Identity theft continues to be one of the most common and worrisome frauds in the United States, ranking second in the total number of reported frauds in 2024 with 1,335,291 incidents, according to data from the Federal Trade Commission. Among the most common cases of identity theft are those related to credit cards, including opening new accounts or the fraudulent use of existing accounts (449,032 cases in 2024), loan applications (176,400), or applications for Government documents or benefits (70,332). The main entry pathways (resulting in financial loss) for fraud are social networks at 70%, visiting certain websites or apps with 68%, and online ads or pop-ups accounting for 62%.
The FBI’s IC3 – Internet Crime Complaint Center collects cybercrimes reported annually in the United States. In 2024, the IC3 received 948 thousand complaints of which data breaches and phishing stand out as the most common by volume of incidents. These cybercrimes are the main vector for credential and personal information theft that can later be used in identity hijacking and other similar frauds.
Information stolen with these methodologies can include names, dates of birth, addresses, passwords, answers to security questions or even Social Security numbers. All of this data can be exploited in a variety of verification and authentication systems that rely only on static credentials to verify who is behind a particular access request or transaction.
Why is biometrics essential to prevent identity theft? Identy.io’s on device solution
Biometrics is the perfect ally for fraud reduction, because without these tools identity supplementation is as easy as using illegally obtained data to verify a person’s supposed identity. By including the requirement for fingerprint detection in verification systems, security is increased as it checks identity based on physical characteristics, especially if the tool has, as in the case of Identy.io, liveness proof of life.
However, the implementation of this technology must meet certain minimum requirements to be considered a robust security system because, in many cases, the problem is not the absence of biometric systems, but the implementation of vulnerable tools. This may be because they do not have proof of life (liveness), or because the biometric data is stored on insecure servers that can generate new risks if they are attacked and the information is stolen. In addition, entities face a lack of standardization, so interoperability may vary.
Unlike other fingerprint capture solutions available in the market, Identy.io obtains and processes all the biometric information on the user’s cell phone, using only the device’s camera and its flash, which increases the security of the entire process avoiding possible data leakage or losses, and maximizing the applicability for public and private administrations or entities that implement it, since it is not necessary to make new investments in third-party infrastructures or cloud management.
How do you know if biometrics tools are secure and effective? NIST certification
While it is essential to prevent fraud with secure identification, fingerprint capture needs to meet certain compliance standards to be a truly reliable tool. In the US there is a government agency, the NIST (National Institute of Standards and Technology) that sets standards and performs tests to ensure the quality and reliability of various technologies. Identy.io has received validation from the NIST in its latest Proprietary Fingerprint Template (PFTIII) evaluation.
This test, which has been in effect in the industry since October 2019, is a fingerprint technology evaluation that examines the performance and accuracy of proprietary fingerprint templates used for one-to-one matching, and Identy.io’s inaugural submission places the company at the top among other US vendors.
Whereas PFT III is designed to evaluate fingerprint matching engines using traditional scanner-based images (touch), Identy.io’s proprietary technology is designed to work in both touch and non-touch environments, offering greater versatility.
In fingerprinting, the most important parameter is accuracy, and there are two basic metrics, the False Match Rate (FMR), which measures the probability that the system will incorrectly say that the fingerprint of one person (an imposter) matches the registered fingerprint of another person (the victim). On the other hand, there is the False Non-Match Rate (FNMR), which measures the probability that the system will incorrectly say that a legitimate person’s fingerprint does not match its own registered fingerprint. A high FNMR causes usability problems (legitimate users are blocked). In the case of identity fraud, the first value is more important because a high FMR means the system is insecure and vulnerable to spoofing.
A Game-Changer in Biometrics: Mobile Matching Reaches Hardware-Level Performance
Identy.io’s inclusion in the NIST PFT III assessment not only reaffirms the company’s commitment to the accuracy and security of its biometric identity verification solutions, but also represents a major step forward for the industry. Whereas until now, the highest level of accuracy and reliability was reserved only for systems based on expensive and complex fingerprint scanners, Identy.io revolutionises the industry by being the first biometric vendor to achieve the same level of accuracy as these systems by using only its users’ mobile phone as a fingerprint capture device.
One of the main differences that confirms Identy.io’s leadership in its sector is the fact that the entire process of verifying the user’s identity is carried out on their own mobile device, using only the camera and flash available – without the need for particularly advanced or state-of-the-art models. This means significant savings in the implementation of their solutions, but at the same time, it is also of particular importance in the expansion of identity authentication to scenarios and locations where the hardware typically used in fingerprint capture and verification is unfeasible or of little use.
It is important to note that the PFT III test only takes into account fingerprints captured by scanner, which proves the reliability and high performance of the Identy.io matcher also in this context. But beyond that, the fact that cements its leadership in the industry is its hybrid design, whereby it performs flawlessly both in fingerprint capture via scanner (Touch) and via the user’s mobile phone (Touchless). This places Identy.io as a benchmark for interoperability, an increasingly important requirement as private and governmental institutions continue to modernise their systems.
This is a major breakthrough for the biometrics industry, as the capabilities that were previously only available in laboratories using expensive capture devices are now being brought to the real environment, via mobile phones, without the need to be connected to the Internet, and in real time. This new capability makes Identy.io open new possibilities for the biometric identity verification industry, through scalable and affordable solutions, which rigorously comply with all industry security standards, and creating new possibilities and usage scenarios previously unimaginable.
Getting to know NIST’s PFT III (Proprietary Fingerprint Template III), the quality standard for fingerprint identification algorithms
The test that has certified Identy.io as one of the best vendors in the US is the PFT III (Proprietary Fingerprint Template III), which continuously evaluates the performance (accuracy) of fingerprint matching algorithms developed by different commercial vendors worldwide. An essential part of this system is its continuous evaluation nature, whereby vendors submit their algorithms to NIST for evaluation at any time and the results are updated accordingly.
The program primarily measures fingerprint matching algorithms. It evaluates software that determines if they belong to the same person, i.e. verification (1:1), confirming whether a fingerprint matches a specific fingerprint. The evaluation process follows a standardized methodology to ensure objectivity and comparability of results whereby companies voluntarily submit software for analysis. NIST then integrates it into its framework so that all algorithms are measured under the same conditions. For the databases, the agency makes use of government datasets to which vendors do not have access so that the testing is as rigorous as possible and the algorithms could not have been trained beforehand. These databases include a wide variety of fingerprint qualities to enable them to measure under different scenarios.
In the testing phase NIST uses the algorithm provided by the vendor for verification (1:1) , as well as generation of the proprietary templates where the particularities of each fingerprint are expressed in comparable mathematical values.
With this recognition, Identy.io now offers a complete biometric solution, combining secure mobile capture with robust, NIST-evaluated fingerprint matching. The matcher not only performs in both 1:1 but also 1:N configurations and its mobile derivative is fully deployable on mobile devices, enabling digital ID applications in offline, on-device, or field-based settings.
Key Differentiators for Identy.io:
- Only vendor with NIST-certified matcher interoperable across both touch and touchless data.
- Offline, mobile-first architecture optimized for field deployments.
- Ideal for governments and institutions transitioning from legacy ABIS to modern mobile systems.
- Built from the ground up for compliance in regulated markets (FIDO, ISO, NIST, GDPR, LGPD).
Core capabilities, certification status and regulatory alignment
| Criteria | Identy.io |
| PFT III Certification (NIST) | Certified (touch and touchless matcher interoperability) |
| Touchless Fingerprint Capture | Fully mobile, on-device, no hardware required |
| Liveness Detection | Passive liveness (ISO 30107-3 compliant) for both face & finger |
| Face Matching Accuracy (NIST FRTE) | Evaluated and ranked in FRVT |
| On-Device vs. Server Architectures | End-to-end Biometrics MFA (finger + face) |
| Interoperability (Touch/Touchless) | Hybrid matcher handles scanner + mobile touchless data |
| FIDO Alliance Certifications | Designed with FIDO-compliant architecture |
| NIST 800-63-3 Alignment | Supports IAL2 / AAL2 implementations for KYC and remote onboarding |
| Regulatory Focus (AML, KYC, GDPR, LGPD) | Built for regulated markets: AML, GDPR, LGPD, INE/RENAPO, eIDAS, etc |
| Offline Functionality | Full offline operation supported (OCR, biometrics, matching) |
| Use Case Breadth | Government, Banking, Telecom, Retail, Hospitality |
