- VU renewed its iBeta ISO/IEC 30107-3 Level 1 and Level 2 certification for its active liveness solution.
- IAPAR was 0%: no attack was accepted as a genuine user.
- The certification reinforces technical evidence for fraud, compliance, product, and security teams.
VU renewed its iBeta ISO/IEC 30107-3 certification with 0% attack acceptance
Liveness is the new perimeter of digital identity.
When a user faces the camera and says "this is me," the platform has to tell real presence apart from impersonation. If that single point fails, the rest of the flow inherits a false trust: onboarding, authentication, account, credential, or transaction.
The pressure has increased. Deepfakes, 3D masks, screen-replayed videos, manipulated documents, and synthetic identities have lowered the cost of attacking biometric flows. That is why presentation attack detection cannot rely on vendor claims. It needs independent evidence.
VU has renewed its iBeta ISO/IEC 30107-3 Level 1 and Level 2 certification for its Secure Onboarding Process. The result: 960 presentation attacks evaluated and 0% attack acceptance.
Recertification confirms resistance to presentation attacks
iBeta Quality Assurance evaluated VU's Secure Onboarding Process under the ISO/IEC 30107-3 standard, the international norm for biometric presentation attack detection testing and reporting.
IAPAR stands for Imposter Attack Presentation Accept Rate: the rate of presentation attacks that the system incorrectly accepts as genuine. In this retest, IAPAR was 0%.
The relevant data point is not just the score. It is the recertification itself. In an environment where attack vectors shift quickly, an old certification is not enough to demonstrate current protection.
ISO/IEC 30107-3 defines how liveness is measured
ISO/IEC 30107-3 defines criteria for evaluating biometric systems against presentation attacks. That is: attempts to fool the system with photos, videos, masks, replays, or artifacts designed to simulate a real person.
VU's certification covers two evaluation levels:
- Level 1 — low-cost, easily accessible attacks, such as printed photos, screen images, or videos replayed from another device.
- Level 2 — attacks that require more preparation, time, or investment, such as 3D masks, silicone masks, and higher-fidelity impersonations.
- iBeta Quality Assurance — NVLAP/NIST-accredited laboratory under Lab Code 200962 for biometric evaluations against recognized standards.
- Version retest — validation against a specific product version, not a generic capability or a historical certification.
The difference matters. A biometric control may work against a printed photo and fail against an injection attack or a higher-quality mask. Evaluating Level 1 and Level 2 raises the bar.
Certification is not paperwork. It is evidence that a specific version of the system was tested against specific attacks, by an independent laboratory.
The methodology evaluated 13 artifact species
iBeta's protocol followed an attack matrix by level, device, and bona fide subject.
| Variable | Detail |
|---|---|
| System evaluated | VU Secure Onboarding Process |
| Artifacts per level | 6 species in Level 1 and 7 species in Level 2 |
| Total attacks | 960 attack presentations |
| Result | 0% IAPAR: no attack accepted as a genuine user |
At the close of each level, bona fide subjects re-authenticated to confirm that the control did not degrade the legitimate user's experience. This point is critical: a system that blocks everything does not solve the problem. It only shifts the cost onto conversion and operations.
Liveness has to block attacks without punishing the real user.
The certification reduces uncertainty for regulated teams
For fraud, security, compliance, and product teams, a current certification reduces uncertainty on four fronts.
- Onboarding with lower exposure — liveness tells real presence apart from impersonation artifacts within the sign-up flow.
- Audit-ready evidence — ISO/IEC 30107-3 provides a recognized framework for reporting presentation attack detection.
- Resistance against Level 2 — the evaluation is not limited to simple attacks; it includes artifacts that require more preparation.
- Independent validation — the result does not depend on a VU commercial claim, but on a report issued by an accredited laboratory.
This is especially relevant for organizations in financial services, gaming, government, and background screening, where onboarding, credential issuance, KYC, and fraud control coexist with regulatory requirements.
book a demo
Liveness connects to identity, authentication, and fraud prevention
Liveness should not live in isolation.
In a digital identity flow, the biometric result connects to document verification, risk scoring, authentication, and fraud prevention. A user can be legitimate at signup and face an account takeover attempt later. Risk may also arise at account recovery, device change, or a sensitive operation.
That is why VU organizes these capabilities across three layers:
- Verifica for identity verification and biometric onboarding.
- Autentica for authentication and passwordless MFA.
- Protege for real-time fraud detection and blocking.
VU ONE consolidates these capabilities on a single platform so that identity, authentication, and fraud prevention do not operate as separate controls.
The iBeta certification reinforces a critical part of that architecture: real presence at the moment of highest risk.
The standard is the floor, not the ceiling.
