Level of security

Uncompromised and documented security



In quality critical applications, level of security can not be compromised.

Typically security focused applications like Government ID and Financial inclusion payments, require a security level of less than 1 false acceptance in 100.000 finger attempts. In such markets, true False Acceptance Rates (FARs) must be documented in credible, real life, mass market testing regimes. In India governmental programs, testing of both security and convenience levels is done in tests run by the authorities involving more than 5.000 people in harsh environment Class 3 tests. Passing such tests is required to be allowed access to Aadhaar, the worlds largest biometric scheme, with more than 1.2 billion people now enrolled.

By laws of nature, level of security and level of convenience are opposite forces. Reduced level of security will provide a higher level of convenience. Changing system parameters to decrease the False Acceptance Rate (FAR) will consequently increase the False Rejection Rate (FRR). This means, balancing both high levels of security with high levels of convenience can only be done with a large sensor.



In some convenience focused applications like retail banking and access control, the security level may be somewhat compromised to increase convenience. However, in payments and access control the consequences of false acceptances may still be severe. Such segments also require proper documentation of actual real life performance.

In other convenience focused applications like smartphones and consumer notebooks, the consequence of a false acceptance will typically be insignificant. Such pin-code or password driven applications are already vulnerable for illegitimate access. Security may therefore be compromised and proper tests of true error rates are rarely conducted.

Required security levels & testing regimes per segment

The required levels of security and testing will vary segment by segment.

ApplicationSecurity levelTesting regime requirement
Cards – Financial Inclusion1 in 100 k (recommended)Class 3
Cards – Retail banking1 in 10-50 k (recommended)Class 2
Cards – Government ID1 in 100 k (recommended)Class 3
Cards – Corporate Access1 in 10 -100 k (applic dependent)Class 2
Cards – Niches1 in 10 -100 k (applic dependent)Class 2
Government ID1 in 100 kClass 3
Government ID India1 in 100 kTesting by the Authorities Certification mandatory
Access Control – Devices1 in 10 to 100 kClass 2/Class 3
Notebooks – Commercial1 in 10 k (typical)Class 1 or Class 2
Notebooks – ConsumersNot focusedClass 1 / No FAR testing
SmartphonesNot focusedClass 1 / No FAR testing


Read more about uncompromised and documented security here: Highlights from the Madrid Report


Level of security
In quality critical applications level of security can not be compromised
Test reports
Only independent third party tests with a large user group and strong methodology yield credible real life results of error rates
NEXT uniquely publishes results of third party tests