Contact Us
Biometric Security
iBeta Certification

What is iBeta certification?

iBeta certification requirements

August, 2025

by Axon Labs

What iBeta PAD Certification Means

ISO 30107-3 defines how to evaluate liveness detection systems against presentation attacks at the sensor (camera) during acquisition. iBeta operationalizes that standard into progressive certifications:

  • iBeta Level 1 certification: resistance to common, readily available 2D presentation attack instruments (PAIs) in cooperative conditions
  • iBeta Level 2 certification: resistance to more sophisticated or varied PAIs and less predictable capture conditions
  • iBeta Level 3 certification: resistance to targeted, high-sophistication attacks with custom, hyper-realistic artifacts and curated test environments that give testers more time to engineer optimal attempts; initially available for face PAD under ISO/IEC 30107-3

iBeta PAD Certification Requirements

Level
Typical attacker sophistication
PAI cost limit
Time limit
Test volume
APCER limit
BPCER limit
1
Simple attacks: printed photo, image on a screen
≤ 30 USD
8 h per PAI
6 types × 150 attacks + 50 bona-fide (≈ 900 attempts)
0%
≤ 15%
2
Medium complexity: dynamic video, 3D prints, latex/silicone masks
≤ 300 USD
≤ 24 h per PAI; total 2–4 days per type
5 types × 150 = 750 attacks + 250 bona-fide
≤ 1%
≤ 15%
3
Targeted high-end attacks: custom hyper-realistic masks, controlled scene (lighting, background, motion)
No fixed limit; budget agreed per system
Time and conditions set individually
Parameters defined ad hoc; PASS/FAIL evaluation
≈ 0% (strict PASS/FAIL)
≤ 10%

What Are the Types of Attacks in iBeta Level 1 Certification?

Attack Name
Comment
Source
Printed photograph
Typical in Level 1 PAD tests; ID R&D explicitly mentions "photo printouts.
iBeta whitepaper, ID R&D news
Video replay (short videos on smartphone/laptop screen)
Level 1 examples include "short videos displayed on a smartphone or laptop screen"
iBeta whitepaper, ID R&D news
Paper mask
Classified as a "typical PAD Level 1 attack species"
iBeta whitepaper
Cutout mask (with cutouts)
PAI description includes "a cutout or a mask" in their Level 1 testing
ID R&D news

References: iBeta whitepaper, ID R&D news

Examples of attacks from real iBeta success cases - Level 1

In 2021, KBTG Labs achieved iBeta Level 1 certification under the ISO/IEC 30107-3 standard. The evaluation involved six types of Presentation Attack Instruments (PAI), with the results presented in the table below

KBTG Labs – 2021 – source

Dataset for iBeta Level 1 by Axon Labs

We have compiled a complete dataset for passing iBeta Level 1. Our clients have already used it to successfully pass certification with comprehensive attack scenarios and validation data.

What Are the Types of Attacks in iBeta Level 2 Certification?

Level 2 Attack Types

Attack Name
Comment
Source
Silicone mask
Listed in “typical PAD Level 2” attacks; Veridas notes “3D masks made of … silicone”
iBeta whitepaper, Biometric Update – Veridas
Latex mask
Explicitly listed as Level 2 example
iBeta whitepaper, Biometric Update – Veridas
Resin mask
Also named in typical Level 2 attack list
iBeta whitepaper, Biometric Update – Veridas
3D animation / 3D animation software
Typical in L2 PAD; 1Kosmos lists “3D animation software” among attack tools
iBeta whitepaper, 1Kosmos press release
3D-printed mask
Listed as one of the attack tools used in L2 evaluation
1Kosmos press release
Realistic dolls
Listed for Level 2 as an example of “more sophisticated methods”
Biometric Update – Veridas

References: iBeta whitepaper, Biometric Update – Veridas, 1Kosmos press release

Examples of attacks from real iBeta success cases - Level 2

In 2020, Innovatrics successfully passed testing under the ISO/IEC 30107-3 (Level 2) standard at the iBeta Quality Assurance laboratory. The evaluation included five types of attacks (Presentation Attack Instruments, PAI) with advanced materials and techniques.

Innovatrics – 2020

In 2021, KBTG Labs also earned iBeta Level 2 certification under the ISO/IEC 30107-3 standard. The evaluation covered five types of Presentation Attack Instruments (PAI) including silicone masks, 3D prints, and sophisticated video attacks.

KBTG Labs – 2021

Dataset for iBeta Level 2 by Axon Labs

For iBeta Level 2, we also have a comprehensive dataset. Based on our experience, there are enough attack scenarios in it to successfully pass certification with sophisticated PAI testing requirements.

Ensure GDPR-Compliant Face Dataset

To ensure GDPR-compliant face dataset practices across R&D and certification:

  • Explicit purpose & consent: use signed, revocable consent tailored to training/validation, separate from production KYC consent
  • Data Protection Impact Assessment: document risks, mitigations, and residual risk acceptance
  • Retention policy: define and enforce time-bound retention; auto-purge when the purpose ends or consent is withdrawn
  • Cross-border transfers: if applicable, use approved transfer mechanisms and vendor DPAs
  • Subject diversity and fairness: monitor performance by demographics to minimize disparate impact

Frequently asked questions

iBeta certification is an independent biometric testing program that certifies Presentation Attack Detection (PAD) systems against ISO/IEC 30107-3, the international standard for biometric anti-spoofing. Testing is performed by iBeta Quality Assurance, an independent laboratory accredited by NVLAP (NIST). iBeta certification is required by major biometric buyers: banks, fintech companies, governments, and FIDO Alliance vendors, to verify that a liveness detection system can resist real-world spoofing attacks before it is deployed in production

The iBeta certification list covers three levels of Presentation Attack Detection testing under ISO/IEC 30107-3: Level 1 tests 2D attacks such as photo prints, cutouts, and display replays; Level 2 tests 3D mask attacks including silicone, latex, wrapped 3D paper, and cloth 3D masks; Level 3 tests the highest-fidelity custom-manufactured 3D masks (rubber and resin). Each level has stricter APCER, BPCER, and ACER thresholds than the previous

iBeta Level 2 certification tests biometric liveness systems against 3D presentation attacks - the attack class most commonly encountered in real-world fraud. Under ISO/IEC 30107-3 Level 2, systems must correctly identify spoofs including silicone masks, latex masks, wrapped 3D paper masks, and cloth 3D masks. APCER (Attack Presentation Classification Error Rate), BPCER (Bona Fide Presentation Classification Error Rate), and ACER thresholds are stricter than at Level 1. iBeta Level 2 is the most commonly pursued certification for fintech, KYC providers, and banking onboarding applications

iBeta certification typically takes 4–12 weeks end-to-end, depending on the certification level and how prepared your liveness model is before submission. The testing phase alone usually takes 2–6 weeks. Most delay comes from pre-submission preparation, gathering diverse training data, improving model accuracy, and iterating on failed attack types. Companies that prepare with comprehensive training datasets upfront tend to pass on first attempt; those that don't often need 2–3 submission cycles, significantly extending timeline and cost

iBeta certification fees typically range from $10,000 to $50,000+ per submission, depending on the certification level and attack types tested. Level 1 is the most affordable; Level 3 is the most expensive. However, the submission fee is often the smaller cost: failed attempts, re-submissions, and extended engineering time to improve model performance frequently exceed certification fees by 3–5x. Investing in comprehensive training data before submission is typically the highest-ROI decision in the certification process

To prepare for iBeta certification, your liveness model needs training data covering all attack types tested at your target level. For iBeta Level 1 - photo prints, cutouts, and display replays. For iBeta Level 2 - silicone, latex, wrapped 3D paper, and cloth 3D mask attacks. For iBeta Level 3 - high-fidelity rubber and 3D resin masks. 21% of companies that passed iBeta certification in 2025 are Axon Labs clients, who prepared their models using comprehensive attack-type coverage before submission

iBeta maintains a public list of certified vendors across all PAD certification levels. The list includes identity verification providers, fintech companies, KYC platforms, and biometric authentication vendors. Here are the reports on iBeta certification in 2024 and 2025

Success iBeta stories of our clients

From Failed Attempt to Success: UK Fintech Passed iBeta 2

UK fintech invested in datasets from another vendor for iBeta 2 and failed. The gap analysis revealed critical missing attack vectors. They needed a solution fast
Read More

Double Success: E-KYC Startup Achieves iBeta 1 & 2

A US-based e-KYC startup needed to prove their facial recognition technology met the highest industry security standards. Their ambitious goal: pass iBeta 1 and 2 Certification
Read More

Technology company from Vietnam: iBeta Level 2 success

A Vietnam-based AI/Big Data firm coached by Axon Labs passed iBeta PAD Level 2 on the first try with 0% successful spoofs; the solution claims 99.9% face-recognition accuracy
Read More

Accelerate Your AI Development Today

Speed up your AI projects with our high-quality, ready-to-use datasets. Enjoy easy integration, fast deployment, and reliable biometric data collection

Get Started with Axon Labs

High-quality biometric datasets for real-world AI

5.0 on

Contacts

UAE, Ajman

sales@axonlabs.pro

Company

Datasets

Follow us

Kaggle

Hugging face

© 2022 – 2026 Copyright protected

Privacy policy