UR® Codes Pass Rigorous Independent Security Testing

Praetorian Security attests to the protocol's secure-by-design architecture

SUMMERLIN, Nev., May 6, 2025 /PRNewswire/ -- FaceTec announced that its digitally-signed biometric barcode UR^® Code protocol successfully passed Praetorian Security Inc's rigorous reverse engineering testing process and its risk-informed security assessment as the company continues to expand its industry-leading position in global 3D Face Verification and digital identity software.

Praetorian completed reverse engineering analysis of the UR Code's SDK focused on identifying internal hashing mechanisms, encryption keys, and customer PII. During the analysis, Praetorian identified the following:

• 0 Critical Risk Issues
• 0 High Risk Issues
• 0 Medium Risk Issues
• 0 Low Risk Issues
• 0 Informational Risk Issues

Complete attestation letters can be found here:
www.urcodes.com/Praetorian_FaceTec_UR_Code_Security_Letter.pdf
www.urcodes.com/Praetorian_FaceTec_UR_Codes_Reverse_Engineering_Analysis_Letter.pdf

Praetorian also tested security controls related to robust code obfuscation, like dead code insertion, control flow flattening, and variable, class, and function renaming.

UR Codes enable legal identity-issuing authorities to provide machine-readable codes that bind together the legal identity data and biometric face data of a code holder. UR Codes provide similar privacy-protecting biometric security to e-passports, but without the usability and durability problems, or the exorbitant costs of scannable NFC chips.

UR Codes are generated by issuing authorities using secure UR Encoder software that runs behind their own firewall. The issuing authority encodes the identity information and feature vector data from the face photo of the person who is being issued the UR Code. A digital signature is then derived and also encoded, verifying that the identity data was truly issued - as encoded - by the listed issuing authority. Using each issuer's unique public/private encryption key pair, the software cryptographically signs each UR Code, making them provably immutable. The face data encoded cannot be reconstituted back into a human-viewable face photo, preserving the privacy of the stored face data.

UR Codes, in universal QR format, can be scanned with any smart device or webcam. Any organization, government, private sector, for-profit or nonprofit, and even any individual, can scan and match any 2D face photo UR Code with a 3D face photo. All required software is included in the UR Code Scanner/Matcher SDK and is free for unlimited use for not-for profits, law enforcement, and government agencies.

FaceTec also recently announced the release of the Scan+Match Apps for its revolutionary UR Code identity verification protocol. The apps scan, validate, and match a face to the biometric data encoded in a UR Code, with no biometric data or personally identifiable data leaving the user's device.

About UR^® Codes

FaceTec's UR Codes enable codeholders to prove with high confidence their legal identity, age, and the right to access their accounts or privileges, in-person and remotely. UR Codes have embedded, digitally-bound biometric and legal identity information that ensures privacy-preserving, decentralized identity verification. Safely storing unique, signed face data, personal info, and legal identity data, UR Codes provide secure, low-cost, two-party identity verification at unlimited scale in any identity-related scenario from any issuing authority, such as a DMV, passport issuer, school, or employer. For more information visit the following resources:

• An introduction to UR Codes
• The UR Encoder Demo
• Learn more at URcodes.com

About FaceTec

FaceTec is a global force in the fight against identity fraud. For use on standard, ubiquitous digital devices, FaceTec's patented biometric security software solutions provide exceptionally secure, remote, unsupervised identity verification and authentication, ensuring that only the legitimate account owner is allowed access to their valuable or sensitive digital services, assets, and systems.

Founded in 2013 and headquartered in the US with additional staff in the UK, Brazil, Portugal, Mexico, Canada, and Singapore, FaceTec is the world's leading provider of 3D face biometric Liveness and matching software, processing 3.5 billion-plus Liveness Checks annualized, protecting sensitive information in high-risk, high-value environments, including banking and finance, government, major e-commerce, global social networks, digital national IDs and mobile driver licenses, and much more.

FaceTec's AI-driven technology employs advanced algorithms and deep learning models to accurately and securely verify, authenticate, and bind individuals to their accounts based on their unique face biometrics. FaceTec's patented, industry-leading Certified 3D Liveness Detection and face matching, UR^® Codes, optical character recognition, know-your-customer, and age estimation technology anchor a secure chain of trust in the IDV process for reliable, trusted access to mobile and web applications.

FaceTec technology has been exhaustively tested against tens-of-millions of digital and physical spoof artifacts--including hi-res photos and videos, life-like masks, and mannequin heads--but also against much more sophisticated injection and bypass-type attacks, all now easily blocked. With ongoing, advanced AI development and the world's only spoof bounty program, FaceTec continues to stay ahead of ever-changing attack methods.

For more information and business inquiries, please visit FaceTec.com. For media inquiries, please contact John Wojewidka at JohnW@FaceTec.com.

About FaceTec 3D Face Verification

FaceTec's pioneering, patented 3D Face Biometrics are fast becoming the global standard in secure onboarding, KYC, and reverification, stopping ID fraud and unauthorized access for millions of users on six continents.

FaceTec's 3D Face Verification Platform features:

• 100% data-sovereign, customer-run software: no user data is sent to FaceTec
• World-leading 3D Face Matching rate at 1-in-125 million FAR at less-than-1% FRR
• Patented UI generates data-rich 3D FaceMaps^® from standard 2D cameras
• World's-first UR^® Codes enable secure, low-cost two-party identity verification
• $600,000 Spoof Bounty Program and Level 1&2 Certified 3D Liveness Detection
• Unphishable 3D FaceMaps ensure trust without creating honeypots
• Support for all modern smartphones, tablets, and PCs with webcams
• KYC/IDV Dashboard with integrated 1-to-N de-duplication to catch fraudsters
• World-leading 1-in-2 million FAR 3D FaceMap-to-2D-photo-ID matching
• Anonymous, better-than-human 3D age estimation and 3D age checks
• Fast, intuitive interface with 98-99% first-time-user success rates
• Easy to integrate, customize, deploy, and manage

Developers can download FaceTec's demo apps directly from FaceTec.com for iOS, Android, and any modern browser, and the developer SDKs are available free at dev.facetec.com.

About Liveness.com

Liveness.com is an educational resource for biometrics users, vendors, analysts, media, and regulators, providing a comprehensive history of Level 1-5 Presentation Attack Detection, Template Tampering, and Camera Bypasses, as well as explanations of methods and means for evaluation, certification testing, and bounty programs.

View original content to download multimedia:https://www.prnewswire.com/news-releases/ur-codes-pass-rigorous-independent-security-testing-302447376.html

SOURCE FaceTec, Inc.