Third-party testing shows iProov meets new U.S. standards for biometric identity verification and AI-generated attack resistance

iProov, the world’s leading provider of science-based biometric identity verification solutions, today announced that it is the first and only vendor to meet the biometric verification requirements included in the new NIST Special Publication 800-63-4 Digital Identity Guidelines. This achievement is independently established by the combination of recent testing of iProov Dynamic Liveness by an ISO-accredited lab to the new CEN18099 injection attack standard, together with iProov’s FIDO Face Verification Certification for PAD and other essential certifications for accessibility, data privacy, and cybersecurity.

The NIST SP 800-63-4 Digital Identity Guidelines define the technical and security requirements for digital identity systems used by the U.S. federal government. In addition to strengthening the requirements for biometric verification, the latest update introduces specific provisions to address emerging threats such as deepfakes and other AI-generated attacks, mandating phishing-resistant authentication for high-assurance scenarios (AAL3). While developed in the United States, NIST guidelines are widely respected and often adopted or referenced by governments, regulators, and enterprises worldwide as a benchmark for secure and trustworthy digital identity. To conform with these standards, biometric systems must undergo rigorous testing to validate performance, spoof resistance, usability, and equity.

iProov’s Dynamic Liveness uses its patented Flashmark technology to deliver facial biometric authentication by verifying a user is genuinely present. It captures unique, real-time biometric data in each session, which prevents spoofing and injection attacks (critical for AAL2/AAL3) and protects AAL3 cryptographic keys from remote exploitation.

“iProov is the only vendor proven to deliver the highest level of protection against the full spectrum of real-world threats,” said Andrew Bud, founder and CEO, iProov. “This matters because biometric verification is becoming the root of trust for authenticity in the AI world, and Gen-AI based attacks are now too sophisticated for legacy systems to stop them. With the iProov Security Operations Center delivering continuous threat monitoring, our customers gain protection that goes far beyond traditional software and is purpose-built for today’s risk environment.”

“ID.me protects access to some of the nation’s most critical services through trusted, high-assurance digital identity. While NIST recognizes multiple verification pathways, biometric verification remains among the most secure and inclusive ways to confirm identity and prevent fraud,” said Blake Hall, founder and CEO, ID.me. “iProov is a trusted partner in this mission, delivering scalable trust, meeting rigorous NIST standards, and staying ahead of increasingly sophisticated AI-driven threats.”

iProov’s biometric verification platform is supported by a robust set of internationally recognized certifications and independent test results, aligning with the core requirements of NIST SP 800-63-4:

• Injection Attack Detection (IAD):
  The most significant update in NIST SP 800-63-4 is the introduction of controls for addressing injection attacks and forged media (e.g. deepfakes). iProov has now passed testing against CEN TS 18099 Level 2 (High) for protection against deepfakes and forged media, the only global standard for IAD, undertaken by ISO 17025-accredited testing lab Ingenium Biometrics and completed in September 2025.
• Presentation Attack Detection (PAD):
  Certified under the FIDO Face Verification Certification Program — the only global benchmark for PAD resilience (e.g., deepfakes, masks, photos, replays), following independent lab testing.
• High-Assurance Identity Proofing:
  Certified to eIDAS 2 Level of Assurance High (equivalent to IAL3/AAL3) by an accredited trust service auditor.
• Information Security:
  Certified by external audit to SOC 2 Type II and CSA STAR Level 2, demonstrating mature operational and cloud security controls.
• Accessibility & Usability:
  Certified by external audit to WCAG 2.2 Level AA, meeting U.S. Section 508 (of the Rehabilitation Act) accessibility standards.
• Data Privacy:
  Externally audited to EU GDPR compliance as part of iProov’s status as a Qualified Trust Service Provider under eIDAS 2.

The post iProov Shows Deepfake Resilience Under NIST Digital ID Rules first appeared on AI-Tech Park.

Origianl Creator: Business Wire
Original Link: https://ai-techpark.com/iproov-shows-deepfake-resilience-under-nist-digital-id-rules/
Originally Posted: Tue, 04 Nov 2025 09:30:00 +0000