Trust Center

In the 1:1 evaluation of facial recognition our algorithm proved to be optimised for highly demanding environments, achieving an outstanding balance between accuracy and performance, with a 0.5% margin of error at very high security levels (1 false acceptance per million attempts).

Donde se analiza la eficacia de los algoritmos de reconocimiento facial en identificación, Facephi también mostró un excelente equilibrio entre precisión y rendimiento, con una tasa de error del 1% en búsquedas en galerías de 1.6 millones de identidades y tiempos de extracción y búsqueda reducidos.

Nuestro algoritmo obtuvo la primera posición como el más seguro en el programa FATE PAD (Face Presentation Attack Detection), diseñado para analizar la detección de ataques de presentación, logrando un margen de error inferior al 0,2% en la detección de Photo Print/Replay Attacks. Este logro avala la robustez de nuestra tecnología y refuerza su fiabilidad frente a intentos de fraude.

Key standard for the storage and exchange of biometric data, ensuring compatibility between different biometric systems globally. Thanks to this standard, our solutions allow the efficient and secure exchange of data, guaranteeing fluid integration in diverse environments.

This specifies the formats for storing, recording and transmitting facial images. This standard covers essential aspects such as scene limitations, photographic properties, digital image attributes and best practices for quality and security.

By adhering to these regulations, we ensure that our facial data capture and transmission processes meet the highest quality and reliability levels, allowing interoperability with other platforms and guaranteeing a user experience with maximum precision.

Facephi is the only company in the sector that meets this certification both in terms of its facial recognition algorithm (matcher) and its passive liveness technology for presentation attack detection (PAD). This standard, recognised as the most prestigious internationally in biometrics, establishes the methodology for evaluating the resistance of biometric algorithms to simple fraud attempts, such as impersonations using photos or videos.

The evaluation was conducted by iBeta, the only laboratory in the world accredited by NIST NVLAP (National Voluntary Laboratory Accreditation Programme), which ensures the impartiality and thoroughness of the results.

This certification represents the highest standard of protection in facial biometrics, focusing on more complex and advanced presentation attacks. Meeting this level confirms the soundness and reliability of Facephi’s technology, consolidating it as a reference in biometric fraud detection, achieving the most demanding recognition achieved to date in the sector.

*Facephi’s algorithms have proven to be invulnerable throughout the compliance process with 0% successful attacks.

The certification granted by the Korea Internet & Security Agency (KISA) and the National Biometric Testing Center (K-NBTC) validates the performance of the Facephi biometrics’ verification algorithm . This evaluation, carried out deploying NIST methodology and using Korean government databases, guarantees the reliability, security and precision of our technology for use on the Asian market. This recognition endorses SelphID® as a robust and reliable biometric system, highlighting our ability to meet the most demanding standards in terms of security and interoperability and boosting our presence on key international markets such as South Korea.

Facephi is certified as an Identity Service Provider (IDSP) for the United Kingdom Digital Identity Framework (UK DIATF) in relation to the provision of secure and trusted digital identity services through its products and services. The UK DIATF framework aims to facilitate the secure and trusted use of services which allow people to verify their identity or share personal information, setting out clear guidelines which organisations must follow to ensure data integrity and protection.

This certification guarantees that Facephi ensures the confidentiality, integrity and availability of the information it processes, as well as the systems that manage it. Our ability to identify, assess and mitigate risks has positioned us as a trusted partner in a world where information security is a priority.

This standard guarantees that Facephi is prepared to prevent, respond to and recover from disruptive incidents, ensuring the continuity of our services whatever the circumstances.

This recognises that Facephi implements specific measures to protect data in cloud environments, promoting secure and transparent relationships between cloud service providers and customers.

Facephi’s services are recognized with the SOC 2 Type 2 Report. SOC 2 is a service and organizational controls report based on the framework developed by the American Institute of Certified Public Accountants (AICPA), which defines how cloud service providers should manage the security, availability, integrity, confidentiality, and privacy of their clients’ data. Through this SOC 2 report, Facephi ensures that it handles data with transparency and high security standards.

Facephi complies with this demanding regulation, which lays down basic principles and minimum requirements for the protection of information in services offered to public entities, ensuring the integrity, confidentiality and traceability of electronically managed data.

Facephi is certified as a provider of remote video identification services, both in real time and delayed, within the compliance framework laid down by the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences in Spain. This certification ensures that our services comply with regulations on the prevention of money laundering and integrity in digital identification processes.

This international standard boosts our ability to meet our clients’ expectations, optimising processes and promoting a continuous improvement in business management.

This enables us to maintain an effective technological service management system which guarantees quality, reliability and constant improvement in our operations.

This international standard helps us proactively manage strategic, operational and financial risks, boosting Facephi’s economic resilience and professional reputation.

This system extends our ISO 27001 certification, allowing rigorous, secure management of personal information in our operations.

Facephi guarantees the protection of personally identifiable data (PII) in the cloud, complying with the strictest privacy principles and industry standards.

The GDPR establishes a common framework in Europe to guarantee the protection of the personal data of natural persons and regulate their processing. This regulation promotes key principles such as transparency, data minimisation and security.

Here at Facephi, we have aligned our policies, procedures and good practices with GDPR standards, backed up by our certifications in IS (information security).

The LOPDGDD complements the GDPR in Spain, incorporating specific provisions to guarantee the protection of personal data and digital rights in the national environment. This regulation covers key aspects such as the right to be forgotten, data portability and protection from automated decisions.

The CCPA protects the privacy rights of California residents, so it can apply to companies all around the world that operate in California.

Here at Facephi, we comply with the provisions of the CCPA, including respect for consumer rights and the measures required to ensure the protection of personal information, preventing its storage and ensuring transparent and responsible processing.

In Argentina, Act 25.326 regulates the protection of personal data and establishes fundamental principles such as the specific purpose, the quality of the data and the rights of access, rectification and erasure.

Facephi ensures compliance with these regulations by implementing processes that guarantee transparency and respect for the rights of the owners.

The General Data Protection Act (LGPD), Act no. 13.709, regulates the processing of personal data in Brazil, including principles such as necessity, transparency and security. The LGPD establishes key rights for data subjects such as the access to and portability and erasure of data.

Here at Facephi, we adopt measures aligned with the LGPD to guarantee reliable and secure data processing, complying with the high protection standards required in Brazil.

Act 19.628 on the Protection of Private Life regulates the processing of personal data in Chile, emphasising confidentiality and the purpose of use. In addition, the country is working on a new act that will align its regulation with international privacy standards.

Here at Facephi, we comply with the provisions of Chilean regulations by applying policies that guarantee the responsible management of information.

In Colombia, Act 1581 of 2012 and its complementary regulations establish the framework for the protection of personal data, ensuring principles such as legality, purpose and confidentiality.

Facephi applies privacy measures by design and by default, complying with legal provisions and ensuring that our contracts with clients include the necessary obligations for the secure handling of information.

Mexican regulations on data protection are based on principles similar to those established in Europe, placing the emphasis on the rights of data subjects and the obligations of responsible entities.

Here at Facephi, we are aligned with the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and its regulations, implementing measures that guarantee the privacy and security of the data.

DORA is the European Regulation designed to strengthen digital operational resilience and cybersecurity in the financial sector, ensuring the continuity of services when faced by technological threats and cyberattacks. This establishes measures for both financial institutions and their digital service providers.

With this in mind, Facephi, as a service provider for financial entities, applies the strictest and most rigorous security measures to comply with DORA requirements regarding the outsourcing of technological services. What’s more, we adhere to the best practices in cybersecurity and privacy, backed up by certifications such as ENS Alto, ISO 27001, ISO 27017 and ISO 22301.

NIS2 is the Networks and Information Systems Directive. This Directive puts into place a series of measures aimed at ensuring a high level of cybersecurity in the EU, such as: appropriate and proportionate technical and organisational measures, prior risk assessment, notification of security incidents (the deadline for the initial notification of security incidents is reduced to 24 hours) and protection.

NIS2 aims to guarantee cybersecurity throughout the supply chain.

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024, establishing harmonised standards on artificial intelligence, includes the regulation of the introduction into the market and the use of artificial intelligence, with an emphasis on classifying AI systems according to their risk level. High-risk AI systems are established that require strict compliance, as well as prohibited practices. In addition, the regulation seeks to ensure that the development and use of AI is ethical and secure, minimising risks and protecting users’ rights.

This is a set of guidelines drawn up by the National Institute of Standards and Technology (NIST) aimed at helping organisations manage the risks associated with artificial intelligence (AI). This framework seeks to protect users, organisations and society at large by offering a structured approach to identify, assess and mitigate risks related with the use of artificial intelligence technologies.

We are a company that has adhered to the Global Compact since 2023, denoting our commitment to follow, apply and promote the ten principles of the initiative, related with: human rights, work, the environment and the fight against corruption.

In 2021 we joined the AEPD Digital Pact. Joining up entailed a formal and public commitment to implement in our processes the principles and recommendations set out in said pact. The main aim is to safeguard the privacy of people in the digital sphere and to promote a firm commitment to the protection of personal data.

We have been a member of the WCA for 8 years, promoting best practices in regulatory compliance, as well as the adoption of procedures to identify and manage operational and legal risks. This contributes to the promotion, recognition and evaluation of Compliance activities within Facephi, whose purpose is none other than to establish a culture of compliance, which transcends and allows us to spread good corporate governance internationally.

We actively participate in national cybersecurity initiatives.