Contents
Biometric - Accuracy and performance
Accuracy and performance
Terminology
Configuring biometric performance is a trade-off between two values, the False Accept Rate (FAR) and the False Reject Rate (FRR).
The FAR measures the number of false accepts you can expect – the probability of an unknown user being identified as a known user, or of one user being identified as another.
An FAR of 0.01% means that 0.01% (or 1 in 10,000) of identifications could be expected to return the wrong user.
The FRR measures the number of false rejects you can expect – the probability of a known user presenting their finger or face to the T2 but the system failing to identify them.
The FRR is generally expected to be significantly higher than the FAR, because it is much lower impact – if a user has their own finger rejected, they can try again. But if a finger was identified as the wrong person, some incorrect data will have been stored in the system.
We can’t give statistics for FRR, as it will vary so much according to enrolment quality, lighting, environmental conditions, etc. But we do have figures supplied by our biometrics partner for FAR, which can help inform choice of security level.
Fingerprint
Our fingerprint security levels are chosen to allow the FAR to be set at acceptable values on large datasets. The table below shows approximate FAR values for given security levels and user counts.
Note that our provider was unable to measure any false accepts beyond 0.0001% FAR, these values returned no false accepts in their testing.
Note also that numbers are provided to the nearest power of 10 – the underlying thresholds used means that a higher security level, or a smaller database, will always provide better FAR numbers even if the percentages in the table look the same
Security level | FAR - 100 users | FAR - 1000 users | FAR - 10000 users |
1 | 0.1% | > 0.1% | 1% |
2 | 0.01% | 0.1% | 0.1% |
3 | 0.001% | 0.01% | 0.01% |
4 | 0.0001% | 0.001% | 0.001% |
5 | < 0.0001% | < 0.0001% | < 0.0001% |
FAR of 0.1% means one false accept per 1,000 uses. FAR of 0.0001% means one false accept per 1,000,000 uses.
Faceprint
The below table is calculated the same way as the fingerprint table above. For face identification, we only have data available from the larger 10000 user database. Smaller databases will return better FAR scores than larger ones.
Note that our provider was unable to measure any false accepts beyond 0.01% - these values returned no false accepts in their test dataset.
Security level | FAR - 10000 users |
1 | 1% |
2 | 0.5% |
3 | 0.25% |
4 | 0.1% |
5 | < 0.01% |
Choosing a security level
While we can’t give precise numbers, we know that the FRR will rise as the FAR falls. So the higher the security level you choose, the more of your users will be getting rejected when they attempt to clock. This may be in the form of being rejected once then accepted the next time, or it may be that some users are unable to clock at all.
For most systems, you should choose a value that prevents incorrect clockings being recorded, while causing the minimum disruption to your users. As the tables above show, this could mean choosing lower security levels for sites with fewer enrolled users and higher levels for sites with many enrolled users.
If misidentifications are totally unacceptable, then select a high security level regardless of site size, but be aware that it may take users longer to clock.
Alternatively, you may decide that resolving a few erroneous clockings is an acceptable trade off for having all of your users identified first-time when they try, reducing queuing at the device.
Choosing fingerprint or face
Security
As the Accuracy section above, demonstrates, fingerprint identification provides a more secure solution than faceprint – there is simply more data in a fingerprint to uniquely identify a user.
Fingerprint readers are also better able to distinguish a “real” user from an attempt to impersonate a user. While we have provided liveness detection for face, it will still be harder to fake another user’s fingerprints than their face.
Speed
Which technology is faster will vary by use case. The template extraction and identification process itself takes almost the same amount of time for fingerprint and faceprint, so the way the device is used will make the difference.
In good lighting conditions, and with liveness disabled, it’s likely to be faster to use faceprint to clock. The act of presenting the finger and getting the positioning right is likely to take longer than detecting the face.
However, if face liveness is turned on, face clocking will take longer the fingerprint due to the extra steps required.
Ease of use
As above, in good conditions and with liveness disabled, faceprint clocking is going to be easier to use without training.
If liveness is turned on, or lighting conditions aren’t good, it may become more awkward to use faceprint successfully.
Fingerprint clocking is more invariant with conditions – it may require a little practice to get the finger positioning right initially, but apart from that it will always be the same, making it a very straightforward process.
However, if users can be expected to be wearing gloves, or carrying things, then fingerprint may be more awkward.
If contactless clocking is important, then obviously that can’t be achieved with fingerprint – either faceprint or proximity cards will be required.
