Biometric recognition tests can’t be used for all use cases

Trust being essential to the algorithmic identification industry, it bears noting that having tests for, say, performance is not enough by itself to create durable confidence in code among regulators, competitors, insurers and buyers.

Judging by the reaction of people attending an Open Identity Exchange discussion this week, testing biometric recognition as a topic could be popular. The end of the session was swamped with (largely inaudible online) questions.

Outlining issues that may need more thought in the industry was Chris Allgrove, a director and co-founder of biometric ID services firm Ingenium Biometrics. Allgrove’s message was pretty simple. Successful manufacturers do not treat testing as a formality or a Band-Aid, and buyers should not take results at face value.

He made a lengthy presentation, but the meat of this matter begins at about 24 minutes in the webinar based on Allgrove’s remarks.

A test standard, or scheme, describes the way a biometric evaluation will be performed, explained Allgrove, whose company performs test services. Examples he called out were the FIDO Alliance biometric component certification scheme, Android compatibility definition document and Common Criteria biometrics evaluations.

But not all tests, even in a subsector of code, are equally valid for all purposes.

“You can’t re-apply test results willy-nilly,” he said. “That is quite a dangerous thing.”

A test designed to assess the performance of a piece of code evaluating a narrow use case like a fingerprint scan will not apply broadly.

“Fair and sensible comparisons are needed,” said Allgrove.

Not just the future of a product or company is at stake, he said. Few industries in history have depended on an unshakable trust the way AI-backed biometrics does. The same goes for the digital identities that rely on biometrics.