Biometric Update https://www.biometricupdate.com Biometrics News, Companies and Explainers Fri, 26 Jun 2026 17:41:07 +0000 en-US hourly 1 66434804 Pressure grows to suspend EES checks during European summer travel https://www.biometricupdate.com/202606/pressure-grows-to-suspend-ees-checks-during-european-summer-travel https://www.biometricupdate.com/202606/pressure-grows-to-suspend-ees-checks-during-european-summer-travel#respond Fri, 26 Jun 2026 17:32:22 +0000 https://www.biometricupdate.com/?p=346620 Airports in Rome are considering suspending the Entry-Exit System (EES) during the summer travel season. Marco Troncone, chief executive of Aeroporti di Roma (ADR), warned on Thursday that allowing passengers to skip the biometric border registration scheme was the only way to avoid a “disaster” in the coming weeks. “We are very worried for the summer,” Troncone told The Financial Times. “The process proves to be incompatible with the peak volumes that we are going to face. So the only way is to open up the valve. There is no way that we can deliver 100 percent of the enrollment.” Aeroporti di Roma manages Rome Fiumicino Airport and Rome Ciampino Airport. Italian airports are not the only ones struggling with the rollout of the system. On Tuesday, Stefan Schulte, president of industry group Airports Council International Europe (ACI EUROPE), said that airports “urgently need full flexibility for border control authorities to suspend the EES whenever needed.” Schulte notes that the decision on suspensions is left to individual governments, not to airports themselves. Politicians should “stop pretending… that the EES is working just fine,” he told the BBC. He also cautioned that the summer peak extends well beyond early September, and that failure to address it could result in a total system breakdown. “Passengers are queuing for hours at peak traffic times and I just do not know how we will be able to cope in the coming weeks with the expected increase in traffic,” says Schulte, who is also head of the company that owns Frankfurt Airport. The International Air Transport Association (IATA) has previously warned that waiting times for passport checks this summer could reach six hours. UK travelers, in particular, have been suffering through long queues and missed flights. Last week, a Ryanair flight from Athens to London reportedly left without 20 to 50 passengers due to passport control delays. Similar scenes played out in April, when just 34 of 156 passengers managed to board their easyJet flight from Milan to Manchester due to the EES rollout. Last month, Greek officials said they would exempt British visitors from biometric registration upon arrival in the country for summer holidays, but the Greek Foreign Ministry later denied the claim. According to the EES rules, all third-country nationals must register their facial and fingerprint when entering the Schengen Area. To prevent long queues, the European Commission has allowed all 29 Schengen countries that use the system to partially suspend EES operations throughout the summer. The EU, however, does not plan to soften the new border regime after September, with Frontex warning last week that queues could persist for another two years.]]> https://www.biometricupdate.com/202606/pressure-grows-to-suspend-ees-checks-during-european-summer-travel/feed 0 346620 Tasmania removes driver photos from national face biometrics database https://www.biometricupdate.com/202606/tasmania-removes-driver-photos-from-national-face-biometrics-database https://www.biometricupdate.com/202606/tasmania-removes-driver-photos-from-national-face-biometrics-database#respond Fri, 26 Jun 2026 16:46:47 +0000 https://www.biometricupdate.com/?p=346609 Tasmania’s government has pulled 468,000 driver’s licence photos from a national facial recognition database over concerns about biometric data security. Pulse Tasmania reports that the images were uploaded to a segregated section of the National Driver Licence Facial Recognition Solution between December 2018 and December 2020, without the consent of license holders and before federal laws were in place to govern the system. “In July last year, noting we have not entered into a participation agreement with the Australian government, we have chosen to have all of the Tasmanian driver’s licence images removed and associated data removed from that system,” says deputy secretary of transport Cynthia Heydon. Meg Webb, a member of Tasmania’s Legislative Council who has pushed since 2020 for the images to be removed, says the move is welcome. But she notes the contradiction inherent in a potential state government mandate for biometric verification at gambling venues. “If the safety of Tasmanians’ sensitive facial and biometric data cannot be guaranteed when held by a national government database, how on earth can it be considered safe when collected by state gambling venues?” Webb says. The proposal, which includes mandatory facial recognition at venues with gaming machines (or “pokies”) replaces plans for a pre-commitment card.]]> https://www.biometricupdate.com/202606/tasmania-removes-driver-photos-from-national-face-biometrics-database/feed 0 346609 Moldova launches EVO 2.0, signs digital partnership with Mastercard https://www.biometricupdate.com/202606/moldova-launches-evo-2-0-signs-digital-partnership-with-mastercard https://www.biometricupdate.com/202606/moldova-launches-evo-2-0-signs-digital-partnership-with-mastercard#respond Fri, 26 Jun 2026 15:47:44 +0000 https://www.biometricupdate.com/?p=346599 Mastercard has announced the launch of a Digital Country Partnership program in Moldova, pledging to collaborate with the government on projects such as digital identity and payments, remote onboarding and the development of the European Digital Identity (EUDI) Wallets. The initiative was announced on the sidelines of the Moldova Digital Summit earlier in June, where Moldova also introduced the latest version of its eIDAS-compliant national digital ID wallet. EVO 2.0 is set to enable citizens to access and share verified documents and personal data directly from their phones, according to the Moldovan Ministry of Economic Development and Digitalization. The partnership with Mastercard will help the Eastern European country achieve its digitalization plans, head of the Ministry Eugeniu Osmochescu, said during the Summit, which was held on June 5th and 6th in Chișinău. Moldova has already made significant progress in digital public services, with nearly 80 percent of services for businesses now available online. In 2025, digital public services saved citizens and businesses 44 million euros (US$50.2 million). “We know that no country can achieve this transformation alone. The most innovative ideas, technologies and expertise are created through collaboration, which is why we are building strong partnerships with global leaders such as Mastercard,” says Osmochescu, who is also serving as the country’s Deputy Prime Minister. Mastercard plans to collaborate with the Moldovan government in five main areas, including the digital economy, which also includes payments and identity. Another project involves working with small and medium enterprises (SMEs), freelancers, and independent professionals to improve productivity, compliance, payments, and onboarding. The payments giant also plans to assist the country in digitizing consular and diplomatic services through payments and collaborate on policymaking. “Moldova has made significant progress in digitalization over the past years, and our ambition is to become one of the most digitally advanced countries in the region,” adds Osmochescu. Mastercard’s Digital Country Partnership with Moldova follows the company's signing of similar agreements with Romania and Ukraine. The program attempts to leverage Mastercard’s technology and data insights in the public sector. In Romania, the company is set to take a larger role by directly participating in the development of a national digital ID wallet. Under the five-year deal, the Romanian state will retain ownership and administration of the ecosystem, while Belgian-incorporated Mastercard Europe SA will be limited to serving as a technical service provider.]]> https://www.biometricupdate.com/202606/moldova-launches-evo-2-0-signs-digital-partnership-with-mastercard/feed 0 346599 IAD procurement, testing and deployment criteria clarified by expert panel https://www.biometricupdate.com/202606/iad-procurement-testing-and-deployment-criteria-clarified-by-expert-panel https://www.biometricupdate.com/202606/iad-procurement-testing-and-deployment-criteria-clarified-by-expert-panel#respond Fri, 26 Jun 2026 15:37:50 +0000 https://www.biometricupdate.com/?p=346589 The injection attacks powering a wave of digital fraud can be stopped, but not with liveness detection or deepfake detection, even though they spoof liveness, often with deepfakes. Procuring and deploying effective defense against biometric injection attacks means building a comprehensive software stack around data capture processes and selecting injection attack detection (IAD) technology that has been through repeated, independent testing, panelists in a webinar hosted this week by Biometric Update agreed. Alan Goode, CEO and chief analyst at Goode Intelligence, framed the rise of injection attacks as a shift by the fraud industry in part responding to the effectiveness of presentation attack detection (PAD) introduced to thwart biometric spoofing. Other panelists picked up on this point during the presentation as well. Goode forecasts that there will be more than 300 million injection attacks in 2028. This shift, and recognition of it in regulations around the world, are among key drivers identified in the 2026 Injection Attack Detection Market Report and Buyers Guide from Biometric Update and Goode Intelligence. Mitek Systems Senior Manager, Product Management Becky Kiichle-Gross emphasized the importance of securing the capture channel with a full stack of technologies that covers the user, device, code, session, payload and image. Organizations looking to implement IAD in their stack cannot simply look up a trusted ranking of how effective they are, however. Ted Dunstone, CEO of BixeLab, explained the current state of IAD testing, which is not yet backed by a completed ISO standard, but does provide critical insight to both buyers and developers of IAD. Innovatrics’ IAD works by binding the physics characteristics measured by smartphones to the pixels in images, says the company’s Enterprise Architect and Injection Attack Prevention Lead Filip Stiglic. Panelists agreed that educating the market on the difference between deepfake detection, PAD and IAD and how the three elements fit together remains a priority. Kiichle-Gross pointed out that not all deepfakes are delivered as injection attacks, and Stiglic noted that injection attacks can be carried out with images that are fraudulent but not deepfaked, such as people who are unwittingly filmed or photographed. This is why the full stack of different software layers is necessary to defend the integrity of face biometrics.]]> https://www.biometricupdate.com/202606/iad-procurement-testing-and-deployment-criteria-clarified-by-expert-panel/feed 0 346589 Congress opens $69.5 billion pipeline for border tech, biometric expansion https://www.biometricupdate.com/202606/congress-opens-69-5-billion-pipeline-for-border-tech-biometric-expansion https://www.biometricupdate.com/202606/congress-opens-69-5-billion-pipeline-for-border-tech-biometric-expansion#respond Fri, 26 Jun 2026 15:32:21 +0000 https://www.biometricupdate.com/?p=346580 Congress has approved nearly $70 billion in new Department of Homeland Security (DHS) funding through 2029, creating a major new pool of money for border surveillance, immigration enforcement, identity systems, and investigative technology while leaving unclear how much will be spent directly on facial recognition, fingerprinting, iris scans, or other biometric tools. The Secure America Act, signed into law June 10, appropriates $69.545 billion across Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HIS), and two additional DHS funding accounts. The law includes a $3.45 billion CBP account for border security, technology, and screening that expressly permits spending on the government’s biometric entry-exit system. But Congress did not assign a separate dollar amount to biometric entry-exit, facial recognition, fingerprints, iris recognition, or any named biometric platform. Instead, biometric entry-exit is one authorized use within a larger account that also covers nonintrusive inspection equipment and related civil works, AI, machine learning, air and marine platforms, border surveillance technology, drug-interdiction efforts, and CBP mission support and operations. The $3.45 billion account is therefore the clearest new biometric-related funding stream in the legislation. It may be used for necessary expenses, including technology deployment, related to the biometric entry-exit system required under the Intelligence Reform and Terrorism Prevention Act of 2004. The same account can finance new inspection equipment and associated construction, including AI and machine-learning tools, as well as surveillance technology along the southwest, northern, and maritime borders. The law also limits how CBP may use the technology money for surveillance towers. Funds may not be used to procure or deploy towers along the southwest or northern borders unless CBP has tested and accepted them to deliver autonomous capabilities. The statute defines autonomous capabilities as systems designed to use AI, machine learning, computer vision, or other algorithms to accurately detect, identify, classify and track items of interest in real time, and to make operational adjustments without active personnel engagement or continuous human command and control. The biometric-related account is only one component of the larger package. CBP receives $9.55 billion to hire, pay, train and equip Border Patrol agents and support personnel for functions other than immigration-enforcement and customs functions; $13.02 billion for agents, support staff and operations tied to immigration-enforcement activities; and the $3.45 billion technology and screening account. ICE receives $31.075 billion for enforcement and removal operations. The account may be used for personnel, transportation, information technology maintenance and sustainment, fee collection improvements, body-worn cameras, facility and fleet operations, legal staff, and expanded agreements with state and local agencies under Section 287(g). The ICE appropriation also requires that at least $350 million be spent on detainer management, detainer issuance, custodial transfers, release monitoring, transportation, and arrests involving specified “covered unlawful aliens” encountered in jurisdictions that are not qualified cooperating jurisdictions. That is not biometric funding, but it supports enforcement operations in which mobile identity checks, federal databases, and information sharing systems may play a role. A separate $7.45 billion appropriation supports HSI personnel, mission support, and operations. The statute specifies that the money is for functions other than HSI’s immigration enforcement and customs enforcement missions. Still, the HSI account includes a significant identification and forensic component. The law requires that $108.5 million be used to hire, pay, and equip additional child exploitation investigators and forensic analysts at HSI’s Victim Identification Laboratory, the Cyber Crimes Center, and HSI field offices. The money is intended to support the identification and rescue of child sexual exploitation victims and to train state and local law enforcement personnel in identifying victims. Congress also appropriated two additional $2.5 billion DHS accounts. The first is available for purposes authorized in the Homeland Security and Governmental Affairs title; the second is available for purposes authorized in the Judiciary title and specified provisions of the earlier reconciliation law. Neither account includes a biometric earmark. The result is a funding structure that gives DHS substantial room to decide how money will be allocated among technology, personnel, surveillance, enforcement operations, and support systems. Congress preserved biometric entry-exit as an authorized use of a multibillion-dollar CBP technology account while also expanding adjacent infrastructure, including AI-enabled inspection tools, surveillance systems, information technology, body-worn cameras, removal operations, local law enforcement partnerships, forensic laboratories, and field personnel. What remains unknown is how CBP will divide the $3.45 billion technology account. The act includes no separate funding breakout for facial comparison, fingerprint matching, identity databases, cameras, contractor support, software integration, or biometric collection at airports, land crossings, and seaports. Nor does the statute identify how much of the broader ICE and DHS appropriations may ultimately support mobile identification tools or systems linking state and local officers to federal identity records. Those details will be fleshed out through DHS allocation decisions, spending plans, procurement notices, and contract awards.]]> https://www.biometricupdate.com/202606/congress-opens-69-5-billion-pipeline-for-border-tech-biometric-expansion/feed 0 346580 Ethiopia builds DPI to power sovereign digital state https://www.biometricupdate.com/202606/ethiopia-builds-dpi-to-power-sovereign-digital-state https://www.biometricupdate.com/202606/ethiopia-builds-dpi-to-power-sovereign-digital-state#respond Fri, 26 Jun 2026 14:53:39 +0000 https://www.biometricupdate.com/?p=346572 Ongoing efforts by the government of Ethiopia to build a digitally sovereign state were in the spotlight recently during the MESOB Innovation Exhibition event which took place in the capital Addis Ababa. The event, which brought together several tech startups and other industry stakeholders, was an opportunity to further reflect on how the country is trying to build its sovereignty stack, a convergence around identity, finance, data governance, and infrastructure hemmed into a single and interoperable ecosystem that will define national autonomy in the medium and long term. MESOB is a platform built to drive digital government services in Ethiopia, with 185 government services already integrated with the super app. Ethiopia is running the second largest digital ID project in Africa, after Nigeria, with more than 40 million people already registered for it, a testimony to its growing scale and adoption. Through the foundational identity known in the local language as Fayda, it is also building other public infrastructure, integrating services with passport applications being the latest in series, and streamlining how people get authenticated for service delivery. According to an analysis by the Institute of Foreign Affairs, Ethiopia is not just digitizing services; it is building the institutional muscles needed to govern in an increasingly networked world. The piece argues that just as roads and power grids once defined state reach, digital infrastructure such as the Fayda digital ID and the Telebirr payment system now define the state's operational coherence and economic visibility. Combined with a robust data protection framework (Proclamation No. 1321/2024), Ethiopia is seen as trying to build a system where trust is institutionalized, like Kenya is trying to do, and one that ensures citizens engage with digital services because they are convinced the state can protect their data. These DPI efforts, according to the analysis, are also helping to build trust architecture by reducing the friction between citizens and institutions, allowing the state to see, serve, and tax its economy in ways that were previously impossible. In some ways, the write-up qualifies the efforts as moving Fayda beyond a card to something that acts as the nervous system connecting finance, health, and education, to mention just a few. Ethiopia's sovereignty push mirrors a growing global trend whereby DPI is no longer seen as a technical supplement to governance, but as its very foundation. Other countries like Papua New Guinea are leveraging domestic and international partnerships to address digital skills and capacity gaps in their sovereignty push. As part of the sovereignty dynamic, the Ethiopian government is also looking toward self-reliance on national data cloud and the manufacturing of digital devices under the Ethiopia National Cloud initiative. Prime Minister Abiy Ahmed says the facility is being built at the Ethiopian Artificial Intelligence Institute and it will have a capacity that surpasses that of all existing data infrastructure in the country. In May, the PM mentioned that the cloud infrastructure could be available within 18 to 24 months, adding that it will go a long way in driving the country's digital transformation efforts.]]> https://www.biometricupdate.com/202606/ethiopia-builds-dpi-to-power-sovereign-digital-state/feed 0 346572 One Identity now independent, will set up shop in Cork to focus on identity security https://www.biometricupdate.com/202606/one-identity-now-independent-will-set-up-shop-in-cork-to-focus-on-identity-security https://www.biometricupdate.com/202606/one-identity-now-independent-will-set-up-shop-in-cork-to-focus-on-identity-security#respond Fri, 26 Jun 2026 14:47:02 +0000 https://www.biometricupdate.com/?p=346563 One Identity is becoming an independent company and shifting its operations to Europe. A release from the firm says it will set up a new global headquarters in Cork, Ireland, and provide unified identity governance in a bid to capitalize on a combined identity governance and administration (IGA) and privileged access management (PAM) market estimated at around $10 billion. “Identity is now the control plane for enterprise security,” says Praerit Garg, CEO of One Identity. “Almost all security breaches can be traced back to identity compromises. Most organizations are still governing it with tools that were built for a different era. AI is accelerating the problem faster than most organizations realize: every agent and every automated workflow are identities that need to be governed. Our customers are dealing with environments that are more distributed and harder to govern than anything legacy frameworks were designed for.” Garg says operating as a standalone company “gives us the focus this problem requires and the speed our customers demand.” Per the release, more than 80 percent of the One Identity engineering organization is based in Europe, including Chief Technology Officer Gihan Munasinghe and other key leadership roles. The move is therefore a natural step, building on long-standing investment across the United Kingdom, Germany, Ireland, and elsewhere in Europe. One Identity was founded in 2016 when it was separated from cybersecurity company SonicWall in Dell’s sale of its software group to private equity firms Francisco Partners and Elliott Management. As part of this transaction, Dell Software also became its own entity, Quest Software, and although One Identity was spun off as an independent brand, it remained part of the Quest family. In 2021, the company acquired OneLogin, a provider of identity and access management software; OneLogin has since become its main product. One Identity recently named Michael Henricks as its new chief financial and operating officer, and Randy Menon as chief product and marketing officer.]]> https://www.biometricupdate.com/202606/one-identity-now-independent-will-set-up-shop-in-cork-to-focus-on-identity-security/feed 0 346563 AI fraud drives banks toward biometric identity defenses https://www.biometricupdate.com/202606/ai-fraud-drives-banks-toward-biometric-identity-defenses https://www.biometricupdate.com/202606/ai-fraud-drives-banks-toward-biometric-identity-defenses#respond Thu, 25 Jun 2026 20:32:28 +0000 https://www.biometricupdate.com/?p=346540 New survey data from KPMG shows a majority of banking executives preparing for AI to cause major disruptions to established business models. The 2026 Banking Technology Survey says 80 percent of respondents anticipate “significant shifts” over the next three-to-five years, and are making adjustments accordingly. “What we’re seeing across the banking sector is a convergence of priorities – AI, payments modernization, cybersecurity, and tech-driven M&A are no longer separate agendas,” says Peter Torrente, who leads KPMG’s U.S. Banking Sector activity, in a release. “That shift exposes the challenge to keep pace across technology, risk, and growth simultaneously.” Headline numbers show a cascade effect: 76 percent of banking executives say they have seen an increase in the number of cybersecurity attacks on their banks in the last year. In response, 92 percent are increasing their budgets to address the risk. And 84 percent are increasing cybersecurity investment specifically to address risks introduced by AI. Operational efficiency and automation is receiving the most investment in the next 12 months, but security and fraud prevention is a close second. Among top threats are AI-introduced vulnerabilities in code, deepfakes and securing agentic technologies. Eighty percent of banks are implementing regular audits to ensure data security, privacy and compliance. Notably, uptake in adoption of biometric tools is set to increase; 32 percent of banking leaders say they are already using AI-enabled biometrics to secure payments and access management  – but 72 percent plan to integrate the technology over the next three years.

Defense tools must evolve at speed of fraud

An article from J.P.Morgan dives into fraud in the age of AI. Insights from authors Vincent Meluzio from J.P. Morgan Payments and Douglas Wilbert from Accenture are consistent with the larger industry view: “fraud risk is on the rise, yet 60 percent of surveyed financial institutions do not have a dedicated response plan with forensic tools to investigate agent-driven fraud.” Defense technologies “must evolve as fast as the threats they’re designed to counter.” “A static defense posture is a losing one. But technology is only part of the equation. It works best when complemented by fundamentals: knowing where to verify against an authoritative source, knowing what questions to ask and recognizing when something doesn’t feel right.” The authors advocate for a culture of vigilance that includes training and clear escalation protocols, and note the importance of collaboration: “no single organization can solve the problem of deepfake fraud alone. By sharing intelligence, best practices and technology innovation, organizations can strengthen collective defenses in ways no one can achieve independently.”

Synthetic identities become banking's next fraud battle

Proof’s latest post in its Fraud Files series looks at “Stolen Credentials, Fake Biometrics, and the Synthetic Identity Wave.” The piece says core assumptions about identity verification – “that some information stays secret, that documents can be trusted, and that a face in a camera is a real face” – are under “sustained, commercial-scale attack.” It cites analysis from Shattered.io, drawing on research from Flashpoint and DeepStrike, which shows that infostealer malware exfiltrated more than 1.8 billion credentials from 5.8 million infected devices in 2025 alone. “DeepStrike found that stolen passwords and session cookies now appear in 86 percent of data breaches. Stolen logs are bought, repackaged, and resold through dark web marketplaces that operate like subscription services.” Stolen identity data can be used to create synthetic identities. Proof says synthetic identity fraud is “the defining threat of 2026.” “Fraudsters combine real SSNs, addresses, and birth dates with fabricated names and manufactured credit histories to create identities that have never existed, yet can pass onboarding checks.” These fake identities can accumulate credit histories over time; “by the time a synthetic identity executes fraud, it may have a year or more of clean transaction history behind it.” U.S. unsecured credit losses tied to synthetic identity fraud are projected to exceed $3.1 billion in 2026, and the threat is growing at roughly 16 percent annually. A major vector for synthetic identity attacks is injection. Injection attacks bypass the camera to work on the software or hardware level, “injecting pre-generated synthetic media directly into the video stream before verification occurs, so the system processes a manufactured image from the start.” No longer the domain of technical specialists, these fraud tactics are available on the commercial market. “The Deepfake-as-a-Service market has a customer support channel, subscription tiers, and repeat buyers. Biometric injection attacks are straightforward commercial transactions.” A takeaway is that layered defenses combining biometric verification, device analysis and behavioral risk scoring are now a baseline requirement. “Static attributes can’t anchor identity. Each of these attack patterns works because it targets a system built on the wrong foundation.”

Entrust adds biometric risk-based authentication

Entrust has launched “a new approach to preventing account takeover in the age of AI.” According to a release, the Entrust Biometric Authentication product combines biometric identity verification with adaptive risk-based authentication to protect critical and high-risk interactions. It takes the verified identity established at enrollment and “extends it across every access point and interaction,” anchoring it to a biometric check, providing defense against presentation, injection, and deepfake attacks by requiring identity assurance at key moments. “Too many organizations are treating authentication as a login problem, but attackers have already moved beyond access,” says Mike Baxter, chief technology and product officer at Entrust. “Preventing account takeover in the age of AI requires confirming the person behind every interaction. Entrust helps organizations apply the right level of assurance at the right moments while delivering secure, low-friction experiences.” Per the release, the solution uses three authentication methods, designed for different levels of risk. A biometric passkey provides biometric authentication at high-risk moments by binding authentication to a verified human identity. Face authentication speeds up everyday verification and step-up authentication. And motion authentication helps defend against deepfake, replay, and injection attacks in high-assurance use cases with ISO/IEC 30107-3 PAD Level 1 & 2 conformant liveness detection, independently tested by iBeta Quality Assurance.

Banks accelerate fraud technology spending

A new survey commissioned by behavioral biometrics firm BioCatch notes the “disconnect between detection and investigation” at play in the Benelux market. “While banking leaders in the region report relatively strong confidence in their fraud controls, 82 percent say their bank still spends more than a day investigating fraud cases, which is significantly above the global average,” says BioCatch Director of Global Fraud Intelligence Thomas Peacock, in a release. However, investment is coming. “Benelux respondents overwhelmingly say their bank plans to upgrade its fraud prevention technologies, with 92 percent reporting planned investments and 59 percent saying their organization is either already implementing new solutions or actively evaluating vendors.”

Voice biometrics joins layered defenses

Voice security products provider Illuma is partnering with UK Credit Union to bring advanced authentication and fraud prevention capabilities to the credit union’s contact center and self-service channels, according to a release. UK Credit Union will implement Illuma’s IllumaSHIELD platform, which offers real-time voice authentication technology as the core offering, with options to add advanced fraud prevention, adaptive multi-factor authentication (MFA), deepfake detection, and human-AI collaborative intelligence. The platform continuously evaluates risk, allowing the credit union to step up authentication when needed. “AI-driven fraud is forcing financial institutions to rethink how they secure the voice channel,” said Milind Borkar, CEO of Illuma. “UK Credit Union is taking a forward-looking approach by adopting voice security that continuously verifies identity, blocks threats in real time, and improves both the member and agent experience – while eliminating friction from every interaction.”]]> https://www.biometricupdate.com/202606/ai-fraud-drives-banks-toward-biometric-identity-defenses/feed 0 346540 NJ Supreme Court upholds police FRT disclosure requirement https://www.biometricupdate.com/202606/nj-supreme-court-upholds-police-frt-disclosure-requirement https://www.biometricupdate.com/202606/nj-supreme-court-upholds-police-frt-disclosure-requirement#respond Thu, 25 Jun 2026 20:26:36 +0000 https://www.biometricupdate.com/?p=346549 New Jersey Supreme Court has unanimously ruled that law enforcement in the state must disclose its use of facial recognition during investigations as part of the discovery process in court proceedings. The decision partly sides with the state though, in excluding proprietary information like the source code of the facial recognition software used from the discovery demands. The ruling in State v. Miles (via Thomson Reuters) partially reverses the decision by a state appellate court that relied on an interpretation of State v. Arteaga that State Supreme Court Justice Lee Solomon Fasciale described as overly “mechanical” in allowing the demand for source code as part of discovery. The court ruled in Arteaga that police were obligated to disclose 13 pieces of information about the facial recognition system used by detectives before laying charges, which the appellate court took as precedence in Miles. “Such discovery cannot be reduced to a rigid thirteen-item checklist; a defendant’s entitlement varies depending on the specifics of the case,” writes Fasciale. In Miles’ case, New Jersey police must disclose the facial recognition software and data they used before they charged him with first-degree murder, along with how they used it. “Metrics of performance” are included, and Arteaga asked for (and was granted) NIST FRVT results as one of the 13 points, but the key items are the biometric software’s name and developer, what reference database was used, all versions of the probe image used and the match candidates returned. Some of this information was already provided by the prosecution after lower court decisions. Miles’ case had attracted the support of the ACLU, the Innocence Project and the EFF.]]> https://www.biometricupdate.com/202606/nj-supreme-court-upholds-police-frt-disclosure-requirement/feed 0 346549 US lawmakers say Texas Store Accountability Act should be allowed to stand https://www.biometricupdate.com/202606/us-lawmakers-say-texas-store-accountability-act-should-be-allowed-to-stand https://www.biometricupdate.com/202606/us-lawmakers-say-texas-store-accountability-act-should-be-allowed-to-stand#respond Thu, 25 Jun 2026 18:30:59 +0000 https://www.biometricupdate.com/?p=346519 While most of the world calmly comes to terms with new regulations on social media, app stores and online platforms, the U.S. is engaged in a tug-of-war between lawmakers and lawyers for Big Tech who have leaned hard on the First Amendment in their attempts to quash online safety legislation. Senate Bill 2420 (SB 2420) is Texas’ law imposing age assurance requirements on app stores. Like most age assurance laws across the U.S., the App Store Accountability Act faces a legal challenge from industry: in this case, an injunction sought by the Computer & Communications Industry Association (CCIA), which represents major app store operators and app developers. Initially granted, the injunction was stayed earlier this month when the U.S. Court of Appeals for the Fifth Circuit sided with Attorney General Ken Paxton, pausing the injunction until further legal notice. Apple has complied with the law as its legal engine continues to try and crush it. Now, attorneys general from 27 states have filed an amicus brief urging the Supreme Court of the United States to leave the law in place. Their arguments address the questions of parental rights, free expression and corporate intent. The law, they say, “furthers the important interest of parents’ rights,” to which Texas has repeatedly demonstrated its commitment. And it “regulates commercial transactions, not expression” – a key differentiator from platform-level measures on social media. “SB2420 clearly doesn’t directly regulate expression. It requires app stores and app developers to comply with several regulations before they can attempt to contract with minors. That is not itself speech – it is a commercial transaction.” Finally, “SB2420 is necessary given the deficiencies in voluntary safeguards for apps.” As to objections that app stores already have effective safeguards in place, the attorneys general say they “blink reality.” “The lack of current controls is especially well-documented in the social media context,” they write. “Platforms have long had parental controls, but they have made no dent in child addiction.”

Argument against identity verification misses target

Commentary published in Texas Policy Research suggests that, “for supporters of SB 2420, the issue is straightforward. They argue that states have long regulated commercial transactions involving minors and that app stores should not receive special exemptions from rules designed to protect children.” The piece likewise notes that proponents of the law are “increasingly framing the issue as one of parental rights, consumer protection, and state authority over commercial transactions involving minors.” This pivots away from free speech – and could have broader legal implications for social media and other platforms facing age assurance requirements. But it errs in its argument about digital permission structures. “Supporters characterize the law as a consumer protection measure focused on children,” it says. “In practice, however, enforcing the law requires app stores and developers to determine who is a child, who is an adult, who is a parent, and whether parental consent has been granted. That process necessarily requires some form of identity verification.” This is simply not true. As structured, the law requires app stores to verify a user’s age using “commercially reasonable methods.” There exists a diverse market for privacy preserving age assurance methods – facial age estimation, for instance, or double-blind tokenization – which do not perform identity verification at all. That said, the concern appears to be more infrastructural: not limited to any specific technology, but instead focused on “the broader principle that free citizens should not be required to surrender anonymity or obtain permission before engaging in lawful activity.” “While SB 2420 does not establish a government-operated digital identification system, it creates regulatory incentives for increasingly sophisticated identity verification mechanisms. Whether those systems rely on government-issued identification, third-party verification services, biometric tools, financial records, or other forms of credentialing, the practical effect is similar. Access to lawful digital products and services becomes increasingly dependent upon proving identity.” “Today, the requirement applies to app stores. Tomorrow, lawmakers could make similar arguments regarding social media platforms, online marketplaces, artificial intelligence tools, streaming services, search engines, gaming platforms, or other digital services used by minors.” The article raises privacy concerns, and pokes a little at free speech as a problem that SB 2420 does not, ostensibly, solve. The gist of it is that “Texas Policy Research maintains concerns about SB 2420.” “What begins as a narrowly tailored child safety measure can eventually become a broader framework governing access to lawful information, services, and speech,” it says.

NetChoice says age assurance is to control speech, advocates for more police

For now, social media firms continue to hammer the bell of free speech through their legal lobby, NetChoice. Its latest target is Puerto Rico’s proposed “Law for the Digital Safety and Well-being of Minors,” PC 1136, which would establish a minimum age of 16 for access to and use of social media platforms in Puerto Rico, “provide the supervisory and sanctioning powers of the Telecommunications Bureau” and “establish age verification requirements for providers.” NetChoice presents itself as “a trade association working to make the internet safe for free enterprise and free expression,” falling to mention that its members include Meta, TikTok and Snap. It alleges that PC 1136 “suffers from significant constitutional flaws” – namely, that “PC 1136 is unconditional under the First Amendment,” that “it would put Puerto Rican’s privacy and data at risk, leaving them vulnerable to breaches and crime,” and that “the bill violates parental rights.” The letter is mostly familiar fare from NetChoice; however, it is notable for mistakenly asserting that Puerto Rico’s law aims to establish a minimum age of 14, not 16; and for the unintentionally hilarious statement, “other nations, including Iran and Australia, have also taken steps to curtail online speech.” PC 1136 mentions Australia as a model for its legislation: “similar to the Australian model, Puerto Rico seeks to shift technological responsibility to the multi-billion dollar companies that operate these platforms, requiring them to implement robust and secure age verification systems.” NetChoice, however, is not much for subtlety, or irony. In another tirade, the organization suggests that the UK’s wildly popular social media legislation was responsible for the downfall of soon-to-be-ex-Prime Minister Keir Starmer, says the goal of age verification is to control online speech, and suggests as an alternative its Digital Safety Shield policy framework, which begins with recommendations to increase funding to law enforcement and incarcerate more “predators and cybercriminals who target children on digital services.”]]> https://www.biometricupdate.com/202606/us-lawmakers-say-texas-store-accountability-act-should-be-allowed-to-stand/feed 0 346519