Shufti wins iBeta Level 3 liveness certification on iOS and Android

By AI, Created 11:45 AM UTC, May 20, 2026, /AGP/ – Shufti says its passive, single-selfie face liveness system cleared iBeta Level 3 testing under ISO/IEC 30107-3 with 0% false accepts and 0% false rejects on both iOS and Android. The result makes Shufti the first European company to reach that benchmark on mainstream consumer phones, a key signal for regulated onboarding and fraud prevention.

Why it matters: - Identity verification is now a frontline control for financial services, fintech, crypto, iGaming and digital government onboarding. - A Level 3 PAD result gives regulated businesses a stricter benchmark for measuring whether biometric systems can block advanced spoofing without adding user friction. - Shufti says the result strengthens its position in markets where fraud losses, conversion rates and customer trust are tightly linked.

What happened: - Shufti announced that its passive face liveness technology achieved Level 3 Presentation Attack Detection conformance under ISO/IEC 30107-3. - Independent testing was completed by iBeta Quality Assurance, a NIST/NVLAP-accredited biometric testing laboratory. - Shufti says the result makes the company the first European vendor to achieve iBeta Level 3 conformance on both iOS and Android using a fully passive, single-selfie biometric verification flow. - The evaluation used Shufti SDK v1.9.8 on Android and SDK v1.3.42 on iOS. - Testing ran from 27 March to 24 April 2026 at iBeta’s facility in Aurora, Colorado.

The details: - iBeta tested the system on a Google Pixel 4 running Android 12 and an iPhone 12 Pro running iOS 16.6.1. - Both devices used the same backend cloud component during the assessment. - The protocol alternated one bona fide presentation with three artefact presentations across silicone, urethane and resin masks. - The final test set included 900 presentation attacks, 450 per device, and 100 bona fide presentations, 50 per species. - iBeta’s report showed 0% APCER and 0% BPCER across the tested scenarios. - The report also showed 0% APNRR and 0% BPNRR. - No successful spoofing attempts were recorded. - All genuine users were correctly verified. - The passive capture process required no blink prompts, smile gestures or head turns. - Shufti says the technology is designed to detect printed imagery, video replay and 3D mask-based impersonation in real time. - The system is available in cloud, on-premises and hybrid deployment options.

Between the lines: - Shufti’s result is notable because it was achieved on mainstream consumer phones rather than custom hardware. - CEO Shahid Hanif framed the outcome as evidence that the platform can scale without bespoke tuning. - The company’s multi-year progression through iBeta levels suggests a stepwise push to harden its liveness stack against more advanced attack methods. - Shufti also points to a broader compliance posture that includes ISO 27001:2013, SOC 2 Type II, PCI DSS, GDPR, KJM Age Verification, CCPA and Cyber Essentials Plus.

What’s next: - Shufti is directing customers to request the full iBeta Level 3 conformance report or learn more through its announcement page. - The company will likely use the certification to support sales into regulated sectors that require stronger proof of biometric assurance. - The benchmark may also become part of procurement checks as more organizations compare passive liveness tools on independent test results.

The bottom line: - Shufti now has an independent Level 3 validation for passive selfie liveness on both major mobile platforms, giving the company a hard credential in a crowded identity-verification market.