialing systems used across transportation security programs. The draft Performance Work Statement (PWS) says TSA’s Enrollment Services and Vetting Programs (ESVP) office needs subject matter expertise for “secure identity management operations and maintenance” required under the Federal Aviation Administration Extension, Safety, and Security Act. Taken together, the RFI and draft PWS describe a TSA identity environment moving toward broader recurrent vetting, greater reliance on DHS biometric infrastructure, more automated criminal history processing, and increased use of AI-enabled tools for data quality and adjudication support. The documents do not describe a new public-facing biometric collection program by themselves. Rather, they show TSA seeking contractor expertise to maintain, modernize and integrate biometric and identity systems already used across a wide range of transportation security programs. The result is a procurement that is technical in form but policy significant in substance. TSA is asking industry for help with the systems, standards, data flows and automation tools that determine how biometric and biographic identity information is collected, matched, reused, validated, and adjudicated across programs affecting maritime workers, aviation workers, flight students, hazmat drivers, PreCheck applicants, and other transportation-sector populations. To that end, TSA is testing the market for companies with deep experience in government identity systems, biometric modalities, Federal Bureau of Investigations (FBI) Rap Back, XML-formatted rap sheets, Department of Homeland Security (DHS) biometric databases, and machine learning or large language models that could support vetting modernization and enhanced adjudication. The procurement comes as TSA is managing a broad set of vetted populations, including Transportation Worker Identification Credential (TWIC) holders, foreign flight training applicants, TSA PreCheck applicants, hazardous materials endorsement applicants, aviation workers, indirect air carriers, certified cargo screening participants, general aviation populations, and unmanned aircraft system operators, including beyond visual line of sight operations. At the core of the requirement is TSA’s need to process, reuse, store, and analyze biometric and biographic data for initial and recurrent security threat assessments. The PWS says those assessments involve criminal history, immigration and terrorism checks with multiple federal and state entities, including the FAA, FBI, Customs and Border Protection, U.S. Citizenship and Immigration Services, the Office of Biometric Identity Management, the Social Security Administration, the State Department and the Department of Justice. TSA says its Enrollment Services and Vetting Programs office already relies on several systems that support biometric storage, vetting and reuse, including the Vetting and Credentialing System, Consolidated Screening Gateway, Technology Infrastructure Modernization system, Credentialing and Adjudication Application, Universal Enrollment Services system, and Aviation Channeling and Data Management System. The draft PWS says those systems are expected to be consolidated over the next eight years as part of broader ESVP initiatives. That consolidation is significant because TSA is not simply asking for general program management support. It is seeking contractors that can help shape the technical, biometric, and data architecture of programs that affect large transportation-sector populations and that increasingly depend on continuous or recurrent vetting rather than one-time checks. The TWIC program remains one of the most visible parts of that portfolio. Jointly administered by TSA and the U.S. Coast Guard, TWIC is designed to prevent individuals who pose a security threat from gaining unescorted access to secure areas of the maritime transportation system. The PWS notes that TWIC is the only TSA vetting program that issues a physical biometric credential and describes it as a program that is technologically advanced, highly visible, and sensitive from a privacy standpoint. The Flight Training Security Program (FTSP) is another focus. TSA says the program requires support for future identity assurance requirements involving applicants, certified flight instructors and flight training facilities. The PWS states that FTSP directly addresses vulnerabilities that contributed to the September 11 attacks and relies on a strong chain of trust to ensure foreign flight students are properly identified and vetted. It also says DHS and Congress have recently expressed interest in FTSP’s identity assurance process, particularly the verification of applicants claiming to be U.S. citizens. A major portion of the work involves FBI Rap Back, the recurrent vetting service that notifies subscribing agencies of new criminal history information tied to enrolled individuals. TSA says aviation programs, TWIC, and TSA PreCheck already leverage Rap Back, and that it has expanded the service since completing a pilot in August 2016. The PWS calls for contractor support to implement Rap Back across remaining ESVP vetting populations, automate its use in TSA systems, update interface designs and procedures, and maintain tools such as TSA’s rap sheet parsing and scoring tool. TSA is looking for firms with specific Rap Back and FBI Next Generation Identification (NGI) experience. TSA asks vendors to describe their experience with NGI Rap Back services and with XML-formatted rap sheets, specifications and standards. The move toward automated rap sheet parsing and scoring is one of the more consequential modernization efforts described in the PWS. TSA says criminal history records are used extensively in its security threat assessment programs, but rap sheet adjudication remains manual because rap sheets are text-based, non-machine-readable and not standardized. TSA is working with outside entities, including Maricopa County, Arizona, the FBI and National Law Enforcement Telecommunications System, to standardize rap sheet formats and automate parts of the adjudication process. The draft PWS also ties TSA’s identity work directly to DHS biometric infrastructure. TSA says it uses the DHS Automated Biometric Identification System (IDENT) encounter information system for security threat assessment programs and has established a multi-phase initiative to integrate criminal, immigration and terrorist derogatory information from IDENT into ESVP vetting and adjudication. The PWS says TSA currently uses IDENT as a backup system for recurrent vetting in TWIC and TSA PreCheck and anticipates other ESVP-vetted programs will be enrolled in IDENT or eventual successor Homeland Advanced Recognition Technology (HART) system over the next three to five years for both initial and recurrent vetting. The acquisition also includes a data science and AI component. The PWS says the contractor will support data system management, data quality, and data science, including “Machine Learning.” As ESVP migrates vetted populations across systems, the contractor is expected to prioritize data integrity and use AI-driven tools and techniques to improve accuracy, consistency and reliability. TSA specifically calls for automated and AI-enhanced data validation processes to ensure that clean, accurate, secure, and consistent data is delivered to programs, applications and services. The PWS says validation checks may include AI-powered anomaly detection and pattern recognition to verify data integrity and compliance with established benchmarks. TSA is considering the role of AI not only in back-end data quality, but also in the adjudication pipeline. The PWS refers to advanced machine learning techniques for formatting and presenting XML rap sheets to improve the efficiency and productivity of adjudication and vetting resources. It also requires outcome-based metrics, including biometric match rates, data quality improvements, and reductions in adjudication time. The draft PWS contemplates a 12-month base period with four one-year option periods, with on-site services at TSA headquarters in Springfield, Virginia.]]> https://www.biometricupdate.com/202605/tsa-seeks-biometric-identity-management-support/feed 0 343601 US Coast Guard seeks iOS-compatible biometric devices for at-sea identity checks https://www.biometricupdate.com/202605/us-coast-guard-seeks-ios-compatible-biometric-devices-for-at-sea-identity-checks https://www.biometricupdate.com/202605/us-coast-guard-seeks-ios-compatible-biometric-devices-for-at-sea-identity-checks#respond Mon, 01 Jun 2026 01:05:45 +0000 https://www.biometricupdate.com/?p=343617 The U.S. Coast Guard (USCG) is asking industry for information on iOS-compatible biometric collection devices that could support its Biometrics at Sea System (BASS), a maritime law enforcement program used to identify people encountered during interdictions, boardings, and other at-sea operations. The request for information describes the Biometrics at Sea System, or BASS, as a critical Coast Guard capability for collecting, analyzing, and using biometric data in support of maritime law enforcement authorities, maritime domain awareness, officer safety, and the identification of people involved in illicit activity. The request comes as the Coast Guard continues to modernize BASS. In September, the service announced that it had awarded Parsons Corporation’s InCadence Strategic Solutions an indefinite-delivery, indefinite-quantity contract worth up to $9.7 million to support BASS 2.0. That contract covers additional biometric devices, software and hardware sustainment, peripheral equipment, integration, infrastructure, and cybersecurity work. The Coast Guard said at the time that crews collect biometrics at sea and submit them to DHS enterprise systems for identity checks that inform law enforcement decisions. The new RFI appears to explore whether the Coast Guard can expand or diversify the hardware available for the same operational environment, specifically by identifying devices compatible with Apple’s iOS ecosystem. The current fielded device identified in the capability statement is the Javelin XL, a rugged handheld capable of collecting multiple biometrics, including a four-finger fingerprint sensor, dual iris camera, and Android smartphone camera for face capture and photographs. The operational need is straightforward. Coast Guard boarding teams often work in disconnected, intermittent and low-bandwidth environments, where connectivity may depend on Wi-Fi, cellular links, docking stations, or other available communications. The capability statement says teams need to collect biometric and biographic data from individuals onboard vessels, query local watchlists, submit data to authoritative biometric repositories when connectivity is available, and receive results that can be used by boarding officers and decision-makers. The Coast Guard’s use cases show how the system is expected to work during vessel boardings. A designated law enforcement team boards a vessel, physically carries the BASS device, and uses it to capture biometric information from onboard individuals. The device may be used on battery power during a standard boarding and must be able to remain operational during longer missions, including through battery replacement. The captured data can be submitted through available connectivity for search and enrollment in authoritative biometric repositories. The data exchange component is central to the program. The capability statement says biometric data is sent to authoritative databases owned by the Federal Bureau of Investigation, Defense Department and Department of Homeland Security, while biographic data is used to run encounter checks for wants, warrants, and other relevant law enforcement information. Results are returned to the device and may identify a person, flag potential officer-safety concerns, or prompt the boarding team to contact a command center for deeper analysis of derogatory information. The system is also meant to support intelligence and mission coordination after the initial encounter. Personnel from the originating unit, tactical control elements, and supporting intelligence components may access enrollment data and query results. The capability statement says authorized users may access summary information from searches and enrollments, coordinate with Coast Guard and external mission partners, and use captured biometric and biographic information to nominate illicit actors to federal watchlists when appropriate. The capabilities sought are organized around three main areas: on-scene identity verification and enrollment, seamless and assured data exchange, and mission-ready operational capability. The first area requires rapid collection of multiple biometric modalities, including fingerprints, iris scans, and facial images, as well as contextual photographs of scars, marks and tattoos and associated biographic data. It also calls for local watchlist screening on the collection device, so operators can receive immediate results even when disconnected from networks. After that initial local screening, the system must be able to query national and international authoritative databases to determine whether an individual is a known threat, person of interest, or otherwise requires further action. If the person is not found in any database, the Coast Guard wants the ability to enroll the person’s complete biometric and biographic profile into the appropriate systems directly from the operational location. The second capability area focuses on moving data reliably between collection devices and databases. The document says the system must work whether personnel are pier-side, near shore, or operating in remote areas with degraded connectivity. It must automatically use available connections without complex manual configuration, confirm that submissions have been received and processed, and maintain a verifiable audit trail by logging data as it moves between collection devices and authoritative databases. The third area addresses the practical realities of maritime enforcement. The device must be portable, unobtrusive, rugged, and able to withstand water, salt, and shock. It must support tactical awareness and personal safety during boardings, remain powered for the duration of missions that may exceed a standard battery life, and be backed by training that goes beyond basic device operation. Security and interoperability are major concerns. BASS operations require extracted data to be securely stored on the device before transmission, with data stored in encrypted formats using Coast Guard-approved hardware and software tools. Once transmitted, data from BASS devices must integrate with the data exchange that pushes biometric data to authoritative databases and biographic data for encounter checks. The capability statement says authorized personnel in the Coast Guard, DHS and the Intelligence Community have access to the data exchange for further analysis, storage and dissemination.]]> https://www.biometricupdate.com/202605/us-coast-guard-seeks-ios-compatible-biometric-devices-for-at-sea-identity-checks/feed 0 343617 Notre Dame researchers release open-source iris recognition tools built for NIST testing https://www.biometricupdate.com/202605/notre-dame-researchers-release-open-source-iris-recognition-tools-built-for-nist-testing https://www.biometricupdate.com/202605/notre-dame-researchers-release-open-source-iris-recognition-tools-built-for-nist-testing#respond Mon, 01 Jun 2026 00:54:07 +0000 https://www.biometricupdate.com/?p=343599 Researchers at the University of Notre Dame have developed a new open-source toolkit intended to make iris recognition technology more transparent, easier to test, and more accessible to academic researchers working outside the commercial biometric industry. The paper, Lowering the Barrier to IREX Participation: Open-Source Algorithms, Toolkit, and Benchmarking for Iris Recognition, presents two new iris recognition algorithms, along with open-source implementations designed to comply with the National Institute of Standards and Technology’s (NIST) Iris Exchange, known as IREX. The work is aimed at a long-standing gap in biometric testing, as NIST’s IREX program has largely evaluated closed-source commercial iris recognition systems rather than open academic tools. The researchers say that matters because iris recognition is increasingly used in security and identity systems, but many of the most capable algorithms remain proprietary, and that limits outside review, makes reproducibility difficult, and leaves researchers without a strong open baseline for comparing new methods. It also creates problems for forensic uses of iris recognition, where explainability and human interpretation can be important. The paper introduces two new neural-network-based methods. The first, called TripletIris, uses a ConvNeXt-tiny model trained with batch-hard triplet loss. In simple terms, the model learns to pull images of the same iris closer together in a mathematical feature space while pushing images of different irises farther apart. The second, called ArcIris, uses a ResNet100 model trained with ArcFace loss, a method designed to create clearer separation between identities. The researchers also created IREX-compliant C++ versions of two existing Notre Dame iris recognition methods. One, HDBIF, uses human saliency-driven filtering to encode iris texture. The other, CRYPTS, detects and compares Fuchs’ crypts, visible structures in the iris that can be useful in human-interpretable forensic analysis. CRYPTS is particularly important from an explainability standpoint, but it also proved too computationally heavy for the strict timing demands of large-scale IREX search. The toolkit also includes open-source iris segmentation and circle-estimation models. These are the parts of the system that locate the iris and pupil, estimate their boundaries, and prepare the eye image for matching. That preprocessing step is essential because even a strong recognition algorithm can fail if it cannot properly isolate the iris from eyelids, eyelashes, glare, off-angle images, or other real-world image problems. A central contribution of the paper is not just that the algorithms exist, but that they were adapted for NIST-style testing. IREX imposes strict requirements on how algorithms handle images, create templates, manage memory, and perform large one-to-many searches. According to the paper, NIST caps template creation at 1.5 seconds per 640-by-480 image, and a one-to-many search against 500,000 templates returning 50 candidates from both eyes must finish within 25 seconds. Those constraints shaped the design choices. The researchers used lightweight architectures for segmentation and circle estimation, optimized C++ implementations, and disabled unnecessary threading and gradient tracking to prevent timeouts or memory failures. ArcIris and TripletIris were able to clear the search-time requirements using fast distance comparisons. HDBIF also met the timing requirements after optimization. CRYPTS, however, failed the timing requirement because it relies on a more expensive comparison process. The performance results show that modern open-source iris recognition is becoming much more competitive. Across multiple academic datasets, ArcIris and TripletIris substantially outperformed older open-source systems such as OSIRIS and USIT, while in some settings approaching the performance of commercial systems. ArcIris was generally the stronger and more stable of the two new neural-network methods, especially at strict false-match operating points. In biometric systems, a low false match rate is critical because it measures how often the system incorrectly says two different people are the same person. But systems must also avoid high false non-match rates, where the system fails to recognize the same person across different images. The paper found that ArcIris was particularly effective at reducing false non-matches under strict false-match settings. The researchers also emphasized failure-to-enroll performance. Some algorithms can appear accurate if they simply reject difficult images. But that is less useful in operational environments, where poor image quality, motion blur, occlusion, contact lenses, off-angle capture, and other issues are common. In the paper’s penalty-based evaluation, systems with high failure rates suffered major performance drops, while ArcIris and TripletIris maintained low failure-to-enroll rates across difficult datasets. The researchers are not claiming that open-source tools automatically solve the policy and civil liberties concerns surrounding biometric identification. But they are arguing that open systems can make the technology easier to test, reproduce, compare, and scrutinize. And that is especially important as iris recognition continues to appear in border security, law enforcement, corrections, identity verification, and forensic settings. The paper’s practical impact may be in lowering the barrier for other researchers to participate in NIST evaluations. By providing IREX-compliant C++ code, Python implementations, model weights, segmentation tools, and examples of how to satisfy NIST’s technical requirements, the authors created a pathway for academic and open-source teams that may not have had the resources to prepare a formal IREX submission. The result is a technical paper with policy relevance. It shows that high-performing iris recognition no longer must be confined entirely to closed commercial systems. It also gives researchers, evaluators, and potentially government buyers a clearer way to compare open tools against proprietary systems. That does not eliminate the need for oversight. Iris recognition remains a powerful biometric technology capable of identifying people at scale. But the paper makes a strong case that if the technology is going to be used, open-source, independently tested, and reproducible systems should be part of the conversation.]]> https://www.biometricupdate.com/202605/notre-dame-researchers-release-open-source-iris-recognition-tools-built-for-nist-testing/feed 0 343599 Incognia says privacy-first fraud prevention gains traction in Europe https://www.biometricupdate.com/202605/incognia-says-privacy-first-fraud-prevention-gains-traction-in-europe https://www.biometricupdate.com/202605/incognia-says-privacy-first-fraud-prevention-gains-traction-in-europe#respond Mon, 01 Jun 2026 00:50:46 +0000 https://www.biometricupdate.com/?p=343626 Incognia says it has become the most downloaded fraud prevention software development kit (SDK) in Europe, attributing the milestone to growing demand for fraud controls that align with data minimization requirements under GDPR. The announcement follows a period of rapid growth for the company. Earlier this year, Incognia reported a 200 percent increase in annual revenue and argued that organizations are increasingly looking beyond traditional fraud prevention approaches such as device fingerprinting and biometric selfie checks as fraud tactics become more sophisticated. Rather than focusing on identity verification, Incognia's technology analyzes device, network and location-behavior signals to determine whether activity is consistent with a user's established patterns. The company says the approach allows businesses to detect fraud without collecting direct identifiers such as names, email addresses, phone numbers or government-issued identity documents. The claim comes as European organizations face growing pressure to balance fraud prevention with privacy obligations. Financial institutions, marketplaces, mobility providers and digital commerce platforms are increasingly examining whether existing fraud controls rely on more personal data than necessary and whether alternative approaches can meet both security and compliance requirements. The broader fraud prevention market remains highly fragmented. Traditional providers continue to rely heavily on identity-based verification, device intelligence, behavioral analytics and biometric authentication, while newer entrants are emphasizing privacy-preserving approaches that seek to reduce dependence on personally identifiable information. Incognia argues that advances in generative AI are accelerating that shift. In announcing its recent growth, CEO André Ferraz said many fraud prevention tools rely on digital signals that can increasingly be manipulated or replicated, prompting organizations to seek additional behavioral and contextual risk signals. The company says its technology is being used to address account takeover, synthetic and fake account creation, authorized push payment fraud, bonus abuse and mule account activity across sectors including financial services, mobility, food delivery and e-commerce. While Incognia's claim of becoming Europe's most downloaded fraud prevention SDK highlights growing adoption, it also reflects a larger debate within the fraud prevention industry over how organizations can verify trust and detect risk while collecting less personal data.]]> https://www.biometricupdate.com/202605/incognia-says-privacy-first-fraud-prevention-gains-traction-in-europe/feed 0 343626 Synthetic IDs and injection attacks – the weaponisation of identity in fraud and financial crime https://www.biometricupdate.com/202605/synthetic-ids-and-injection-attacks-the-weaponisation-of-identity-in-fraud-and-financial-crime https://www.biometricupdate.com/202605/synthetic-ids-and-injection-attacks-the-weaponisation-of-identity-in-fraud-and-financial-crime#respond Sat, 30 May 2026 00:30:55 +0000 https://www.biometricupdate.com/?p=343587 Identity fraud isn’t what it used to be. It’s no longer just stolen credentials being reused or obvious fake profiles slipping through basic checks. Today, fraud is being engineered. Rather than relying on traditional identity theft, fraudsters now design, refine, and iterate identities engineered to pass verification at scale and exploiting weak points across ID&V, KYC, and KYB processes. The result is a new wave of fraud that moves faster than detection, adapts in real time, and turns identity into the ultimate weapon in a fraudster’s arsenal. Here’s what’s inside:
  • How synthetic identities and injection attacks are being used together to bypass onboarding and verification
  • What modern identity fraud looks like, including how AI and generative tools are lowering barriers
  • Where identity journeys are most exposed, and how fraudsters are operationalising attacks across onboarding
  • Why traditional ID&V, KYC, and KYB approaches struggle against engineered identities
Download your copy here.]]> https://www.biometricupdate.com/202605/synthetic-ids-and-injection-attacks-the-weaponisation-of-identity-in-fraud-and-financial-crime/feed 0 343587 Yoti challenges academic research, invites independent audit of age assurance platform https://www.biometricupdate.com/202605/yoti-challenges-academic-research-invites-independent-audit-of-age-assurance-platform https://www.biometricupdate.com/202605/yoti-challenges-academic-research-invites-independent-audit-of-age-assurance-platform#respond Fri, 29 May 2026 20:45:46 +0000 https://www.biometricupdate.com/?p=343531 Yoti has publicly challenged research presented by academics from the Georgia Institute of Technology and the University of California, Irvine, and invited an independent cybersecurity audit of its age assurance platform in an effort to rebut claims about how it handles user data. The dispute highlights growing scrutiny of age assurance technologies as governments increasingly require age checks for access to online content and services. It also marks an unusual move by a leading provider, which is responding to criticism not only with public rebuttals but by offering independent verification of its systems. Researchers presenting at the IEEE Symposium on Security and Privacy argued that Yoti's age verification process transmits personal information to third- and fourth-party companies, including credit card providers, geolocation services and data brokers. An article from the blog of Georgia Tech’s College of Computing summarizes: “The researchers found that the information being shared can be used to identify and track devices. For example, a single verification attempt may transmit a user’s facial image, IP address, and device fingerprint to credit card companies.” Yoti CEO Robin Tombs rejected those claims in an open letter, calling allegations that facial image data is shared with third parties "wholly false." Rather than limiting its response to public criticism, Yoti has challenged the researchers to nominate an independent cybersecurity expert to review the company's technology and verify how user data is handled.

Yoti says claims are 'wholly false'

“The allegation that Yoti’s age verification platforms transmits facial image data to any third party is wholly false,” says Yoti CEO Robin Tombs, in an open letter that calls for a redaction of the articles in which the claim is made, and a public apology from the two U.S. schools. “Our systems are built in a way that means we cannot mine or sell data to third parties, and once a security check is complete, we cannot access any user details.” As such, the company has serious concerns about “multiple statements making claims about our platform that are scientifically and factually incorrect, technically at odds with how our technology actually works, and which were not subject to prior comment by, or consultation with, Yoti.”

Researchers allege data-sharing risks in age verification process

The paper, “Papers, Please: A First Look at Age Verification on the Web,” examines privacy and security implications of online age verification systems, but also extends into broader debates over regulation, censorship and free speech. The most concrete assertion concerns Yoti’s collection of that “high-entropy data.” “Yoti collects a significant amount of high-resolution data about the user’s device. It is unclear what the use of this data is, and we note that little information collected here appears to be necessary in estimating the age of a user, assuming that one is doing so purely from the image captured or the user’s ID. We further note that much of what is collected (OS version strings, available RAM, connection type, and CPU architecture) is also gathered by well-known fingerprinting libraries. Along with the user’s IP address, it is likely that this data is uniquely identifiable, allowing for unpermissioned tracking of the user’s device.” The paper’s conclusion leaps from a critique of Yoti’s privacy policy to the question of compliance. “Our observations paint a concerning picture of privacy and effectiveness of age verification,” it says, setting up what it wants to be a killing blow. “Compliance is low – only roughly 14 percent of sites self-labeling as adult content perform age verification in states with mandates.” From there, the technical research paper takes on an unusually political tone. “The censorship risks inherent in age verification and existing cryptographic proposals extend beyond the sites we examine here,” it says. “Without a significant shift in policy direction, age verification suites may eventually control users’ ability to participate in online speech.” “Regardless of how age verification is balkanizing the U.S. web, our security and privacy analysis of the most common age verification provider has implications for future free speech debates.”

Yoti offers independent review

Yoti argues the researchers mischaracterized how its platform operates and drew conclusions that are unsupported by the evidence presented in the paper. The company says the research conflates device-level telemetry and network data with biometric information and fails to distinguish between different age-assurance methods offered by the platform It is willing to prove this. In his letter, Tombs invites the two schools to “propose an independent cyber security expert to interrogate our technology freely, with any and all access to it facilitated without restriction (save for any necessary for infrastructure and commercial integrity, or compliance with legal obligations), for the purposes of verifying the security and integrity of our age verification platform, and specifically the protection of users’ data including facial images.” The disagreement reflects broader tensions surrounding age assurance technologies, which are facing increasing demands for transparency as regulators mandate age checks across online services. As age verification becomes more widespread, providers are likely to face growing pressure to demonstrate through independent testing how biometric and identity data are collected, processed and protected.]]> https://www.biometricupdate.com/202605/yoti-challenges-academic-research-invites-independent-audit-of-age-assurance-platform/feed 0 343531 US probe puts prediction market identity controls under the spotlight https://www.biometricupdate.com/202605/us-probe-puts-prediction-market-identity-controls-under-the-spotlight https://www.biometricupdate.com/202605/us-probe-puts-prediction-market-identity-controls-under-the-spotlight#respond Fri, 29 May 2026 20:44:29 +0000 https://www.biometricupdate.com/?p=343562 The U.S. House Committee on Oversight and Government Reform has opened an inquiry into Polymarket and Kalshi, pressing the two prediction market companies for records on identity verification, geographic restrictions, suspicious trading, and the handling of markets tied to military operations, geopolitical events, and political contests. Letters sent to the companies by chairman James Comer mark one of the clearest signs yet that Congress is beginning to treat prediction markets not merely as a financial technology novelty, but as a possible national security, market integrity, and identity-verification problem. The inquiry comes as Polymarket has reportedly begun rolling out new identity-verification measures after years in which users could register with little more than an email address. The committee’s letters to Polymarket CEO Shayne Coplan and Kalshi CEO Tarek Mansour frame the central concern bluntly, saying online prediction markets may be vulnerable to insider trading by users who have access to nonpublic, market-moving information. In Polymarket’s case, the committee said it is examining whether company safeguards are adequate to prevent users from accessing offshore sites to evade U.S. regulatory requirements, and whether the company has sufficient systems to identify domestic and international users, enforce geographic restrictions, and detect anomalous trading activity. The inquiry is rooted partly in the April 24 federal indictment of U.S. Army Master Sergeant Gannon Ken Van Dyke, who is alleged to have used classified information related to Operation Absolute Resolve to capture Venezuelan President Nicolás Maduro. Van Dyke is alleged to have placed wagers that generated more than $409,000 in personal gain on Polymarket. The lawmaker’s letter also points to reporting that more than 80 Polymarket users placed bets with suspicious characteristics, including trades made hours before unannounced U.S. and Israeli military operations against Iran. For Congress, the issue is not simply whether a trader guessed correctly. It is whether prediction markets have created a new venue where classified information, political insider knowledge, or other nonpublic information can be rapidly monetized through event contracts. That concern is especially acute when the underlying events involve military operations, foreign policy, elections, or actions by government officials. Comer requested Polymarket documents dating back to January 1, 2024, including records on the company’s identity verification technologies, vendors, KYC procedures, differences between domestic and international account requirements, and any changes to access-control procedures. Comey also seeks records on how Polymarket detects and reports suspicious trading, including algorithmic tools or thresholds used to flag trades that may reflect use of classified or nonpublic information. The committee also asked Polymarket for records tied to event contracts involving U.S. or Israeli military operations in Iran, Operation Absolute Resolve, Maduro-related markets, how the company collects and uses personal data, and whether current or former officers, employees, advisers, or directors have held or applied for U.S. government security clearances. That last request underscores the national security dimension of the inquiry. Comey is asking not only how users are screened, but whether people close to the platform itself may have access to sensitive government information. Kalshi received a parallel letter, but with a slightly different regulatory backdrop. Unlike Polymarket, Kalshi has operated as a Commodity Futures Trading Commission-designated contract market since November 2020. The committee acknowledged that status but said Kalshi’s October 2025 expansion into more than 140 countries raises questions about whether international users are subject to identity-verification and insider trading rules equivalent to those applied domestically. The Kalshi letter also cites political market concerns. According to the committee, former California gubernatorial candidate Kyle Langford placed a $200 bet on Kalshi on his own race in May 2025, and three additional politicians later placed bets on the platform related to their own races. The committee said that pattern, combined with the Van Dyke indictment and suspicious trading reported on Polymarket, suggests congressional action may be necessary. Like the Polymarket request, the Kalshi letter seeks documents on KYC procedures, anomalous trading detection, suspicious activity referrals, event contracts tied to military operations, personal data practices, compliance with Commodity Futures Trading Commission (CFTC) rules, internal legal assessments, and any company personnel or advisers with U.S. government security clearances. The committee gave both companies until June 5 to provide records. The congressional pressure coincides with a reported shift inside Polymarket, which has begun implementing new identity-verification measures and stricter access controls in response to pressure from international regulators and Congress over illegal gambling concerns and users from sanctioned countries. The company has reportedly created an online portal where users can submit passports, driver’s licenses, proof of residence, and other identifying information. The forms reportedly ask users to demonstrate they are not residents of prohibited regions, places where governments have barred Polymarket from operating, or countries subject to U.S. sanctions, including Russia, North Korea, and Cuba. Polymarket is also reportedly asking business users, such as developers of trading applications connected to its platform, about their investors and location. That is a significant turn for a platform whose appeal has long been tied to speed, crypto-native access, and relatively low-friction participation. Polymarket is trying to encourage users to provide identifying information by offering faster trading speeds, but the move has drawn criticism from users who argue that mandatory KYC could alienate the platform’s core base. The compliance shift reflects a larger identity problem now confronting prediction markets. These platforms depend on liquidity, scale, and fast participation, but the same characteristics that make them attractive to traders can make them difficult to police. Geographic restrictions can be evaded with virtual private networks. Crypto rails can obscure user behavior. International access can complicate the question of which country’s rules apply. And event contracts based on military, diplomatic, or political developments can create incentives for people with privileged information to turn that knowledge into profit. The House inquiry also lands amid a widening jurisdictional fight over whether prediction markets should be treated primarily as federally regulated commodities markets or as gambling operations subject to state restrictions. Minnesota recently became the first state to ban the industry from operating within its borders. In response, CFTC filed suit on May 19 seeking a preliminary injunction to stop the state’s new prediction market ban from taking effect on August 1, escalating the conflict between state regulators and federal officials. Kalshi has also filed its own suit seeking to stop enforcement of the ban. The central question now is whether prediction markets can build compliance systems strong enough to satisfy regulators without destroying the user experience that fueled their growth. For Congress, the answer may determine whether these platforms remain a niche financial technology, become a mainstream regulated market, or face new limits on the kinds of events they can list.]]> https://www.biometricupdate.com/202605/us-probe-puts-prediction-market-identity-controls-under-the-spotlight/feed 0 343562 Age assurance landscape diverging between US, everywhere else https://www.biometricupdate.com/202605/age-assurance-landscape-diverging-between-us-everywhere-else https://www.biometricupdate.com/202605/age-assurance-landscape-diverging-between-us-everywhere-else#respond Fri, 29 May 2026 20:08:56 +0000 https://www.biometricupdate.com/?p=343552 In the EU and UK, the debate over age assurance for social media has reached the highest levels of government, and become increasingly lopsided in favor of age prohibitions. But in the U.S., where state-level decisions dictate the policy landscape, the battle remains more of a scrum in the dirt, as legislators toss up bills for the legal lobby NetChoice to shoot down.

Walz signs Minnesota bill; NetChoice threatens legal action

A bill enacting new guardrails for Minnesota children on social media platforms has been signed into law. A report in the Minnesota Reformer says HF 4138 requires parental consent for kids under 16 to open a social media account, and bans infinite scroll, autoplay video and push notifications on kids’ accounts. “As a teacher and a dad, I’ve seen firsthand how new and emerging technology can impact our children,” says a statement from Governor Tim Walz. “As social media becomes more advanced, we need to make sure our families don’t fall victim to the powerful companies that use kids as a testing ground to make algorithms more addictive.” Walz’ signature did not go unanswered. A letter from NetChoice, the preferred litigation engine for Big Tech, threatens legal action, calling the bill “constitutionally defective legislation that will be enjoined by federal courts before it can take effect – at significant cost to Minnesota taxpayers – while doing nothing to protect the children it claims to serve.”

NetChoice to sue in Illinois over age law

In Illinois, House Bill 5511 aims to create “an age assurance system that allows platforms to identify whether a user is a minor without unnecessarily collecting excessive personal information,” according to Illinois state Sen. Willie Preston, D-Chicago. The bill has the support of Illinois Gov. J.B. Pritzker’s office. It also has lawsuits on the horizon. The Center Square quotes NetChoice Director of Policy Patrick Hedger, who says that, “while we share this committee’s concerns for children’s online safety, this bill would trample on the speech rights while endangering online safety of users of all ages.

In Nebraska, a lawsuit from NetChoice

NetChoice is the legal organization representing Silicon Valley’s biggest companies, and specifically the social media giants. It is also the proverbial thorn in the side of online safety legislation in the U.S. This month, NetChoice sued the state of Nebraska – according to the firm’s website, to “stop the portions of LB 383 that force Nebraskans to surrender digital I.D.’s just to access lawful information and use everyday digital services like social media.” It says the age verification law, which is set to take effect on July 1, 2026, “creates significant cybersecurity risks and undermines parents’ authority online.” Paul Taske is co-director of the NetChoice Litigation Center, and its most frequently quoted soldier. In a release, he says “Nebraska’s new Digital ID law makes a mockery of the First Amendment. The government cannot condition access to fully protected speech on a person’s willingness to hand over their most sensitive information. In fact, there is a large, growing body of law explaining exactly why this approach is unconstitutional.” “Nebraska joined the fray on the wrong side. When a law goes against the Constitution, it is doomed from the start.”

US kids could be alone on social media

The legislative situation in the U.S. regarding online safety is almost comical, as the lightly disguised legal militia for Meta, X, Google and other household names pounces from bill to bill, waving the First Amendment like a banner. But it points to a divergence between the U.S. and the rest of the world on social media age assurance, which would seem to be growing. By the end of 2026, the UK is likely to have an age assurance law for social media. The Europe’s EUDI Wallet scheme, enabling selective disclosure of age credentials through digital ID, dovetails with the bloc’s increased efforts on regulation. Canada is exploring privacy preserving age checks for social media. Australia, which led the way, has kicked off a global movement to limit the access large social media platforms get to kids’ data and kids’ lives. But in the U.S. – where “age verification” remains the most common blanket term to refer to the full scope of age assurance methods – legislators find themselves tripping on a Constitutional amendment that is both central to American identity, and easy for Big Tech to exploit.

Colorado, South Carolina next up on litigation block

One might count down the days before NetChoice files suit against Colorado, which just passed its own age assurance bill in the House: SB26-051, now awaiting the governor’s signature. The organization has already lobbed several previous lawsuits at the state, as it looks to catch up with the world outside Palo Alto on age checks. Likewise in South Carolina, where Governor Henry McMaster has signed a social media age check bill into law. Per VitalLaw, the Stop Harm from Addictive Social Media Act will “require large social media platforms with at least $1 billion in annual advertising revenue to take steps to protect children under 16 from potentially harmful and addictive features. The measure directs these platforms to use ‘reasonable means to estimate and verify the ages of account holders,’ with specific confidence thresholds and timelines triggered by user activity.” In what is sure to spark more controversial litigation, the act provides for a private right of action for children and parents to seek damages, including statutory damages of at least $10,000 for reckless or knowing violations.]]> https://www.biometricupdate.com/202605/age-assurance-landscape-diverging-between-us-everywhere-else/feed 0 343552 2026 World Cup to test online betting age verification at scale https://www.biometricupdate.com/202605/2026-world-cup-to-test-online-betting-age-verification-at-scale https://www.biometricupdate.com/202605/2026-world-cup-to-test-online-betting-age-verification-at-scale#respond Fri, 29 May 2026 20:06:25 +0000 https://www.biometricupdate.com/?p=343520 Jumio research suggests the 2026 World Cup could drive a surge in online sports betting while increasing concerns about minors accessing gambling platforms. The findings highlight a growing challenge for online gambling operators as major sporting events drive spikes in account creation and betting activity. With millions of new and occasional users expected to place wagers during the tournament, age and identity verification systems are likely to face increased scrutiny from regulators and child-safety advocates. The company’s 2026 Online Identity Study, based on responses from 8,003 adults across the U.S., UK, Singapore and Mexico, found that 63 percent of consumers worry that minors will use sports betting apps during the tournament. Nearly three‑quarters of respondents — 74 percent — say the responsibility for preventing underage gambling sits squarely with betting platforms and the technology providers behind them. Only 7 percent disagreed. “As online sports betting grows, operators have a clear duty to prevent minors from accessing their platforms — not just react when something goes wrong,” says Bala Kumar, president and chief product and technology officer at Jumio. “That means layered identity and age verification built for real protection and designed so legitimate adults can get through without friction.” Sports betting has become mainstream, and the FIFA World Cup remains one of the world's largest sporting events, with the 2026 edition projected to draw in six billion viewers. One in three adults globally say they intend to place bets during the tournament, with interest highest in Mexico (43 percent), followed by the UK (33 percent), Singapore (29 percent) and the U.S. (26 percent). For almost half of respondents, betting is now a core part of their World Cup rituals — 47 percent say it will be important to how they enjoy the event, and 46 percent expect to socialize around the bets they place. Consumers now expect age and identity verification, with 49 percent comfortable providing a government-issued ID and biometric data to access digital gaming platforms. Respondents in Mexico and the U.S. were the most comfortable, at 50 and 54 percent, respectively. The study also highlights how the World Cup will draw new users into online gambling ecosystems. Twenty percent of respondents say this will be their first time interacting with an online gaming platform, and 37 percent expect to use multiple platforms during the tournament. More than half — 55 percent — prefer to place bets online rather than in person, and 43 percent already have an account they plan to use. The combination of first-time users, multiple-account activity and event-driven traffic surges creates conditions that can increase fraud and age-assurance risks. For operators, the World Cup represents both a revenue opportunity and a large-scale test of onboarding, identity verification and compliance controls. Jumio warns that new users, multiple accounts and high‑volume onboarding could strain operators’ verification systems at the very moment when preventing underage access is most critical. “In online betting, the operators who win will be the ones who treat verification as foundational, not as a checkbox,” says Kumar. The 2026 report is the fifth edition of Jumio’s annual global consumer study, which tracks shifting attitudes toward online identity, trust and digital risk. As online betting becomes increasingly intertwined with major sporting events, operators face growing pressure to balance seamless onboarding with stronger age and identity checks. The World Cup may become one of the largest tests yet of whether digital verification systems can keep minors off gambling platforms without creating excessive friction for legitimate users.]]> https://www.biometricupdate.com/202605/2026-world-cup-to-test-online-betting-age-verification-at-scale/feed 0 343520 ID4Africa’s Joseph Atick on why Africa is setting the pace for digital identity https://www.biometricupdate.com/202605/id4africas-joseph-atick-on-why-africa-is-setting-the-pace-for-digital-identity https://www.biometricupdate.com/202605/id4africas-joseph-atick-on-why-africa-is-setting-the-pace-for-digital-identity#respond Fri, 29 May 2026 19:36:56 +0000 https://www.biometricupdate.com/?p=343541 At the ID4Africa 2026 AGM in Abidjan, digital identity leaders focused on a common theme: building sustainable digital identity ecosystems that connect people, services and institutions. The conversation reflected Africa’s growing role as a global leader in national digital identity deployment, digital public infrastructure and cross-border interoperability. In the latest Biometric Update Podcast, Managing Editor Chris Burt speaks with Dr. Joseph Atick about the continent's digital identity progress, the countries leading deployment efforts and why long-term ecosystem development matters more than constantly chasing the next new initiative. “Sometimes, you know, funding organizations, they can say, well, but we funded this last year. What is new here? It feels like almost programming on network television. Like, let’s get something new to fund.” “That’s not what Africa needs. Africa needs continuity, needs sustainability, needs consistency across the board. And for that, I think the ecosystem is where we all need to buy in.” Atick describes digital identity as an ecosystem — one that is organic, interdependent and built through sustained investment rather than one-off projects. “You know, I’m a mathematician. In my old days, my career was math. And I’ve always appreciated the concept that richness does not require complexity. Richness can be built on the iteration of simple principles, but iterated many, many, many, many, many times.” The full conversation is available on the latest episode of the Biometric Update Podcast.

Listen now: SpotifyAppleYouTubePodbean

Runtime: 00:21:21]]> https://www.biometricupdate.com/202605/id4africas-joseph-atick-on-why-africa-is-setting-the-pace-for-digital-identity/feed 0 343541