Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 29124:2021 — Biometrics — Presentation Attack Detection Performance
Evaluating Anti-Spoofing Mechanisms in Biometric Systems
ISO/IEC 29124:2021 is a critical standard in the biometric security landscape. It specifies metrics, test procedures, and reporting formats for evaluating the performance of presentation attack detection (PAD) mechanisms — commonly known as anti-spoofing — across multiple biometric modalities including fingerprint, face, iris, and voice.
As biometric authentication becomes ubiquitous in mobile devices, border control, and financial services, the threat of presentation attacks (using artefacts such as printed photos, silicone masks, or recorded voice snippets) has grown substantially. ISO/IEC 29124 provides a standardised methodology for assessing how well a given PAD subsystem can distinguish between genuine biometric presentations and attack presentations.
The financial impact of successful presentation attacks is severe. In 2023 alone, deepfake-based biometric fraud resulted in estimated losses exceeding $12 billion globally. Implementing robust PAD evaluation is no longer optional.
Attack Types and Classification
The standard categorises presentation attacks into a well-defined taxonomy that every PAD engineer must understand:
| Attack Category | Description | Modalities Most Affected | PAI (Presentation Attack Instrument) |
|---|---|---|---|
| 2D Print/Display | Presenting a printed photo or screen image | Face, Iris | Paper, LCD screen |
| 3D Mask/Sculpture | Using a textured prosthetic or 3D-printed replica | Face | Silicone, resin, gelatin |
| Latent Print | Utilising residual fingerprints left on a sensor | Fingerprint | Residual oils |
| Replay/Recording | Playing back a previously captured voice or video | Voice, Face | Speaker, display |
| Synthetic Generation | Using AI-generated images or voices (deepfakes) | Face, Voice | GAN, diffusion model output |
For each attack category, the standard defines the characteristics of the Presentation Attack Instrument (PAI) and specifies how it should be constructed or sourced for testing purposes. The goal is to ensure reproducibility of test results across different laboratories.
Performance Metrics and Evaluation Methodology
ISO/IEC 29124 defines two primary performance metrics that are complementary:
Attack Presentation Classification Error Rate (APCER). The proportion of attack presentations incorrectly classified as genuine. A lower APCER indicates better security against spoofing. This is the most critical metric for security-sensitive applications.
Bona Fide Presentation Classification Error Rate (BPCER). The proportion of genuine presentations incorrectly classified as attacks. A lower BPCER indicates better user convenience. In practice, there is a trade-off between APCER and BPCER.
The standard mandates that performance be reported as Detection Error Trade-off (DET) curves showing APCER versus BPCER across all operating points. Additionally, it specifies the reporting format for the Attack Presentation Classification Error Rate (APCER) at a fixed BPCER, e.g., APCER@BPCER=5%.
For high-security deployments, target an APCER below 2% at a BPCER of 5%. For consumer applications where convenience is paramount, a BPCER below 2% with APCER under 5% is typically acceptable.
Do not test only with known attack types. The standard emphasises the importance of ‘unknown attack detection’ — the ability of a PAD system to reject attack types it was not explicitly trained on. Always include at least one novel PAI type in your evaluation.
Test Protocol Design
The standard specifies a rigorous test protocol that includes:
| Protocol Element | Requirement | Rationale |
|---|---|---|
| Dataset size | Minimum 1000 bona fide + 1000 attack presentations per modality | Statistical significance |
| Environmental variation | At least 3 different lighting/background conditions | Robustness assessment |
| PAI diversity | At least 5 different PAI instances per attack type | Generalisability |
| Cross-session | Data collected on at least 2 different days | Temporal stability |
| Algorithm version | Fixed version for entire evaluation | Reproducibility |
The protocol is designed to be modality-agnostic, though specific guidance is provided for each biometric characteristic. The standard also addresses the evaluation of PAD systems that combine multiple modalities (multi-modal PAD).
Frequently Asked Questions
What is the difference between ISO/IEC 29124 and ISO/IEC 30107?
ISO/IEC 30107 is the foundational standard for presentation attack detection, providing terminology and framework. ISO/IEC 29124 builds on this by specifying the detailed performance evaluation methodology, metrics, and reporting formats.
ISO/IEC 30107 is the foundational standard for presentation attack detection, providing terminology and framework. ISO/IEC 29124 builds on this by specifying the detailed performance evaluation methodology, metrics, and reporting formats.
Can I use 29124 for deepfake detection evaluation?
Yes. The standard’s attack taxonomy includes synthetic generation (AI-generated content), and the evaluation methodology is directly applicable to deepfake detection systems for face and voice modalities.
Yes. The standard’s attack taxonomy includes synthetic generation (AI-generated content), and the evaluation methodology is directly applicable to deepfake detection systems for face and voice modalities.
How do I select the operating point for my PAD system?
The choice depends on the application’s risk tolerance. Use the DET curve to find the point that minimises the weighted cost, where the weights reflect the relative cost of security breaches versus user inconvenience.
The choice depends on the application’s risk tolerance. Use the DET curve to find the point that minimises the weighted cost, where the weights reflect the relative cost of security breaches versus user inconvenience.
Is cross-modal evaluation supported?
Yes. The standard provides guidance for evaluating PAD systems that incorporate multiple biometric modalities, including how to combine scores and report modality-specific and fused performance.
Yes. The standard provides guidance for evaluating PAD systems that incorporate multiple biometric modalities, including how to combine scores and report modality-specific and fused performance.
