The IT Nerd

Incode Technologies, Inc., the global leader in identity security and fraud prevention, today announced that iBeta PAD testing confirmed Incode’s face liveness technology achieves Level 3 Presentation Attack Detection (PAD) conformance under ISO/IEC 30107-3.

Face liveness technology is used in digital onboarding and authentication to confirm a real, live person is present during a selfie capture – not a printed photo, video replay, mask, or other spoofing attempt. It enables organizations to defend remote identity verification flows against account takeovers, synthetic identity fraud, and impersonation scams.

Incode’s solution is passive and completes verification with a single selfie, reducing friction compared to challenge-based experiences while maintaining strong resistance to sophisticated presentation attacks.

This level of assurance matters most at scale – where identity decisions impact conversions, fraud losses, and customer trust across millions of users. Incode operates at that scale, powering trusted experiences for 8 of the top 10 U.S. banks, 8 of the top 9 telecom companies, the top 3 global neobanks, and 4 of the top 5 marketplaces worldwide. To date, Incode has processed more than 7.1 billion trust checks.

From Level 1 to Level 3. A clear progression

In 2019, Incode launched a passive liveness model designed to detect common 2D presentation attacks including printed photos and replay attacks. That release led to Incode becoming the first vendor to pass iBeta Level 1 using a passive liveness approach.

By 2022, Incode expanded its defenses to address advanced 3D mask attacks while continuing to strengthen 2D detection. These improvements enabled Incode to pass iBeta PAD Level 2 testing in early 2023.

In 2026, Incode achieved iBeta PAD Level 3 conformance on both iOS and Android, with a perfect score.

Independent validation at the highest PAD level

APCER (Attack Presentation Classification Error Rate) captures whether spoofing attempts are incorrectly accepted, while BPCER (Bona Fide Presentation Classification Error Rate) captures whether legitimate users are incorrectly rejected. Incode reported 0% on both metrics – no presentation attacks were accepted, and no legitimate users were rejected during the evaluation.

Incode’s verification is completed from a single selfie capture, with no challenge prompts (such as turning head, or smiling), helping reduce friction while maintaining strong resistance to sophisticated presentation attacks.

Why this matters now

Digital onboarding has become the primary gateway to financial services, marketplaces, and government platforms – making identity assurance a critical control point for both security and growth.

Organizations face mounting pressure to reduce fraud losses while minimizing false rejections that disrupt user experience and impact revenue. But as attackers become more sophisticated, it’s increasingly difficult for teams to evaluate liveness vendors under the most demanding real-world conditions, especially across devices, environments, and advanced presentation attacks. Independent testing at the highest available PAD level helps buyers cut through claims and identify the solutions that hold up when stakes are highest.

This milestone reflects Incode’s continued commitment to proprietary innovation and world-class engineering talent globally.

OpenAge today announced that Persona, Incode and Veratad have joined the OpenAge Initiative, adding further momentum to the industry’s move toward privacy-preserving, interoperable age assurance as foundational trust infrastructure.

Their participation builds on recent commitments from Meta and Socure, along with broad adoption across k-ID clients and reflects a growing consensus across platforms and identity providers that age assurance is becoming a baseline operational requirement, not a bespoke or jurisdiction-specific feature.

Launched in late 2025, the OpenAge Initiative brings together platforms, identity providers, and trust infrastructure partners to establish a user-centric, privacy-first framework for age assurance that works across services, jurisdictions, and regulatory regimes. The Free Speech Coalition (FSC) recently announced its support for the OpenAge Initiative and AgeKey, as a privacy-preserving and low-friction approach to meeting age-assurance requirements without compromising user anonymity or security.

At the centre of the initiative are AgeKeys, a reusable age credential that allows individuals to verify their age once with a participating provider and reuse that age signal across services that accept AgeKeys. Designed around open standards and double-anonymity principles, AgeKeys minimise data exposure, eliminate repeated verification, and support consistent protections for minors while preserving adult privacy.

Persona and Incode bring configurable age assurance and identity verification used by global platforms, while Veratad supports privacy-preserving, risk-based age and identity assurance through its global orchestration capabilities. Their participation expands the ecosystem of providers able to support OpenAge-aligned implementations.

AgeKeys have already been used millions of times across participating services, significantly reducing friction compared to traditional age-verification methods while strengthening privacy protections. The OpenAge Initiative remains open to platforms, identity providers, and ecosystem partners committed to advancing interoperable, privacy-preserving age assurance globally.