The New Reality of Biometrics: Why the Foundation Matters More Than Ever

In 2013, our iris biometric system was deployed to help the UNHCR enrol 2.8 million Syrian refugees. At the time, it wasn’t designed to help deliver any services. It wasn’t built to enable payments. It was as a static database to support one registration programme.

And yet, over a decade later, it does all of that and more. It didn’t need to be rebuilt; the key elements were there from the start. What began as a registration tool has evolved into something far more powerful - a foundation for delivering aid and enabling financial access for millions of people, across multiple services.

Today, that broader system processes over 25 million aid transactions, securely authorising USD $1.3bn per year in aid assistance.

The new identity challenge: Are we still designing with the right purpose – or is AI forcing our hand?

For years, biometric technology was approached in a very specific way: one system for one purpose — a system for border control, a system for payments, a system for access, and a system for records.

Each was designed to solve a defined problem, in a specific environment. But we don’t interact with the world that way now and when it comes to identity, we are increasingly moving to a need and desire to have one unique federated identity profile capable of extending across different services and sectors, one that withstands the challenges of deep fakes by being robust enough not to be able to be fooled or stolen.

AI is not the enemy. Used well, it makes systems faster, smarter, interactive and more responsive. It is already used to detect fraud, automate services, analyse risk and deliver more personalised experiences. However, it needs stronger human identity assurance as synthetic identities become more convincing.

It can clone voices, manipulate videos, forge documents. The World Economic Forum has warned that deepfakes are increasingly being used to support fake financial account creation, loan fraud, money laundering, payout collection and other forms of financial abuse in their report “Unmasking Cybercrime: Strengthening Digital Identity Verification against Deepfakes”.

AI challenges what many digital systems were built on – “I can trust what I see or hear from a screen”.

At the same time, it can’t be the only line of defence against AI enabled fraud. High assurance biometrics embedded in a proper digital certificate play a crucial role and where the modality and context matters. Many lessons learnt from the commercial financial world, for example where traders interact their own digital identity ledgers to guarantee billions of $ moved by the minute, can be applied to our domestic environment.

We should also remember that AI in commercial manufacturing processes has been driving revolutions in efficiency and productivity for decades, which billions of us benefit from daily for our goods and services. Using some of these robust commercial lessons and standards in our own domestic and personal systems will be no bad thing.

AI and biometrics: They are on the same side

Not every biometric modality is suited to every risk level. Convenience-led services may prioritise speed and user familiarity. Convenience has an important role in digital identity. Remote onboarding, mobile verification and frictionless access can make services faster and more accessible.

But convenience should not be confused with assurance.

As digital services become more automated, more remote, and more AI-enabled, when identity underpins financial transactions, entitlements, healthcare access or security-sensitive services, the threshold is very different. The question stops being:

“Can someone log in?”

It becomes:

“Can we provide a highly reliable, non-transferable link between a person and their identity?”

Unlike systems that verify someone against a limited record, sample, or isolated data set, high-assurance biometric identity must be able to search against the entire enrolled population. This is what makes identity truly unique at scale: not simply confirming that someone matches a record but confirming that they do not already exist elsewhere in the system.

That’s why physical presence remains important because it anchors identity to a real person at the point of enrolment or transaction. It reduces the risk of synthetic identities, document manipulation, account takeover and remote impersonation. The question is whether the consequences of getting identity wrong are too high to rely on convenience alone.

This is a key distinction and where iris recognition has a particular role to play. The iris is truly unique to each one of us, it doesn’t change through our life, nobody can steal it or fake it and that makes it exceptionally difficult to duplicate. For environments where one person must correspond to one trusted identity and where errors can result in fraud, exclusion or even in financial loss, iris recognition offers a level of assurance that is irrefutable.

Biometrics as a Service - BaaS

The most important shift in biometrics hasn’t just been technology or modality it’s been about positioning. They now no longer sit at the edge of services; they are becoming part of the infrastructure that services are built on. At the heart of this shift is a simple but critical concept - foundational identity - one unique identity that can be trusted across different systems. Without that foundation:

• systems fragment
• duplication increases
• fraud becomes harder to control
• access becomes inconsistent

With it:

• identity becomes portable
• services become connected
• trust can scale

This is why biometrics now underpin multiple systems, they provide a consistent, verifiable link between a human person and their identity across different service platforms and create trusted ecosystems where people can access government, financial, healthcare, social protection, travel, and private-sector services through a secure and reliable identity layer.

Our partnership with the Jordanian Ministry of Digital Economy and Entrepreneurship (MoDEE) dating back over 15 years  is a strong example of this shift where the iris platform is integrated with MODEE’s Sanad application, giving the opportunity for over 11m citizens, residents and Jordanian expats to access governmental services more securely and efficiently (Jordan grants legal status to Sanad digital ID as users pass 2.6M). The service was also designed to be available through Jordan Post Offices, Jordanian embassies abroad, and for legal services linked to land, property, professional qualification validation and vehicle ownership.

This is not biometrics being used as a stand alone tool. It is biometrics being embedded into the trusted layer of national digital services and forming a strong part of digitising the whole economy.

Getting the foundations right – building systems for the field, not just in theory

Most biometric deployments were built for immediate outcomes rather than long-term evolution, optimised for a single use case, or limited by challenging data quality at enrolment.

And once those limitations are embedded, they’re hard to undo, making it difficult to adapt as requirements change. We can’t build long-term identity infrastructure on short-term system design. If identity is going to evolve, there are some questions worth asking:

• Is it accurate enough to be trusted across services?
• Is it secure enough to protect individuals over time?
• Can it be scaled up to grow beyond its original purpose?
• Does it have the flexibility to adapt without being replaced?
• Does it require multiple re-registration as individuals change or age?

Because at scale, today and for the future, identity systems must handle high-volume matching (one-to-many comparisons across millions of records), in real-time, encrypt data exchange across platforms and be able to integrate into payment, aid systems and government services.

At IrisGuard, this perspective didn’t come from theory, it came from experience. Operating across the UK and the Middle East, with a team of around 30 people, we’ve spent over two decades deploying and managing our own built systems in some of the most complex and resource-constrained environments in the world.

Today, that includes:

• Over 4000 active iris-enabled devices
• Deployed across multiple regions and countries
• Support for banking (AML and Compliance), money exchange & post office systems, migrant salary payments, humanitarian programmes, government services and cross border control
• Over 28m iris records addressed daily on a 24/7 basis
• Over $3.6Bn safely authorised through our systems

We’ve always believed in working on the ground alongside our partners and we’ve focused on having a combination of purpose-built hardware designed for harsh environments, back-end architectures capable of large-scale biometric matching and secure APIs that integrate easily into existing finance and IT platforms. Connectivity isn’t always guaranteed, particularly in conflict zones making those environments unpredictable. Despite all that, the systems must be capable of working 24/7.

As real human identity becomes more embedded in our everyday life, the questions are becoming more complex, they are about trust and responsibility:

• Who owns identity in a multi-sector ecosystem?
• How do we ensure portability without compromising privacy?
• What happens when identity becomes a ubiquitous part of infrastructure, but governance doesn’t keep up?
• Who bears liability for failure or compromise?

What comes next?

Biometrics have already become part of everyday life, and the next phase isn’t about deploying more systems, it’s about designing identity in a way that can support everything built on top of it.

And as identity has become increasingly connected to financial services, salary and benefit payments, healthcare and government infrastructure, the importance of precision and confidence becomes even more critical. In short, who do we trust and who ultimately bears responsibility for liability when identity is compromised?

Because when identity underpins access, entitlements and transactions at scale, trust in that identity cannot be approximate. This is one of the reasons iris recognition continues to play such an important role in high-assurance identity ecosystems. Its stability, uniqueness and certainty make it particularly suited to environments where identity must persist over decades, outlast paperwork and work reliably and simply for millions of people.

The most impactful identity solutions are no longer defined by what they were originally built to do but by how reliably they can support everything that comes next, and that transformation starts with a trusted identity foundation.