Shufti Secures iBeta Level 3 Certification For Passive Liveness Detection With 0% Error Rate

Identity verification firm Shufti has become the first European company to achieve iBeta Level 3 Presentation Attack Detection (PAD) conformance under ISO/IEC 30107-3 for passive single-selfie liveness on both iOS and Android, following independent evaluation by iBeta Quality Assurance, a NIST/NVLAP-accredited biometric testing laboratory.

The assessment confirmed 0% Attack Presentation Classification Error Rate (APCER) and 0% Bona Fide Presentation Classification Error Rate (BPCER) across all test conditions, with no successful spoofing attempts recorded.

Testing covered 900 presentation attacks using silicone, urethane, and resin masks, as well as 100 genuine user presentations. All spoof attempts were rejected, while all legitimate users were correctly verified, according to iBeta’s report.

The assessment was conducted on Shufti SDK versions v1.9.8 (Android) and v1.3.42 (iOS), supported by its face liveness detection, running on a Google Pixel 4 (Android 12) and an iPhone 12 Pro (iOS 16.6.1). The company verified that both old and updated product versions were included in the evaluation, with a checksum-verified backend used throughout testing.

iBeta Quality Assurance, accredited by NVLAP under NIST’s biometric testing framework, is widely used for evaluating compliance with ISO/IEC 30107-3, the international standard for presentation attack detection in biometric systems.

Shufti’s technology uses a fully passive single-selfie capture method that does not require users to perform actions such as blinking, smiling, or head movement. The system evaluates facial authenticity in real time and is designed to detect spoofing attempts, including printed images, screen replays, and 3D mask-based attacks.

Chief Executive Shufti, Shahid Hanif, said: “Biometric systems were increasingly operating in an environment where fraud attempts were becoming more sophisticated, including high-resolution mask attacks, replay-based injections, and synthetic identity techniques used to bypass digital onboarding systems.”

He said, “The challenge for IDV providers was to strengthen fraud detection while maintaining low-friction onboarding on widely used consumer devices.”

Hanif added that “this result shows our consistent performance on mainstream consumer devices without adding friction to the user journey.” ” It reflects how the system performs in real-world conditions, not controlled or custom hardware environments.”

Testing was conducted between 27 March and 24 April 2026 at iBeta’s facility in Aurora, Colorado. The protocol alternated bona fide and attack presentations across multiple mask types until required thresholds were met per device and species.

According to iBeta, no presentation attack was successfully classified as genuine during the evaluation, while all bona fide users were accepted.

Shufti said the result marks the culmination of its progression through iBeta’s PAD testing levels, moving from Level 1 in 2024 (2D spoof detection) to Level 2 in 2025 (3D mask resistance) and now Level 3 in 2026, the highest available certification tier.

Shufti added that independent PAD certification provides a benchmark for evaluating biometric systems under real-world conditions, including device variability and advanced spoofing techniques.

It added that its verification tools are designed to help platforms counter deepfake-driven fraud, account takeover attempts, and synthetic identity misuse during onboarding and authentication, while maintaining passive, real-time verification on standard mobile devices without adding extra steps for end users.

The company’s identity verification suite is also supported by certifications, including ISO 27001, SOC 2 Type II, PCI DSS, GDPR compliance, and other regulatory frameworks.

Shufti operates globally in identity verification and fraud prevention, offering biometric authentication, document verification, KYC/AML, deepfake detection, and digital onboarding solutions across regulated industries.