SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
3DiVi adds session intelligence to biometric checks
Biometrics Fintech CX

3DiVi adds session intelligence to biometric checks

Fri, 15th May 2026 (Today)
Mark Tarre
MARK TARRE News Chief

3DiVi has introduced Session Intelligence for biometric identity verification systems, adding a monitoring layer for authentication sessions.

The product is intended to address a gap between headline biometric accuracy measures and how systems perform in day-to-day use.

Biometric authentication is now common in digital onboarding, know-your-customer checks and broader identity verification processes. Face matching and anti-spoofing systems can detect attempts using photographs, videos or masks with a high degree of accuracy, but deployment monitoring has not advanced at the same pace.

Many organisations track biometric systems through standard measures such as APCER, which records spoof attacks wrongly accepted, BPCER, which tracks genuine users wrongly rejected, and conversion rates for completed verifications. Those figures can appear stable even as users face mounting failures or performance deteriorates at particular devices or locations.

Anton Sinkov, head of the 3DiVi BAF R&D Team, said established monitoring methods miss how behaviour changes over time in live environments.

"The industry evaluates biometric authentication systems based on what it already measures. Metrics provide a snapshot, but they do not show how system behavior evolves over time or where risks are accumulating," Sinkov said.

Structural issue

3DiVi argued that this reflects how the market is organised rather than a flaw in any single deployment. In many projects, vendors supply algorithms and baseline performance data, integrators set up workflows, and end customers monitor dashboards. But no separate layer reviews biometric decisions after a pass or fail result has been issued.

That can leave several issues undetected, including rising false rejections caused by poorer image quality, environmental changes at a specific site, gradual drift in deployed models, and attack patterns concealed by aggregated data.

One example outlined by 3DiVi involved a KYC terminal affected by lighting changes from a background advertising screen. Users at that terminal saw more rejections, while overall system figures shifted only slightly and did not clearly identify the source of the problem.

Session Intelligence is integrated into 3DiVi's biometric identity verification platform, which is used in digital identity systems for banks, fintech groups and government services. Instead of relying only on summary indicators, it analyses registration and authentication sessions over time.

The monitoring layer performs post-analysis of real attempts, identifies the causes of rejections and the behaviour of individual modules, tracks algorithmic inconsistencies, and examines the frequency and development of attack attempts. It also reviews the impact of devices and environmental conditions on outcomes.

According to 3DiVi, some operational risks exist only at session level and do not appear in conventional telemetry. As a result, managers may see acceptable dashboard readings while individual users encounter repeated failures that affect completion rates and customer experience.

Session view

Session-level analysis can reveal patterns that standard reporting often misses, including systematic rejection of valid users because of specific quality checks, unexplained instability when images appear acceptable but still fail verification, and configuration issues that affect performance in certain environments.

It is also intended to identify attack strategies too limited in volume to alter aggregate statistics but still indicative of a changing threat pattern. In practice, this shifts monitoring from reviewing a fixed set of numbers to examining behavioural trends across real transactions.

For customers, the system produces periodic analytical reports covering current performance indicators, identified risks, examples of attacks, root-cause analysis of errors and recommendations for adjustments. The analysis runs asynchronously on stored data, meaning it does not slow onboarding flows or require manual review as part of the core process.

Sinkov said the change lies in how organisations interpret biometric performance in production.

"The key change is moving from trusting indicators to understanding behavior. Organisations no longer evaluate isolated numbers - they observe how authentication actually performs in live operation," Sinkov said.

Related stories
Incode hits iBeta Level 3 with passive selfie liveness
Challenges and solutions in cross-border identity verification
Digital identity: How it powers APAC's fintech boom
Visa expands agentic commerce testing with NZ banks
How accurate address data powers identity verification
Top stories
HackerOne links validated flaws to Wiz cloud platform
Foxit launches document management system in PDF tools
Device code phishing surges across criminal toolkits
NTT Data flags privacy & sovereignty barriers to AI
YASH named Major Contender in Everest digital workplace