Yoti achieves iBeta NIST Level 2 for proprietary passive liveness technology, MyFace

profile picture Rachael Trotman 5 min read
Woman scanning face with the iBeta ISO 30107-3 compliant MyFace software by Yoti
  • MyFace has been awarded iBeta NIST Level 2 with 100% attack detection rate
  • Yoti’s passive liveness technology can be used to strengthen age checks, prevent account takeover and protect against identity fraud
  • MyFace white paper outlines performance and bias

2nd March 2023, London, UK – Digital identity company Yoti has announced its proprietary passive liveness technology, MyFace, is now compliant with iBeta ISO PAD Level 2. The technology achieved a 100% attack detection rate. MyFace verifies that a user is a real person, and not a presentation attack such as a printed or digital photo, video or mask – all from a single image. MyFace can strengthen age and identity checks, prevent account takeovers and protect individuals and businesses against the growing risks of identity fraud.

Since achieving iBeta Level 1 in February 2022, Yoti has continued to develop its liveness technology. Level 2 involves training and testing against more expensive, specialist attacks such as 3D printers, resin and latex face masks. To achieve Level 2, the liveness technology must detect 99% of attacks. Yoti achieved a 100% detection rate. Level 2 is the maximum level that iBeta and other NIST-accredited labs currently certify against.

MyFace is a passive solution and only requires a selfie image to complete the liveness check, creating a smooth, inclusive and accessible user experience. The technology does not recognise any faces and does not save any images. It simply checks that the face in the image belongs to a real, live person.

Paco Garcia, CTO at Yoti said, “We’re very proud that our proprietary liveness technology MyFace has achieved iBeta ISO PAD Level 2. It’s a huge achievement for the team and this milestone demonstrates our commitment to delivering very high standards of security solutions.”

Robin Tombs, CEO at Yoti said, “It’s hugely exciting that Yoti’s MyFace passive liveness is now compliant with iBeta ISO PAD Level 2. Businesses around the world can use our passive liveness and world leading facial age estimation to keep their customers safe online. Naturally being Yoti, we have tested MyFace™ for bias and the model displays very low bias across age, gender and skin tone. To boost transparency and trust in this technology, we have also released a new liveness white paper.”

MyFace works alongside Yoti’s existing suite of identity solutions:

  • Strengthen age checks: Yoti’s facial age estimation technology checks the age of a user, and at the same time, MyFace verifies it is a real, live person. This is all completed from a single selfie, creating one seamless experience. The combination of these technologies could be used to create age-appropriate experiences online, protect children from accessing explicit content, and be used in a retail setting for the sale of age-restricted goods.
  • Prevent account takeovers: MyFace can prevent account takeovers and ensure only genuine customers are accessing their accounts or updating important information, such as their bank details.
  • Protect against identity fraud: MyFace can be used as part of an identity verification process to give a high confidence level that the person completing the check is real.
  • Bot detection: MyFace can prevent bots from gaining access to information, or detect deepfake faces creating fake accounts.

MyFace white paper is available here.



Notes to editors



Headquartered in Denver, Colorado, iBeta has been providing critical software testing services for the world’s most trusted brands since 1999. Our full range of on-demand QA software testing services encompasses many different software testing types including functionality testing, mobile testing, website testing, acceptance testing, accessibility testing, and overall quality assurance.



The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST certification means the product in question meets defined standards.


The difference between passive and active liveness:

Active liveness requires the user to take a video of themselves performing certain actions, for example, moving toward and away from the camera, or repeating random words. This then uses AI and / or manual review to complete the check. Passive liveness can be achieved from a single selfie. Passive liveness reduces friction for users and at the same time providing as good as or even better security guarantees, thereby reducing drop off and speeding up the journey of verifying genuine users.


About Yoti

Yoti is a digital identity technology company that makes it safer for people to prove who they are, verifying identities and trusted credentials online and in-person. They now provide verification solutions across the globe, spanning identity verification, age verification, document eSigning, access management, and authentication and leading facial age estimation. Over 13 million people have downloaded the free Yoti Digital ID app across the world. It is available in English, Spanish, French, German, Portuguese and Polish. Yoti is certified to ISO/IEC 27001:2013 for ID Verification Services, ISAE 3000 (SOC 2) Type 2 certified for its technical and organisational security processes. For more information, please visit www.yoti.com

Related stories

Yoti MyFace Livness White Paper document preview

Yoti MyFace liveness white paper

Learn how Yoti’s liveness solution can help you defeat spoof attacks Liveness is an essential part of any verification or authentication process. It gives you reassurance that you are dealing with a real human. Read our latest white paper on liveness to learn how Yoti’s MyFace liveness solution can help defeat presentation attacks including: Paper image Mask  Screen image Video imagery Deep fake video Injection attacks Bot attacks   Key takeaways from the report Yoti’s MyFace solution is NIST Level 2 approved with 100% attack detection. Why liveness is important for verification and authentication. The difference between active and

2 min read
Closeup of fingers typing on laptop keyboard

How Yoti can help combat digital injection attacks

As use of online verification grows, there inevitably follows increasing temptation for bad actors to develop ways to exploit the process. As a provider of verification services we must show businesses, regulators and governments that we have robust anti-spoofing technology, checks and processes. An emerging but rapidly growing threat for verification services are digital injection attacks.   What are injection attacks? Injection attacks are a form of attack on remote verification services. Direct attacks are the most common attempt to spoof systems. Examples of direct attacks are: Paper image 2D and 3D masks  Screen image Video imagery Direct attacks are

3 min read
Man working at laptop in office setting

NIST approval explained

Many companies in the identity space talk of NIST certification. What does this mean for you as a user of identity services and what does it mean for your customers?   Who is NIST? NIST is the National Institute of Standards and Technology (NIST), a non-regulatory agency of the United States Department of Commerce. NIST’s remit is to create and certify measures, standards and technology to enhance trade and productivity. Formed in 1901, their remit is to provide standards and certification for businesses. At first this included clocks and thermometers, all kinds of ‘weights and measures’.  But over time

3 min read