Biometric Update https://www.biometricupdate.com Biometrics News, Companies and Explainers Sat, 30 May 2026 00:30:55 +0000 en-US hourly 1 66434804 Synthetic IDs and injection attacks – the weaponisation of identity in fraud and financial crime https://www.biometricupdate.com/202605/synthetic-ids-and-injection-attacks-the-weaponisation-of-identity-in-fraud-and-financial-crime https://www.biometricupdate.com/202605/synthetic-ids-and-injection-attacks-the-weaponisation-of-identity-in-fraud-and-financial-crime#respond Sat, 30 May 2026 00:30:55 +0000 https://www.biometricupdate.com/?p=343587 Identity fraud isn’t what it used to be. It’s no longer just stolen credentials being reused or obvious fake profiles slipping through basic checks. Today, fraud is being engineered. Rather than relying on traditional identity theft, fraudsters now design, refine, and iterate identities engineered to pass verification at scale and exploiting weak points across ID&V, KYC, and KYB processes. The result is a new wave of fraud that moves faster than detection, adapts in real time, and turns identity into the ultimate weapon in a fraudster’s arsenal. Here’s what’s inside:
  • How synthetic identities and injection attacks are being used together to bypass onboarding and verification
  • What modern identity fraud looks like, including how AI and generative tools are lowering barriers
  • Where identity journeys are most exposed, and how fraudsters are operationalising attacks across onboarding
  • Why traditional ID&V, KYC, and KYB approaches struggle against engineered identities
Download your copy here.]]> https://www.biometricupdate.com/202605/synthetic-ids-and-injection-attacks-the-weaponisation-of-identity-in-fraud-and-financial-crime/feed 0 343587 Yoti challenges academic research, invites independent audit of age assurance platform https://www.biometricupdate.com/202605/yoti-challenges-academic-research-invites-independent-audit-of-age-assurance-platform https://www.biometricupdate.com/202605/yoti-challenges-academic-research-invites-independent-audit-of-age-assurance-platform#respond Fri, 29 May 2026 20:45:46 +0000 https://www.biometricupdate.com/?p=343531 Yoti has publicly challenged research presented by academics from the Georgia Institute of Technology and the University of California, Irvine, and invited an independent cybersecurity audit of its age assurance platform in an effort to rebut claims about how it handles user data. The dispute highlights growing scrutiny of age assurance technologies as governments increasingly require age checks for access to online content and services. It also marks an unusual move by a leading provider, which is responding to criticism not only with public rebuttals but by offering independent verification of its systems. Researchers presenting at the IEEE Symposium on Security and Privacy argued that Yoti's age verification process transmits personal information to third- and fourth-party companies, including credit card providers, geolocation services and data brokers. An article from the blog of Georgia Tech’s College of Computing summarizes: “The researchers found that the information being shared can be used to identify and track devices. For example, a single verification attempt may transmit a user’s facial image, IP address, and device fingerprint to credit card companies.” Yoti CEO Robin Tombs rejected those claims in an open letter, calling allegations that facial image data is shared with third parties "wholly false." Rather than limiting its response to public criticism, Yoti has challenged the researchers to nominate an independent cybersecurity expert to review the company's technology and verify how user data is handled.

Yoti says claims are 'wholly false'

“The allegation that Yoti’s age verification platforms transmits facial image data to any third party is wholly false,” says Yoti CEO Robin Tombs, in an open letter that calls for a redaction of the articles in which the claim is made, and a public apology from the two U.S. schools. “Our systems are built in a way that means we cannot mine or sell data to third parties, and once a security check is complete, we cannot access any user details.” As such, the company has serious concerns about “multiple statements making claims about our platform that are scientifically and factually incorrect, technically at odds with how our technology actually works, and which were not subject to prior comment by, or consultation with, Yoti.”

Researchers allege data-sharing risks in age verification process

The paper, “Papers, Please: A First Look at Age Verification on the Web,” examines privacy and security implications of online age verification systems, but also extends into broader debates over regulation, censorship and free speech. The most concrete assertion concerns Yoti’s collection of that “high-entropy data.” “Yoti collects a significant amount of high-resolution data about the user’s device. It is unclear what the use of this data is, and we note that little information collected here appears to be necessary in estimating the age of a user, assuming that one is doing so purely from the image captured or the user’s ID. We further note that much of what is collected (OS version strings, available RAM, connection type, and CPU architecture) is also gathered by well-known fingerprinting libraries. Along with the user’s IP address, it is likely that this data is uniquely identifiable, allowing for unpermissioned tracking of the user’s device.” The paper’s conclusion leaps from a critique of Yoti’s privacy policy to the question of compliance. “Our observations paint a concerning picture of privacy and effectiveness of age verification,” it says, setting up what it wants to be a killing blow. “Compliance is low – only roughly 14 percent of sites self-labeling as adult content perform age verification in states with mandates.” From there, the technical research paper takes on an unusually political tone. “The censorship risks inherent in age verification and existing cryptographic proposals extend beyond the sites we examine here,” it says. “Without a significant shift in policy direction, age verification suites may eventually control users’ ability to participate in online speech.” “Regardless of how age verification is balkanizing the U.S. web, our security and privacy analysis of the most common age verification provider has implications for future free speech debates.”

Yoti offers independent review

Yoti argues the researchers mischaracterized how its platform operates and drew conclusions that are unsupported by the evidence presented in the paper. The company says the research conflates device-level telemetry and network data with biometric information and fails to distinguish between different age-assurance methods offered by the platform It is willing to prove this. In his letter, Tombs invites the two schools to “propose an independent cyber security expert to interrogate our technology freely, with any and all access to it facilitated without restriction (save for any necessary for infrastructure and commercial integrity, or compliance with legal obligations), for the purposes of verifying the security and integrity of our age verification platform, and specifically the protection of users’ data including facial images.” The disagreement reflects broader tensions surrounding age assurance technologies, which are facing increasing demands for transparency as regulators mandate age checks across online services. As age verification becomes more widespread, providers are likely to face growing pressure to demonstrate through independent testing how biometric and identity data are collected, processed and protected.]]> https://www.biometricupdate.com/202605/yoti-challenges-academic-research-invites-independent-audit-of-age-assurance-platform/feed 0 343531 US probe puts prediction market identity controls under the spotlight https://www.biometricupdate.com/202605/us-probe-puts-prediction-market-identity-controls-under-the-spotlight https://www.biometricupdate.com/202605/us-probe-puts-prediction-market-identity-controls-under-the-spotlight#respond Fri, 29 May 2026 20:44:29 +0000 https://www.biometricupdate.com/?p=343562 The U.S. House Committee on Oversight and Government Reform has opened an inquiry into Polymarket and Kalshi, pressing the two prediction market companies for records on identity verification, geographic restrictions, suspicious trading, and the handling of markets tied to military operations, geopolitical events, and political contests. Letters sent to the companies by chairman James Comer mark one of the clearest signs yet that Congress is beginning to treat prediction markets not merely as a financial technology novelty, but as a possible national security, market integrity, and identity-verification problem. The inquiry comes as Polymarket has reportedly begun rolling out new identity-verification measures after years in which users could register with little more than an email address. The committee’s letters to Polymarket CEO Shayne Coplan and Kalshi CEO Tarek Mansour frame the central concern bluntly, saying online prediction markets may be vulnerable to insider trading by users who have access to nonpublic, market-moving information. In Polymarket’s case, the committee said it is examining whether company safeguards are adequate to prevent users from accessing offshore sites to evade U.S. regulatory requirements, and whether the company has sufficient systems to identify domestic and international users, enforce geographic restrictions, and detect anomalous trading activity. The inquiry is rooted partly in the April 24 federal indictment of U.S. Army Master Sergeant Gannon Ken Van Dyke, who is alleged to have used classified information related to Operation Absolute Resolve to capture Venezuelan President Nicolás Maduro. Van Dyke is alleged to have placed wagers that generated more than $409,000 in personal gain on Polymarket. The lawmaker’s letter also points to reporting that more than 80 Polymarket users placed bets with suspicious characteristics, including trades made hours before unannounced U.S. and Israeli military operations against Iran. For Congress, the issue is not simply whether a trader guessed correctly. It is whether prediction markets have created a new venue where classified information, political insider knowledge, or other nonpublic information can be rapidly monetized through event contracts. That concern is especially acute when the underlying events involve military operations, foreign policy, elections, or actions by government officials. Comer requested Polymarket documents dating back to January 1, 2024, including records on the company’s identity verification technologies, vendors, KYC procedures, differences between domestic and international account requirements, and any changes to access-control procedures. Comey also seeks records on how Polymarket detects and reports suspicious trading, including algorithmic tools or thresholds used to flag trades that may reflect use of classified or nonpublic information. The committee also asked Polymarket for records tied to event contracts involving U.S. or Israeli military operations in Iran, Operation Absolute Resolve, Maduro-related markets, how the company collects and uses personal data, and whether current or former officers, employees, advisers, or directors have held or applied for U.S. government security clearances. That last request underscores the national security dimension of the inquiry. Comey is asking not only how users are screened, but whether people close to the platform itself may have access to sensitive government information. Kalshi received a parallel letter, but with a slightly different regulatory backdrop. Unlike Polymarket, Kalshi has operated as a Commodity Futures Trading Commission-designated contract market since November 2020. The committee acknowledged that status but said Kalshi’s October 2025 expansion into more than 140 countries raises questions about whether international users are subject to identity-verification and insider trading rules equivalent to those applied domestically. The Kalshi letter also cites political market concerns. According to the committee, former California gubernatorial candidate Kyle Langford placed a $200 bet on Kalshi on his own race in May 2025, and three additional politicians later placed bets on the platform related to their own races. The committee said that pattern, combined with the Van Dyke indictment and suspicious trading reported on Polymarket, suggests congressional action may be necessary. Like the Polymarket request, the Kalshi letter seeks documents on KYC procedures, anomalous trading detection, suspicious activity referrals, event contracts tied to military operations, personal data practices, compliance with Commodity Futures Trading Commission (CFTC) rules, internal legal assessments, and any company personnel or advisers with U.S. government security clearances. The committee gave both companies until June 5 to provide records. The congressional pressure coincides with a reported shift inside Polymarket, which has begun implementing new identity-verification measures and stricter access controls in response to pressure from international regulators and Congress over illegal gambling concerns and users from sanctioned countries. The company has reportedly created an online portal where users can submit passports, driver’s licenses, proof of residence, and other identifying information. The forms reportedly ask users to demonstrate they are not residents of prohibited regions, places where governments have barred Polymarket from operating, or countries subject to U.S. sanctions, including Russia, North Korea, and Cuba. Polymarket is also reportedly asking business users, such as developers of trading applications connected to its platform, about their investors and location. That is a significant turn for a platform whose appeal has long been tied to speed, crypto-native access, and relatively low-friction participation. Polymarket is trying to encourage users to provide identifying information by offering faster trading speeds, but the move has drawn criticism from users who argue that mandatory KYC could alienate the platform’s core base. The compliance shift reflects a larger identity problem now confronting prediction markets. These platforms depend on liquidity, scale, and fast participation, but the same characteristics that make them attractive to traders can make them difficult to police. Geographic restrictions can be evaded with virtual private networks. Crypto rails can obscure user behavior. International access can complicate the question of which country’s rules apply. And event contracts based on military, diplomatic, or political developments can create incentives for people with privileged information to turn that knowledge into profit. The House inquiry also lands amid a widening jurisdictional fight over whether prediction markets should be treated primarily as federally regulated commodities markets or as gambling operations subject to state restrictions. Minnesota recently became the first state to ban the industry from operating within its borders. In response, CFTC filed suit on May 19 seeking a preliminary injunction to stop the state’s new prediction market ban from taking effect on August 1, escalating the conflict between state regulators and federal officials. Kalshi has also filed its own suit seeking to stop enforcement of the ban. The central question now is whether prediction markets can build compliance systems strong enough to satisfy regulators without destroying the user experience that fueled their growth. For Congress, the answer may determine whether these platforms remain a niche financial technology, become a mainstream regulated market, or face new limits on the kinds of events they can list.]]> https://www.biometricupdate.com/202605/us-probe-puts-prediction-market-identity-controls-under-the-spotlight/feed 0 343562 Age assurance landscape diverging between US, everywhere else https://www.biometricupdate.com/202605/age-assurance-landscape-diverging-between-us-everywhere-else https://www.biometricupdate.com/202605/age-assurance-landscape-diverging-between-us-everywhere-else#respond Fri, 29 May 2026 20:08:56 +0000 https://www.biometricupdate.com/?p=343552 In the EU and UK, the debate over age assurance for social media has reached the highest levels of government, and become increasingly lopsided in favor of age prohibitions. But in the U.S., where state-level decisions dictate the policy landscape, the battle remains more of a scrum in the dirt, as legislators toss up bills for the legal lobby NetChoice to shoot down.

Walz signs Minnesota bill; NetChoice threatens legal action

A bill enacting new guardrails for Minnesota children on social media platforms has been signed into law. A report in the Minnesota Reformer says HF 4138 requires parental consent for kids under 16 to open a social media account, and bans infinite scroll, autoplay video and push notifications on kids’ accounts. “As a teacher and a dad, I’ve seen firsthand how new and emerging technology can impact our children,” says a statement from Governor Tim Walz. “As social media becomes more advanced, we need to make sure our families don’t fall victim to the powerful companies that use kids as a testing ground to make algorithms more addictive.” Walz’ signature did not go unanswered. A letter from NetChoice, the preferred litigation engine for Big Tech, threatens legal action, calling the bill “constitutionally defective legislation that will be enjoined by federal courts before it can take effect – at significant cost to Minnesota taxpayers – while doing nothing to protect the children it claims to serve.”

NetChoice to sue in Illinois over age law

In Illinois, House Bill 5511 aims to create “an age assurance system that allows platforms to identify whether a user is a minor without unnecessarily collecting excessive personal information,” according to Illinois state Sen. Willie Preston, D-Chicago. The bill has the support of Illinois Gov. J.B. Pritzker’s office. It also has lawsuits on the horizon. The Center Square quotes NetChoice Director of Policy Patrick Hedger, who says that, “while we share this committee’s concerns for children’s online safety, this bill would trample on the speech rights while endangering online safety of users of all ages.

In Nebraska, a lawsuit from NetChoice

NetChoice is the legal organization representing Silicon Valley’s biggest companies, and specifically the social media giants. It is also the proverbial thorn in the side of online safety legislation in the U.S. This month, NetChoice sued the state of Nebraska – according to the firm’s website, to “stop the portions of LB 383 that force Nebraskans to surrender digital I.D.’s just to access lawful information and use everyday digital services like social media.” It says the age verification law, which is set to take effect on July 1, 2026, “creates significant cybersecurity risks and undermines parents’ authority online.” Paul Taske is co-director of the NetChoice Litigation Center, and its most frequently quoted soldier. In a release, he says “Nebraska’s new Digital ID law makes a mockery of the First Amendment. The government cannot condition access to fully protected speech on a person’s willingness to hand over their most sensitive information. In fact, there is a large, growing body of law explaining exactly why this approach is unconstitutional.” “Nebraska joined the fray on the wrong side. When a law goes against the Constitution, it is doomed from the start.”

US kids could be alone on social media

The legislative situation in the U.S. regarding online safety is almost comical, as the lightly disguised legal militia for Meta, X, Google and other household names pounces from bill to bill, waving the First Amendment like a banner. But it points to a divergence between the U.S. and the rest of the world on social media age assurance, which would seem to be growing. By the end of 2026, the UK is likely to have an age assurance law for social media. The Europe’s EUDI Wallet scheme, enabling selective disclosure of age credentials through digital ID, dovetails with the bloc’s increased efforts on regulation. Canada is exploring privacy preserving age checks for social media. Australia, which led the way, has kicked off a global movement to limit the access large social media platforms get to kids’ data and kids’ lives. But in the U.S. – where “age verification” remains the most common blanket term to refer to the full scope of age assurance methods – legislators find themselves tripping on a Constitutional amendment that is both central to American identity, and easy for Big Tech to exploit.

Colorado, South Carolina next up on litigation block

One might count down the days before NetChoice files suit against Colorado, which just passed its own age assurance bill in the House: SB26-051, now awaiting the governor’s signature. The organization has already lobbed several previous lawsuits at the state, as it looks to catch up with the world outside Palo Alto on age checks. Likewise in South Carolina, where Governor Henry McMaster has signed a social media age check bill into law. Per VitalLaw, the Stop Harm from Addictive Social Media Act will “require large social media platforms with at least $1 billion in annual advertising revenue to take steps to protect children under 16 from potentially harmful and addictive features. The measure directs these platforms to use ‘reasonable means to estimate and verify the ages of account holders,’ with specific confidence thresholds and timelines triggered by user activity.” In what is sure to spark more controversial litigation, the act provides for a private right of action for children and parents to seek damages, including statutory damages of at least $10,000 for reckless or knowing violations.]]> https://www.biometricupdate.com/202605/age-assurance-landscape-diverging-between-us-everywhere-else/feed 0 343552 2026 World Cup to test online betting age verification at scale https://www.biometricupdate.com/202605/2026-world-cup-to-test-online-betting-age-verification-at-scale https://www.biometricupdate.com/202605/2026-world-cup-to-test-online-betting-age-verification-at-scale#respond Fri, 29 May 2026 20:06:25 +0000 https://www.biometricupdate.com/?p=343520 Jumio research suggests the 2026 World Cup could drive a surge in online sports betting while increasing concerns about minors accessing gambling platforms. The findings highlight a growing challenge for online gambling operators as major sporting events drive spikes in account creation and betting activity. With millions of new and occasional users expected to place wagers during the tournament, age and identity verification systems are likely to face increased scrutiny from regulators and child-safety advocates. The company’s 2026 Online Identity Study, based on responses from 8,003 adults across the U.S., UK, Singapore and Mexico, found that 63 percent of consumers worry that minors will use sports betting apps during the tournament. Nearly three‑quarters of respondents — 74 percent — say the responsibility for preventing underage gambling sits squarely with betting platforms and the technology providers behind them. Only 7 percent disagreed. “As online sports betting grows, operators have a clear duty to prevent minors from accessing their platforms — not just react when something goes wrong,” says Bala Kumar, president and chief product and technology officer at Jumio. “That means layered identity and age verification built for real protection and designed so legitimate adults can get through without friction.” Sports betting has become mainstream, and the FIFA World Cup remains one of the world's largest sporting events, with the 2026 edition projected to draw in six billion viewers. One in three adults globally say they intend to place bets during the tournament, with interest highest in Mexico (43 percent), followed by the UK (33 percent), Singapore (29 percent) and the U.S. (26 percent). For almost half of respondents, betting is now a core part of their World Cup rituals — 47 percent say it will be important to how they enjoy the event, and 46 percent expect to socialize around the bets they place. Consumers now expect age and identity verification, with 49 percent comfortable providing a government-issued ID and biometric data to access digital gaming platforms. Respondents in Mexico and the U.S. were the most comfortable, at 50 and 54 percent, respectively. The study also highlights how the World Cup will draw new users into online gambling ecosystems. Twenty percent of respondents say this will be their first time interacting with an online gaming platform, and 37 percent expect to use multiple platforms during the tournament. More than half — 55 percent — prefer to place bets online rather than in person, and 43 percent already have an account they plan to use. The combination of first-time users, multiple-account activity and event-driven traffic surges creates conditions that can increase fraud and age-assurance risks. For operators, the World Cup represents both a revenue opportunity and a large-scale test of onboarding, identity verification and compliance controls. Jumio warns that new users, multiple accounts and high‑volume onboarding could strain operators’ verification systems at the very moment when preventing underage access is most critical. “In online betting, the operators who win will be the ones who treat verification as foundational, not as a checkbox,” says Kumar. The 2026 report is the fifth edition of Jumio’s annual global consumer study, which tracks shifting attitudes toward online identity, trust and digital risk. As online betting becomes increasingly intertwined with major sporting events, operators face growing pressure to balance seamless onboarding with stronger age and identity checks. The World Cup may become one of the largest tests yet of whether digital verification systems can keep minors off gambling platforms without creating excessive friction for legitimate users.]]> https://www.biometricupdate.com/202605/2026-world-cup-to-test-online-betting-age-verification-at-scale/feed 0 343520 ID4Africa’s Joseph Atick on why Africa is setting the pace for digital identity https://www.biometricupdate.com/202605/id4africas-joseph-atick-on-why-africa-is-setting-the-pace-for-digital-identity https://www.biometricupdate.com/202605/id4africas-joseph-atick-on-why-africa-is-setting-the-pace-for-digital-identity#respond Fri, 29 May 2026 19:36:56 +0000 https://www.biometricupdate.com/?p=343541 At the ID4Africa 2026 AGM in Abidjan, digital identity leaders focused on a common theme: building sustainable digital identity ecosystems that connect people, services and institutions. The conversation reflected Africa’s growing role as a global leader in national digital identity deployment, digital public infrastructure and cross-border interoperability. In the latest Biometric Update Podcast, Managing Editor Chris Burt speaks with Dr. Joseph Atick about the continent's digital identity progress, the countries leading deployment efforts and why long-term ecosystem development matters more than constantly chasing the next new initiative. “Sometimes, you know, funding organizations, they can say, well, but we funded this last year. What is new here? It feels like almost programming on network television. Like, let’s get something new to fund.” “That’s not what Africa needs. Africa needs continuity, needs sustainability, needs consistency across the board. And for that, I think the ecosystem is where we all need to buy in.” Atick describes digital identity as an ecosystem — one that is organic, interdependent and built through sustained investment rather than one-off projects. “You know, I’m a mathematician. In my old days, my career was math. And I’ve always appreciated the concept that richness does not require complexity. Richness can be built on the iteration of simple principles, but iterated many, many, many, many, many times.” The full conversation is available on the latest episode of the Biometric Update Podcast.

Listen now: SpotifyAppleYouTubePodbean

Runtime: 00:21:21]]> https://www.biometricupdate.com/202605/id4africas-joseph-atick-on-why-africa-is-setting-the-pace-for-digital-identity/feed 0 343541 UK selects Cognitec for facial age estimation in asylum assessments https://www.biometricupdate.com/202605/uk-selects-cognitec-for-facial-age-estimation-in-asylum-assessments https://www.biometricupdate.com/202605/uk-selects-cognitec-for-facial-age-estimation-in-asylum-assessments#respond Fri, 29 May 2026 17:38:07 +0000 https://www.biometricupdate.com/?p=343501 The UK government has selected a vendor for facial age estimation. The £322,000 ($433,745) contract begins on June 1, 2026 and runs for three years. The contract award notice lists established British IT provider Akhter Computers Limited as the main contractor, with biometrics services subcontracted to German facial recognition specialist Cognitec. The award moves facial age estimation from pilot and policy discussions into operational use within the UK's asylum system. It also places the technology at the center of a contentious debate over migration, children's rights and the role of AI in government decision-making. The contract comes as the Home Office formally incorporates facial age estimation into its asylum age-assessment framework. Newly published guidance explains how facial age estimation can be used to support immigration officers making initial decisions about whether undocumented arrivals should be treated as children or adults. The document outlines how facial age estimation can be used to classify asylum seekers. “Asylum seekers frequently arrive at the UK border with no official identity documents and so it can sometimes be difficult to know for sure which are children,” it says. “A child might look like an adult when they are not, and vice versa. Adult migrants sometimes claim to be children to prevent their removal and to take advantage of protections designed for minors. Sometimes children say they are adults to avoid being separated from friends. In some cases, a person simply doesn’t know their actual chronological age.” “If there is reason to doubt someone is the age they say they are, immigration officers must make an initial age decision to determine whether to treat them as a child or an adult. Facial age estimation, or FAE, can help the officials whose job it is to make these important decisions.” The guidance quotes a November 2025 Home Office policy paper, which stated, “early assessment suggests that facial age estimation is effective and could produce workable results much quicker than other potential methods, such as bone X-rays or MRI scans, and at a fraction of the cost.” The move comes as the Home Office faces scrutiny over the accuracy of existing age assessment processes. Home Office figures released this month showed that 326 people initially assessed as adults were later found to be children, raising questions about whether AI tools can improve consistency while avoiding new forms of error or bias.

Vendors take bias, accuracy seriously

Efficiency and cost-saving measures are all well and good. And the Home Office promises that FAE would “be used only as a supplementary tool for immigration officers, providing additional information to help them make initial age decisions.” Nonetheless, the use of biometrics and AI in immigration enforcement has historically attracted significant scrutiny from civil society groups and privacy advocates. The government appears to have foreseen criticism; the guidance includes a section addressing “misconceptions over how FAE will be used.” It distinguishes facial age estimation from facial recognition — "FAE estimates how old someone is. Facial recognition determines who someone is" — and insists that AI is not replacing human decision-making. The question that remains is, how much will this assuage those who will see “asylum seekers” and “biometrics” and immediately draw worrying conclusions? The guidance also acknowledges that “there is evidence in testing data that FAE performance can vary depending on ethnicity, skin tone, gender, place of birth and quality of input image. NIST found that error rates were almost always higher for female faces, although it didn’t find out why as testing was purely on performance rather than how algorithms work.” “Vendors take bias seriously and commercial FAE technology is trained to be representative of the broadest possible demographic range of potential users.”

Home Office takes different tone in defiant post

Appeals to fairness and technical efficiency, however, lose some of their tang when the same government publishes an article on LinkedIn boasting of “cutting-edge AI tech to curb fake under-18 claims and boost removals and deportations.” While one hand assures, the other makes aggressive gestures in the direction of “small boat arrivals posing as children.” The UK now sees 111,000 asylum seekers a year, and the issue has become a sore point in the country’s political landscape. “For too long, adult migrants making false age claims have exploited the system and diverted vital support away from children at risk,” says Minister for Border Security and Asylum, Alex Norris. “That is why we are rolling out AI technology to put a stop to this, ensuring those who game the system are identified, detained and removed without delay, and those who deserve support and protection are given it.” “We will continue to do whatever it takes to secure our borders.” The rhetoric contrasts with recently published Home Office figures showing that hundreds of asylum seekers initially assessed as adults were later determined to be children. Those findings have intensified debate over whether new technologies can reduce errors without creating new risks. Facial age estimation is being positioned as a way to improve consistency and reduce errors in asylum age assessments. Whether the technology can achieve that while satisfying concerns about bias, transparency and the treatment of vulnerable migrants is likely to determine how broadly it is accepted.]]> https://www.biometricupdate.com/202605/uk-selects-cognitec-for-facial-age-estimation-in-asylum-assessments/feed 0 343501 US states deepen mobile ID rollouts as focus shifts to verification and privacy https://www.biometricupdate.com/202605/us-states-deepen-mobile-id-rollouts-as-focus-shifts-to-verification-and-privacy https://www.biometricupdate.com/202605/us-states-deepen-mobile-id-rollouts-as-focus-shifts-to-verification-and-privacy#respond Fri, 29 May 2026 17:35:41 +0000 https://www.biometricupdate.com/?p=343510 Mobile driver's licenses are increasingly moving from pilot projects to identity infrastructure in the United States, as states expand digital credential programs and policymakers shift their attention from wallet adoption to questions of verification, privacy and data governance.   Arkansas residents can now add their driver’s licenses and state IDs to Apple Wallet, expanding the state’s mobile identity program from a standalone state app and Android wallet support into Apple’s native digital wallet ecosystem. The launch, announced by Idemia Public Security and the Arkansas Department of Finance and Administration, allows residents to present an Arkansas-issued driver’s license or state ID from an iPhone or Apple Watch at select Transportation Security Administration checkpoints, participating businesses, and supported apps and websites. Arkansas had already moved into Google Wallet and Samsung Wallet support last year, after first launching a state mobile ID app built with Idemia PS. Connecticut says it is close to launching a mobile ID option after years of planning. Illinois is advancing cleanup legislation for its digital driver’s license law. Arizona, meanwhile, is expanding its state digital wallet beyond identity credentials to include vehicle registration and title documents. The key policy question is no longer simply whether a driver's license can live on a phone. It is how the credential is issued, where the data is stored, who can verify it, and whether verification creates a record that can be tracked by governments, vendors, businesses or law enforcement. Arkansas' Apple Wallet implementation follows the privacy-preserving architecture Apple has promoted for other state mobile ID programs. Apple says its implementation supports the ISO/IEC 18013-5 mobile driver’s license standard, and Illinois’ Apple Wallet rollout says the state receives only the information needed to approve or deny enrollment, while the credential is encrypted on the user’s device after issuance. Apple and the issuing state do not know when or where the user presents the ID, according to Illinois’ Secretary of State. That is important because ISO/IEC 18013-5 is designed around cryptographic verification rather than a simple digital image of a license. A compliant mobile credential can be checked by a relying party using issuer-signed data and trusted public keys, meaning the verifier can confirm that the credential was issued by the state and has not been altered without necessarily querying a centralized identity database for each transaction. The American Association of Motor Vehicle Administrators Digital Trust Service is intended to support that model by giving relying parties a secure way to obtain issuing authorities’ public keys. Illinois appears closest to that model among the states now moving through implementation. The Secretary of State launched Illinois driver’s licenses and state IDs in Apple Wallet in November 2025, with users scanning their physical card, taking a selfie, and completing facial and head movement checks that are sent to the state for verification. Once approved, the ID is stored in Apple Wallet and users authenticate with Face ID or Touch ID before sharing requested information. A bill now heading to Gov. JB Pritzker would refine that system by replacing older “electronic credential” language with “mobile identification card” and making clear that law enforcement may not take physical possession of a user’s phone to verify the credential. Connecticut is less clear. DMV Commissioner Tony Guerrera has said the state hopes to launch a mobile ID in the coming months, and the DMV says the credential will be optional and not a replacement for a physical license or ID. Connecticut was named by Apple in 2021 as one of the early states planning support for IDs in Apple Wallet. If Connecticut launches through Apple Wallet or another ISO/IEC 18013-5-compliant mobile ID architecture, verification can be designed to avoid a centralized third-party transaction database. Publicly available information does not yet confirm all the implementation details. Arizona is different again. Its Arizona Wallet, built by AstreaX, is a state digital wallet app that can store mobile driver’s licenses, state IDs, vehicle registrations, titles, and insurance information. The Arizona Department of Transportation (ADOT) says the app now allows residents to view vehicle registration and title documents, receive expiration alerts, and link to AZMVDNow.gov for renewals. Arizona’s wallet is broader than a driver’s license app, and the App Store listing says users control what they share with digital verifiers and can share mDL or mID information through a QR code, while ADOT says residents can manage access to mobile vehicle documents through their state MVD Now dashboard. The larger trend is clear. States are increasingly building mobile identity systems around secure device storage, biometric device authentication, selective disclosure and cryptographic verification. Yet important differences remain in wallet architecture, governance models and verification flows, leaving open questions about interoperability, privacy and user control. As mobile IDs become more widely accepted for travel, commerce and government services, the debate is shifting from whether digital credentials should exist to how they are verified and governed. The next phase of adoption may depend less on wallet availability than on whether states can deliver privacy-preserving verification without creating new identity tracking risks.]]> https://www.biometricupdate.com/202605/us-states-deepen-mobile-id-rollouts-as-focus-shifts-to-verification-and-privacy/feed 0 343510 ICE expands field biometric identification with $25M iris recognition contract https://www.biometricupdate.com/202605/ice-expands-field-biometric-identification-with-25m-iris-recognition-contract https://www.biometricupdate.com/202605/ice-expands-field-biometric-identification-with-25m-iris-recognition-contract#respond Fri, 29 May 2026 17:09:02 +0000 https://www.biometricupdate.com/?p=343473 U.S. Immigration and Customs Enforcement (ICE) has issued a sole source award to Bi2 Technologies for iris biometric recognition technology intended to let ICE agents and 287(g) law enforcement partners rapidly identify people during field operations, according to a redacted justification for other than full and open competition. The award is valued at $25.1 million and covers more than 1,500 mobile iris scanners, access to Bi2’s mobile offender recognition system, and access to a biometric information system used for offender identification. The contract reflects ICE's continued investment in field-based biometric identification tools that allow officers to verify identities outside traditional booking environments. By combining iris recognition with fingerprint and facial-image matching and access to centralized identity records, the system is designed to support real-time identification of individuals who may be using aliases or fraudulent identity documents. ICE had announced its intention to award the contract earlier this month. The justification says ICE needs the additional devices because it previously purchased Bi2 equipment and requires compatibility with systems already in use. The document says no other vendor can meet the requirement because Bi2’s systems combine iris, fingerprint, and facial-image capture with real-time access to booking and criminal justice records. ICE argues the technology supports border and interior enforcement operations by helping agents identify people who may be using false identities. The agency also says the system gives 287(g) partners access to booking records and identity-validation information that may not appear in federal databases. The award follows a September 2025 firm-fixed-price contract to Bi2 worth about $4.5 million for the same general capability. The latest award significantly expands that deployment, increasing the number of mobile biometric devices available to ICE and participating local law enforcement agencies.]]> https://www.biometricupdate.com/202605/ice-expands-field-biometric-identification-with-25m-iris-recognition-contract/feed 0 343473 Sweden authorizes police use of live facial recognition https://www.biometricupdate.com/202605/sweden-authorizes-police-use-of-live-facial-recognition https://www.biometricupdate.com/202605/sweden-authorizes-police-use-of-live-facial-recognition#respond Fri, 29 May 2026 17:08:41 +0000 https://www.biometricupdate.com/?p=343454 Swedish police will be allowed to use live facial recognition (LFR) in cases involving kidnapping, human trafficking, serious crimes and threats to life under a new law approved by parliament. The decision marks a significant expansion of biometric surveillance powers in Sweden and places the country among a growing number of European states authorizing police use of the technology despite ongoing privacy and civil liberties concerns. The Swedish parliament, the Riksdag, voted on the government-proposed law on police use of AI for real-time facial recognition earlier this week. The new regulation is expected to come into force on July 1st, 2026 alongside amendments to the Public Access and Secrecy Act. The introduction of the technology in police work comes as the Scandinavian country struggles to contain gang violence. Over the past three years, 23 bystanders have been killed and 30 wounded in gangland shootings. The move comes as European governments increasingly weigh the potential security benefits of live facial recognition against concerns over privacy, proportionality and mass surveillance. The EU AI Act permits certain law enforcement uses of real-time biometric identification under narrowly defined circumstances, subject to judicial and regulatory safeguards. The new law outlines specific rules under which the Swedish Police Authority will be able to use the technology. According to the rules, the use of LFR must be proportionate and “absolutely necessary,” while permission to deploy the system must be obtained from the court. In urgent cases, LFR can be used without court permission, for example if a person is considered to be dangerous to the public, there is a risk that the person will commit more crimes or leave the country. In these cases, an application for permission must be made within 24 hours. The Swedish Police Authority will be permitted to use live facial recognition to locate or identify individuals in a limited set of serious circumstances. These include cases where a person is suspected of being a victim of kidnapping, human trafficking, or exploitation, or is a missing person believed to have fallen victim to a crime. Police could also use the technology when there is an imminent risk that someone may commit a serious offence posing a danger to another person's life or physical safety or has committed a serious crime carrying a maximum sentence of at least four years' imprisonment. Finally, the technology could be used to help enforce sentences against those already convicted of such offences. The decision on whether the use of LFR is proportionate will be reached on a case-by-case basis. Consideration will be given to the seriousness of the crime and whether the deployment of the tech would affect other people. The use of LFR will be supervised by the Swedish Authority for Privacy Protection (IMY). Before deploying it for the first time, the Swedish Police Authority and the Swedish Security Service will be required to conduct a fundamental rights impact assessment of the system in accordance with Article 27 of the EU AI Act. Sweden's minority right-wing government, which relies on support from the far-right Sweden Democrats, has been advancing a series of proposals targeting crime and immigration ahead of the general election on September 13th. The requirement for court authorization, oversight by Sweden's privacy regulator and compliance with the EU AI Act reflects the increasingly complex regulatory framework governing police use of biometric surveillance technologies across Europe.]]> https://www.biometricupdate.com/202605/sweden-authorizes-police-use-of-live-facial-recognition/feed 0 343454