5.1 ISO/IEC 30107 Series¶
Overview¶
ISO/IEC 30107 is the international standard series for biometric Presentation Attack Detection. It provides the terminology, testing methodology, and reporting framework that underpins all PAD certifications.
The Four Parts¶
| Part | Title | Purpose | Key Content |
|---|---|---|---|
| 30107-1 | Framework | Definitions and conceptual framework | PAI taxonomy, attack categories, PAD mechanism types |
| 30107-2 | Data Formats | Reporting format for PAD results | Standardized result reporting, APCER/BPCER per species |
| 30107-3 | Testing & Reporting | Testing methodology | How to test PAD systems, statistical requirements, test protocols |
| 30107-4 | Mobile Profile | Mobile-specific requirements | Addresses device diversity, environmental variability, mobile-specific attacks |
Key Metrics Defined¶
APCER (Attack Presentation Classification Error Rate): $$APCER_{PAI} = \frac{\text{Number of attack presentations incorrectly classified as bona fide}}{\text{Total attack presentations of that PAI species}}$$
BPCER (Bona Fide Presentation Classification Error Rate): $$BPCER = \frac{\text{Number of bona fide presentations incorrectly classified as attacks}}{\text{Total bona fide presentations}}$$
Critical: APCER Is Per Species
APCER must be reported separately for each PAI species. A system that blocks 100% of printed photos but misses 50% of screen replays would have APCER=0% for prints and APCER=50% for screens. Both must be reported.
How Banks Should Use ISO 30107¶
- Require ISO 30107-3 compliant testing in all vendor RFPs
- Request per-species APCER reports — not just aggregate numbers
- Verify testing was performed by an accredited lab (iBeta, BioLab, etc.)
- Map PAI species to your threat model — which attacks are most relevant to your deployment?
- Reference 30107 in regulatory filings as evidence of standards compliance
Next: iBeta Certification →