Kazakhstan adopts palm‑vein biometrics for banking in national deployment

Palm biometrics is getting a big boost in Central Asia as one of the world’s largest countries sees major implementation of one of the most secure biometric modalities.

Kazakhstan’s National Bank and the Agency for Regulation and Development of the Financial Market (ARDFM) have approved new rules governing how financial institutions must verify customers using state‑held biometric data.

The framework formalizes biometric login and identity checks across banking apps, remote onboarding and high‑risk financial transactions, and introduces palm‑vein authentication as a regulated modality alongside facial recognition.

The new system has banks authenticating users by comparing live biometric samples against reference templates stored in the National Bank’s Identification Data Exchange Center, according to El.kz.

Customer biometrics will be collected through secure video channels or certified biometric scanning devices and transmitted to the unified state system for verification, with a match threshold of 95 percent required for successful authentication.

All attempts will be logged and retained for at least five years, both by the state system and by financial institutions after a customer relationship ends.

Palm‑print and palm‑vein authentication are being added for the first time, enabling banks to verify users based on the vascular patterns and surface lines of the hand. The rules prohibit the use of a customer’s smartphone for palm‑based verification, requiring specialized hardware or secure terminals instead.

Users will have three attempts to authenticate, according to reporting by The Caspian Post. If palm verification fails, banks must fall back to face biometrics. The regulations also include alternative pathways for people with disabilities, such as video‑based identification or specialized assistive technologies.

Biometric verification will now be mandatory for remote account opening along with initial registration in digital banking services, and for issuing electronic digital signatures. The same applies for updating customer data, granting loans above a regulatory threshold and certain in‑branch or microfinance transactions.

Microfinance organizations will also be permitted to use biometrics for higher‑value microloans. The move follows earlier restrictions introduced in March that banned online loan issuance without biometric verification.

Alongside the regulatory rollout, palm‑vein payment systems are gaining traction in Kazakhstan’s retail and service sectors. These systems link a user’s biometric signature directly to a bank account, enabling payments without cards, phones or cash.

Kazakhstan’s adoption of multimodal, state-anchored biometrics places it among a growing group of countries using centralized identity databases to secure financial services, with palm‑vein technology now joining face recognition as a regulated authentication method.

Kazakhstani startup Biometric.Vision struck a deal to supply biometric ID services including liveness detention for customers of the National Bank of Kazakhstan in 2024. The company was one of several, along with Alaqan and Oqylyq.kz.

Kazakhstan-based startup Alaqan demonstrated a palm vein biometrics scanner which uses infrared sensors in 2024. Alaqan developed products for payments that were deployed to coffee shops and schools. More than 140 schools across Kazakhstan were using the system for meal tracking and other applications, and the company planned to roll out its technology in Georgia and Türkiye.

Palm-based biometrics is gaining ground in healthcare, payments and blockchain, and even getting standardized for automated forensics. A palm biometric identity verification system has received venture funding to tackle the threat of deepfakes and AI-generated identities.

According to recent research from Handwave, U.S. consumers are increasingly open to palm biometrics. Handwave CEO Janis Stirna talked through the possibilities of the palm on the Biometric Update Podcast, going through plans to leave a bigger handprint on the U.S. market.

Businesses need biometric orchestration to handle AI fraud, system complexity: Aware

The need for biometric orchestration is nearly universal among businesses using biometrics as they attempt to mitigate the surge in AI-driven fraud, according to a new survey from Aware.

The company’s 24-page report on “The State of Biometric Security in the Age of AI Fraud” shows 98 percent of businesses aligned on that necessity. They are motivated by the frequency of AI-driven fraud attacks, with nearly 50 percent experiencing them within the past year and nearly 90 percent concerned about such attacks targeting their biometric systems. More than half say they lost revenue due to fraud incidents involving AI, including deepfakes, synthetic identities and biometric injection attacks. Nearly as many see such attacks causing damage to their brand and reputation.

Aware surveyed 500 leaders at companies with 50 or more employees using biometrics in the U.S., UK and Brazil to compile the results.

Three-quarters of those surveyed already use biometrics or liveness detection in their fraud prevention strategies, including over 60 percent who use biometrics specifically to prevent identity fraud.

Businesses need to orchestrate these biometrics due to system complexity, which in turn is illustrated by the average use of three biometrics vendors by each business. Nearly 40 percent have multiple biometrics vendors, and nearly 40 percent have either 4 or 5.

More than half annually spend between $138,000 and $688,000 on biometrics to combat fraud, but more than a third spend between $688,000 and $1.4 million per year.

“Organizations are no longer asking if they need biometrics — they’re already managing complex ecosystems and asking how to make them work together,” says Ajay Amlani, CEO of Aware. “Biometric orchestration is emerging as the critical layer that helps security teams stay ahead of AI-driven threats while maintaining performance, accuracy, and user experience. It turns complexity into an advantage by enabling smarter, faster identity decisions.”

Regulatory compliance is another motivating factor, with more than 95 percent seeing a benefit to using biometrics in that area. The second most commonly-seen benefit of biometrics adoption is not preventing fraudulent account creation (58.6 percent), but reducing employee login and MFA fraud (64 percent).

“Deepfakes and AI-powered attacks are fundamentally changing how identity can be manipulated,” says Maxine Most, CEO of The Prism Project, in the company announcement. “To keep pace, organizations must rethink how identity is secured and invest in intelligent systems. Biometric orchestration is a critical layer that brings those systems together into a cohesive, effective defense.”

The Prism Project hosted the Deepfake Summit last month to convene stakeholder in biometrics, digital identity security and deepfake protection.

The report also highlights the importance of independent technology validation, quoting BixeLab CEO Ted Dunstone on the topic. Aware passed a Level 3 biometric liveness detection evaluation by BixeLab in February.

U.S. House lawmakers move to codify DHS biometric screening abroad

U.S. Reps. Michael McCaul and Henry Cuellar, both from Texas, reintroduced the BITMAP Authorization Act, a bipartisan bill that would formally establish the Biometric Identification Transnational Migration Alert Program (BITMAP) within the Department of Homeland Security (DHS).

The measure is designed to “push the border outward” by helping foreign partners identify high-risk travelers before they ever reach a U.S. port of entry, a goal McCaul framed as a way to stop traffickers, terrorists, and transnational gang members who may attempt to conceal their identities while moving along illicit migration routes.

Established in 2011, BITMAP is a Department of Homeland Security/ Immigration and Customs Enforcement (ICE) initiative that trains foreign partners to collect biometric and biographic data from special interest aliens, criminals, and known/suspected terrorists at foreign borders. It aims to identify and track threats before they reach the U.S. border.

HSI agents train foreign law enforcement partners to collect biometric data which is then uploaded into U.S. systems.

“Bad actors like traffickers, terrorists, and transnational gang members may lie about their identity in an attempt to enter our country undetected, but they can’t fake biometrics,” McCaul said in a statement. “The successful BITMAP program empowers our regional partners to identify and stop these individuals long before they reach our borders.”

The bill does more than simply “authorize” BITMAP. It would amend the Homeland Security Act of 2002 to formally create a new Section 448 establishing the program inside DHS, with Immigration and Customs Enforcement (ICE) specifically named as the operational lead, acting in consultation with the State Department and the Director of National Intelligence to facilitate the voluntary sharing of biometric and biographic information collected from foreign nationals.

In practical terms, the legislation would authorize DHS to provide partner countries with equipment, training, and operational support so they can collect biometric and biographic data from people moving through illegal travel pathways.

It would also let those partner governments compare that information against a range of U.S. databases, including DHS’s Automated Biometric Identification System system (IDENT) or its successor, the Federal Bureau of Investigation’s (FBI) Terrorist Screening Database, the FBI’s Next Generation Identification database, the Defense Department’s Automated Biometric Identification System, and any other relevant systems designated by DHS in consultation with other federal agencies.

That framework shows that the bill is not just about collecting more data, but about connecting foreign screening operations directly to the U.S. government’s existing counterterrorism, immigration, and law enforcement watchlisting architecture.

In 2018, when McCaul first introduced legislation to permanently authorize BITMAP, the American Civil Liberties Union, Immigrant Legal Resource Center, National Immigration Law Center, and the National Immigration Project of the National Lawyers Guild opposed the effort.

“The House should not permanently authorize the BITMAP program with limited information, no information on whether DHS takes any steps to protect privacy, no studies regarding its efficacy, and no statutory privacy or transparency protections,” the groups said.

“This bill raises significant concerns regarding the sharing of information across foreign governments related to suspicion of terrorism, gang violence, and other so-called national security concerns with very little information as to how this information is used and retained,” the groups added.

The legislation also tries to put more structure around how BITMAP expands internationally. Before launching operations in a new foreign country, DHS would have to enter into an agreement or arrangement with that government in which it lays out the program’s goals, the training and best practices to be used, and the scope of operations in that country.

Within 60 days of such an agreement taking effect, the department would have to provide Congress with a copy and identify the partner country and the goals of the operation, a requirement that addresses Cuellar’s concern about the need for stronger congressional oversight of partner agreements and program outcomes.

Oversight is a major feature of the bill. Within 180 days of BITMAP being formally established, and annually for the next five years, DHS would have to submit reports to the House and Senate homeland security committees detailing strategic goals, operational plans, partner-country progress, budget information, staffing and equipment support, enrollment numbers, training provided, the redress process, and the program’s effectiveness.

DHS would have to report not just on strategy and effectiveness, but also budget sources, anticipated expenditures, personnel, equipment, infrastructure support by country, enrollment numbers, training guidance, and the redress process.

Congress would also get briefings on how many BITMAP-enrolled individuals were later apprehended at the border or in the U.S. interior, and how many filed asylum claims.

In addition, the Government Accountability Office would have to conduct an audit within six months of enactment and every three years thereafter.

The bill includes a privacy-related provision directed at U.S. citizens. It says the secretary of homeland security must ensure that any biometric or biographic data of U.S. citizens captured through BITMAP operations is expunged from all databases to which it was uploaded, unless the information is being retained for specific law enforcement or intelligence purposes.

When civil rights group opposed the similar 2018 legislation, they said the “program includes the sharing of extraordinarily sensitive information regarding individuals without warrant or analogous legal process … the legislation fails to include any privacy standards that DHS must follow with regards to the program,” like “what information can be collected, how long can it be stored, when can it be disseminated to other agencies, and can it be shared with foreign partners?”

The bill also includes a six-year sunset, meaning Congress would have to revisit the authority rather than allow it to continue indefinitely without review.

Politically, the proposal fits into a broader border security strategy that emphasizes intercepting potential threats well beyond U.S. territory by relying on foreign governments as early screening partners.

McCaul’s office previously described BITMAP in similar terms, saying it helps the United States work with international partners to identify bad actors before they reach the border.

In announcing their bill, McCaul and Cuellar made clear that the current bill is a reintroduction rather than a wholly new concept, suggesting lawmakers are again trying to convert an existing DHS operational program into a permanent, congressionally authorized part of the homeland security apparatus.

Gabon institutes social media age verification for Under-16s

Gabon has gazetted a new regulation that requires anyone accessing social media platforms and digital media content in the country to undergo an age verification process before they can get the greenlight. This makes it the first African nation to adopt age assurance for social media, which is a growing trend around the world.

The objective of the move is to prevent those who are below the age of 16 from accessing online content such as pornography that is deemed harmful for their social and moral upbringing. Gabon suspended social media in February over concerns about the spread of false information.

Per the ordinance that was signed by President Brice Clotaire Oligui Nguema on February 26, the country’s High Authority for Communication (HAC) has been handed the role of overseeing compliance with these prescriptions.

Gabon’s Gulf of Guinea neighbor Nigeria has launched a public survey to get feedback on proposed age checks for social media.

Age verification technical framework

The HAC is required to establish and publish a technical reference framework that will set minimum requirements for age verification systems, which will cover both the reliability of age checks and respect for the privacy of users who access these online platforms.

The age verification checks, according to the regulation, will entail verifying a person’s biographical and address information, and, where applicable, their digital identity as registered with Gabonese administrative authorities, including their Personal Identification Number.

Also, digital content platforms will be obliged to submit to mandatory technical audits conducted by the HAC or any other accredited independent body, to verify that their age verification systems meet the required technical standards set by the regulation in force.

The ordinance allows for a period of 12 months for the concerned platforms to transition to the new dispensation, meaning full compliance is expected by February 2027.

Within this period, they’ll be expected to put in place effective age verification mechanisms, deploy automatic detection tools for AI-generated content, clearly label such content from the beginning, and then be ready to transmit metadata from AI-generated content to the HAC within a deadline of eight days in the event of a judicial or administrative probe.

The regulation, which also addresses issues related to AI-assisted identity theft, applies to any user, editor, or host of social networks and digital platforms whose content is accessible or produces effects on Gabonese territory. It also covers any online offer of goods or communication services, whether free or paid.

Penalties for defaulters at all levels include prison terms of up to 10 years, and fines that range from approximately US$3,260 to $81,500.

Policy for bolder digital transformation

The social media and digital content regulation in Gabon comes at a time when the country is pursuing its digital transformation agenda.

Speaking last month to TechAfrica News on the sidelines of the Mobile World Congress (MWC) in Barcelona, the Minister of Digital Economy and Innovation, Mark-Alexandre Doumba, said the government is fully engaged in putting in place robust digital policy frameworks.

He added that they are also working to build connectivity infrastructure and expanding their digital ID system. “We’re very focused on making sure that every Gabonese has a digital ID to be able to log in and connect to government portals and be able to access government services from the convenience of their smartphone.”

Gabon’s digital ID has been positioned as the central pillar of the country’s digital transformation.

Early this year, the government signed a partnership deal with U.S. firm Cybastion to speed up the development of digital public infrastructure.

The investment agreement concluded in January will see the company provide funding for the construction of a data center, enhance cybersecurity, and expand access to advanced digital solutions in the country, including digital ID.

Philippines launches broad crackdown on deepfakes as AI drives identity fraud surge

In the war against fakery, the Philippines is on the frontline as it launched a coordinated, whole‑of‑government campaign against disinformation, deepfakes and digitally manipulated media.

The government has signed a memorandum of agreement (MOA) that formalizes joint action by the Department of Justice (DOJ), the Presidential Communications Office (PCO) and the Department of Information and Communications Technology (DICT).

The government is launching the initiative in response to a sharp rise in global threat levels. iProov processed more than one million daily authentication checks in 2025 as enterprises confront synthetic identity attacks driven by generative AI, and is deployed in the Philippines and Vietnam.

The company cited Gartner research showing that 62 percent of organizations experienced a deepfake attack in the past year, underscoring how identity manipulation has become a primary entry point for cybercriminals.

iProov’s threat intelligence unit recorded a 2,665‑percent surge in native virtual‑camera attacks and a 300 percent rise in face‑swap attempts last year. Separate research found that only 0.1 percent of consumers could reliably detect deepfakes, reinforcing concerns that the public is increasingly vulnerable to AI‑generated deception.

DOJ Secretary Frederick Vida, PCO Secretary Dave Gomez and DICT Secretary Henry Aguda signed the MOA at the DOJ headquarters in Manila, establishing an inter‑agency framework intended to protect public safety and national security from malicious information operations.

The PCO will lead public information efforts, the DOJ will oversee legal enforcement, and the DICT will provide technological support, cybersecurity capabilities and monitoring systems.

Vida described the MOA as a “pivotal step” in defending the country from digitally mediated falsehoods, warning that deepfakes and coordinated disinformation campaigns can erode trust, sow division and trigger confusion during critical events. He stressed that the government will distinguish between criminal disinformation and constitutionally protected speech.

Aguda said the DICT will focus on cybersecurity, digital infrastructure and coordination with technology platforms, including tools that allow citizens to report false content. “This is no longer just a rumor. Now, lies can look real,” he said, referring to the rapid spread of deepfakes.

AI and deepfakes are warping public safety in Southeast Asia

For the Philippine government, the new MOA signals a recognition that combating disinformation now requires legal, technological and communications strategies working in tandem — and that the threat landscape is being reshaped by AI at unprecedented speed.

Dominic Forrest, iProov’s CTO, spoke on the urgency in an interview with Cybersecurity Asia. “AI‑driven deepfakes and synthetic identities are no longer theoretical risks,” he told the publication. “They are being actively weaponised to move money and take over accounts.”

He noted that the problem is especially pronounced in Southeast Asia, where explosive digital growth is outpacing regulatory maturity. With millions of new users enrolling in mobile banking, e‑government services and online marketplaces each month, the region has become a prime target for fraudsters leveraging synthetic media and AI‑powered identity attacks.

iProov’s Security Operations Center (iSOC) observed live operations of Grey Nickel, a group that systematically targeted organizations in the Asia-Pacific region. The fraudsters employed advanced face-swap technology, metadata manipulation and injection techniques aimed at bypassing single-frame liveness-based verification systems used by banks and payment platforms.

Forrest says regulators and financial institutions in Asia need to move away from traditional active liveness checks, which generative AI can now mimic with convincing ease. These methods are also powerless against injection attacks, where fraudsters bypass the camera entirely. He argues that passive liveness — such as iProov’s Dynamic Liveness technology — offers a more resilient alternative.

iProov’s technology has gained traction across government and finance including deployments with UnionDigital Bank in the Philippines, Vietnam’s MoMo platform and Raiffeisen Bank in Czechia.

Da Nang Airport opens biometric priority lane

Da Nang International Airport has introduced a dedicated priority lane for passengers using biometric identification.

Airport director Phan Kieu Hung said the rollout reflects ongoing work by the Airports Corporation of Vietnam to apply technologies that streamline procedures and improve the passenger experience.

The new system is built on the VNeID platform and uses pre‑verified biometric data to identify travellers, enabling faster and more secure processing.

Located in the domestic departure terminal, the lane is open to passengers with Level 2 electronic identification accounts. Eligible travellers can clear security and boarding using face biometrics or QR codes, without presenting physical documents.

Passengers reported shorter wait times and greater convenience, especially during peak periods.

Biometric processing has been piloted at the airport since 2023 and is now fully operational following upgrades to infrastructure and procedures. Authorities say the system automates verification steps, reduces processing times to a few minutes, and maintains required security standards.

The airport plans to expand biometric services in collaboration with relevant agencies, viewing the launch as a step in improving service quality and supporting a smoother travel experience.

At the end of last year, Vietnam began requiring most domestic air travellers to complete ticketing, check-in, security screening and boarding through biometric verification linked to VNeID.

Vietnam’s national digital identity system, the VNeID app, and biometric verification have expanded into Vietnam’s everyday infrastructure.

Hanoi, the country’s capital, deployed biometric identity verification with digital ID credentials and open-loop payments (interoperable payment acceptance) in its metro system. All 12 stations on Hanoi’s Metro Line 2A feature digital identity infrastructure.

Vietnam intends to have all citizens on digital ID and digitalized public service access in 2026.

On January 5 of this year, Vietnam made biometric verification mandatory for opening bank accounts under a new regulation from the state bank. It was aimed at tightening security in electronic transactions.