Shufti becomes the first European company to achieve iBeta Level 3 for single-selfie passive liveness with 0% error rate

ISO/IEC 30107-3 Level 3 testing by NIST/NVLAP-accredited iBeta showed 0% APCER and 0% BPCER for Shufti passive liveness across iOS & Android.

LONDON, UNITED KINGDOM, May 7, 2026 /EINPresswire.com/ -- Shufti, a global identity verification and fraud prevention company, today announced that its passive face liveness technology achieves Level 3 Presentation Attack Detection (PAD) conformance under ISO/IEC 30107-3, following independent evaluation by iBeta Quality Assurance, a NIST/NVLAP-accredited biometric testing laboratory.

This milestone makes Shufti the first European company to achieve iBeta Level 3 conformance on both iOS and Android platforms using a fully passive, single-selfie biometric verification approach.

The evaluation confirms that Shufti’s facial liveness detection technology implemented via SDK v1.9.8 (Android) and SDK v1.3.42 (iOS) meets 0% APCER and 0% BPCER across all tested scenarios, with no successful spoofing attempts recorded during the assessment.

Shufti develops identity verification technologies used globally to support secure digital onboarding and authentication across regulated industries. Shufti's passive face liveness technology is designed to verify real human presence during biometric capture using a single selfie frame, with no prompts to blink, smile, turn the head, or guided interaction.

The system evaluates facial authenticity in real time and is engineered to detect a range of spoofing attempts, including printed imagery, video replay, and 3D mask-based impersonation. That keeps the experience fast for legitimate users while holding the line against advanced presentation attacks.

"We are the first European company to independently achieve iBeta Level 3 conformance on both iOS and Android, with zero errors and no extra steps for the user," said Shahid Hanif, CEO of Shufti. "What matters beyond the headline is what these results say about how we build. We achieved this on mainstream consumer phones, the same devices people actually use to sign up, not custom hardware engineered for the test. That is the point. And reaching this level so quickly, without bespoke tuning, reflects the quality of our underlying platform."

This kind of assurance matters most at scale, where identity decisions shape conversion rates, fraud losses, and customer trust.

Inside The iBeta's Highest Pad Level Evaluation:
Testing was conducted by iBeta QA (NIST/NVLAP accredited, Lab Code 200962) from 27 March to 24 April 2026 at its Aurora, Colorado, facility.

iBeta evaluated both the old and updated versions of the Shufti SDK during the assessment. Testing was conducted on Shufti SDK v1.9.8 using a Google Pixel 4 (Android 12) and v1.3.42 using an iPhone 12 Pro (iOS 16.6.1), with both devices connected to the same backend cloud component.

Testing was conducted on both the old and updated versions of the Shufti SDK during the assessment, and the backend was checksum-verified before and after testing to ensure no changes during the evaluation period.

Using iBeta’s Level 3 protocol, the test alternated one bona fide presentation with three artefact presentations across silicone, urethane, and resin masks until 150 attacks and 50 genuine presentations per species were completed on each device.

The evaluation included a total of 900 presentation attacks (450 per device) and 100 bona fide presentations (50 per species). According to iBeta’s final report, no presentation attack achieved a successful liveness classification, and all genuine users were correctly verified.

From Level 1, Advancing Through Level 3:
Shufti has demonstrated consistent advancement through successive iBeta PAD conformance levels:

-Level 1 (2024): Conformance achieved against 2D presentation attacks, including printed photographs and screen-based replay attacks
-Level 2 (2025): Extended evaluation coverage to more advanced 3D mask-based presentation attacks
-Level 3 (2026): Achieved the highest PAD conformance level with iBeta QA, validating passive liveness detection across both iOS and Android platforms

This progression reflects continuous enhancement of Shufti’s underlying biometric liveness framework, supporting consistent performance across evolving threat vectors and testing tiers.

iBeta Level 3 Results at a Glance:
-Level 3 PAD conformance under ISO/IEC 30107-3, independently validated by iBeta Quality Assurance.
-0% APCER and 0% BPCER on both Pixel 4 (Android 12) and iPhone 12 Pro (iOS 16.6.1); 0% APNRR and 0% BPNRR.
-900 presentation attacks resisted in total, 450 per device, 150 per species, across three high-fidelity mask types: silicone, urethane, and resin.
-All 50 bona fide presentations per species were accepted on both devices.
-Fully passive capture: no head turns, no blink prompts, no smile gestures.
-0% APNRR and 0% BPNRR across all test conditions
-Zero successful spoofing attempts recorded across 900 attacks
-Available across cloud, on-premises, and hybrid deployment options.

How This Key Development Is Significant Today?
Identity verification has become a regulated entry point across financial services, fintech, crypto, iGaming, and digital government infrastructure. Frameworks such as MiCA, eIDAS 2.0, FCA Consumer Duty, BaFin Circulars, MAS guidelines, and AUSTRAC Tranche 2 increasingly emphasise both fraud prevention and frictionless onboarding outcomes.

Within this environment, global regulated businesses are required to balance strict identity assurance with seamless user experience. Independent PAD validation at Level 3 provides a standardised benchmark for organizations assessing whether biometric systems meet both requirements under real-world conditions, across devices, lighting environments, and evolving spoofing methods.

This achievement underscores how Shufti's passive liveness capability continues to strengthen against increasingly complex fraud attempts and across the full range of consumer devices.

It also further complements Shufti’s established compliance framework, which includes ISO 27001:2013, SOC 2 Type II, PCI DSS, GDPR, KJM Age Verification, CCPA, and Cyber Essentials Plus.

To request the full iBeta Level 3 conformance report or to learn more, visit Shufti here.

About Shufti
Shufti is a global identity verification company operating under the tagline "Truth in identity." Headquartered in London, the company has offices in the UAE, Singapore, Hong Kong, Cyprus, the United States, and the United Kingdom. Shufti delivers identity verification across 240+ countries, supporting more than 10,000 document types in 150+ languages. Its product suite includes Face Verification, Document Verification, KYC/AML, eIDV, deepfake detection, Video KYC, Address Verification, and Fast ID solutions.

SOURCE SHUFTI

Aroosa Virk
Shufti
partnership@shuftipro.com
Visit us on social media:
LinkedIn
Bluesky
Instagram
YouTube
TikTok
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.