What are False Acceptance Rate (FAR) and False Rejection Rate (FRR)?
What are False Acceptance Rate (FAR) and False Rejection Rate (FRR)?
False Acceptance Rate (FAR) and False Rejection Rate (FRR) are two accuracy metrics used in biometric authentication and identity verification. FAR measures how often a system incorrectly accepts an unauthorised user, while FRR measures how often it incorrectly rejects a legitimate user. Together, these metrics define the trade-off between security and convenience in digital identity verification.
FAR and FRR have become important business metrics in digital onboarding and KYC compliance, sitting at the intersection of financial crime prevention, customer fairness, and operational resilience. Both have consequential business impacts for financial service providers. Here, we’ll explore what false acceptance rates and false rejection rates are, how they operate in the compliance space, how to weigh the trade-offs when building your KYC strategy.
Understanding False Acceptance Rates (FAR)
False Acceptance Rate (FAR), also known as False Match Rate (FMR) or Type II error in statistical terminology, measures how often a biometric system incorrectly accepts an imposter as a legitimate user.
In simpler terms, it represents how many fraudsters pass through a verification procedure undetected. This could happen at any point along the KYC process, from biometric face scans to document verification.
The industry uses a formula to calculate a company’s FAR:
A FAR of 0.01% means that 1 in every 10,000 fraudulent identity verification attempts successfully passes through the system. For digital banks, this could be impersonators, synthetic identities, sanctioned individuals, or money mules gaining unauthorised access.
Why FARs matter for financial services
A false acceptance at onboarding creates persistent AML and supervisory risk that is costly to remediate. With sophisticated fraud techniques like deepfakes and AI-generated synthetic identities becoming more prevalent, maintaining low FAR rates has become essential for biometric authentication.
Understanding False Rejection Rates (FRR)
False Rejection Rate (FRR), also called False Non-Match Rate (FNMR) or Type I error, measures how often a biometric system incorrectly rejects a legitimate user.
While FRR is calculated similarly to FAR, FRR applies to legitimate users rather than fraudulent attempts:
The business impact of a high FRR
If legitimate customers are rejected during onboarding, they may abandon the process entirely. This can create a poor user experience and reputational damage. Furthermore, it can lead to financial exclusion, which UK regulators are increasingly scrutinising through frameworks like the UK’s FCA's Consumer Duty.
Balancing FAR and FRR: Understanding the trade-offs
FAR and FRR exist at opposite poles of the identity verification spectrum. On the one hand, allowing too many illegitimate users in during KYC presents a huge AML and supervisory risk. As Fourthline's Chief Risk Officer Chris Van Straeten puts it, these risks are “costly to remediate,” resulting in “significant fraud losses linked to account misuse and identity fraud across the sector.”
On the other hand, a high FRR caused by cumbersome authentication processes can impact your business negatively as well. In essence, a high-security threshold reduces fraud risk, but might keep legitimate customers out as well, while a low security improves the user experience but may increase fraud exposure. This fundamental trade-off shapes how organisations balance security against customer experience in their identity verification processes.
According to Chris, for digital-only banks, the trade-off is even more pronounced. Unlike their brick-and-mortar competitors, these banks rely on remote-only onboarding as the primary customer entry point. Add to that their customers’ desire for a quick and seamless experience combined with cross-border functionality, and you’ve got an increase in both exposure to fraud and the cost of accepting illegitimate users. The trick is to strive for something called the “equal error rate,” where all trade-offs exist in relative harmony.
The Equal Error Rate (EER)
The Equal Error Rate (EER), also known as Crossover Error Rate (CER), represents the sweet spot for businesses: the point where FAR equals FRR. This metric provides a single number to assess the accuracy and balance of biometric systems or identity verification performance.
For example, a system with an EER of 1% means that at a specific threshold setting, both the false acceptance rate and false rejection rate are 1%. Generally, lower EER values indicate more accurate biometric authentication systems. However, the optimal levels for a given business will depend on their specific risk tolerance and objectives.
FAR and FRR in KYC and compliance standards
While UK and European regulators don't prescribe specific FAR or FRR thresholds for biometric identity verification, they do require firms to maintain accountability for automated decision-making systems. In practice, this means firms using biometric verification for KYC should:
Document why they've chosen specific FAR/FRR thresholds
Monitor false acceptance and false rejection rates over time
Be able to explain trade-offs between security and customer experience
Demonstrate how they identify and mitigate customer harm from false rejections
Show how they prevent false acceptances from creating AML/CFT risk
Industry benchmarks for biometric error rates
Acceptable FAR and FRR thresholds vary significantly by industry and use case, but there are some general targets to keep in mind:
Banking/Financial services: Typically target FAR below 0.01% (1 in 10,000) with FRR under 3%
Government/High-security: May require FAR below 0.001% despite higher FRR
Consumer applications: Often accept FAR around 1% to minimize FRR and maximize convenience
How Biometric Modalities Affect FAR and FRR
Different biometric authentication methods exhibit varying FAR and FRR characteristics:
Biometric Type | Typical FAR Range | Typical FRR Range | Key Considerations |
|---|---|---|---|
Facial Recognition | 0.01% - 1% | 1% - 5% | Vulnerable to deepfakes without liveness detection |
Fingerprint | 0.001% - 0.1% | 1% - 3% | Highly accurate, but requires quality sensors |
Iris Scanning | 0.0001% - 0.01% | 0.5% - 2% | Extremely accurate, but less user-friendly |
Voice Recognition | 0.1% - 2% | 2% - 5% | Environmental factors affect performance |
Modern biometric authentication systems increasingly combine multiple modalities to achieve optimal biometric authentication accuracy while minimiszing both error rates
Optimising FAR and FRR for identity verification
Advanced techniques can improve fraud detection accuracy while minimising user experience friction. Here are some methods to consider:
Liveness detection: Prevents deepfakes and presentation attacks, lowering FAR without increasing FRR.
Multi-Factor verification: Combines biometrics with document checks for improved overall accuracy.
Adaptive authentication: Adjusts security dynamically based on transaction risk and user behaviour.
Machine learning: Continuously refines decision-making based on real-world performance data.
Organisations should connect FAR and FRR thresholds to their Risk Appetite Framework, balancing security requirements with customer experience goals to achieve automation rate optimisation.
Improve your FAR and FRR with Fourthline
Fourthline's identity verification solution demonstrates how advanced KYC solutions can optimise both security and customer experience. Our system performs over 210 checks on every document and selfie, achieving 99.98% fraud detection accuracy, all while maintaining 90% automated decision-making.
Learn more about Fourthline's biometric verification.
FAQs
What's the difference between FAR and FRR?
FAR measures how often a biometric authentication system incorrectly accepts fraudsters, while FRR measures how often it incorrectly rejects legitimate customers. In identity verification, they represent opposite sides of the accuracy equation.
What is a good FAR rate for KYC compliance?
Most financial institutions set a target FAR below 0.01% (1 in 10,000) for KYC onboarding to minimise fraud risk. However, acceptable thresholds vary based on a given company’s risk appetite.
How do you reduce FRR without increasing FAR?
Advanced techniques like liveness detection, improved biometric algorithms, multi-modal authentication, and real-time user feedback can improve overall system accuracy, reducing both metrics simultaneously.
Why is Equal Error Rate (EER) important?
EER provides a single metric to compare biometric system performance across vendors and technologies, representing the optimal balance point where FAR equals FRR.
How do compliance standards address FAR and FRR?
Regulators don't prescribe specific FAR/FRR levels. However, they do require organisations to demonstrate ongoing governance, continuous monitoring, and accountability for automated identity verification decisions.
False Acceptance Rate (FAR) and False Rejection Rate (FRR) are two accuracy metrics used in biometric authentication and identity verification. FAR measures how often a system incorrectly accepts an unauthorised user, while FRR measures how often it incorrectly rejects a legitimate user. Together, these metrics define the trade-off between security and convenience in digital identity verification.
FAR and FRR have become important business metrics in digital onboarding and KYC compliance, sitting at the intersection of financial crime prevention, customer fairness, and operational resilience. Both have consequential business impacts for financial service providers. Here, we’ll explore what false acceptance rates and false rejection rates are, how they operate in the compliance space, how to weigh the trade-offs when building your KYC strategy.
Understanding False Acceptance Rates (FAR)
False Acceptance Rate (FAR), also known as False Match Rate (FMR) or Type II error in statistical terminology, measures how often a biometric system incorrectly accepts an imposter as a legitimate user.
In simpler terms, it represents how many fraudsters pass through a verification procedure undetected. This could happen at any point along the KYC process, from biometric face scans to document verification.
The industry uses a formula to calculate a company’s FAR:
A FAR of 0.01% means that 1 in every 10,000 fraudulent identity verification attempts successfully passes through the system. For digital banks, this could be impersonators, synthetic identities, sanctioned individuals, or money mules gaining unauthorised access.
Why FARs matter for financial services
A false acceptance at onboarding creates persistent AML and supervisory risk that is costly to remediate. With sophisticated fraud techniques like deepfakes and AI-generated synthetic identities becoming more prevalent, maintaining low FAR rates has become essential for biometric authentication.
Understanding False Rejection Rates (FRR)
False Rejection Rate (FRR), also called False Non-Match Rate (FNMR) or Type I error, measures how often a biometric system incorrectly rejects a legitimate user.
While FRR is calculated similarly to FAR, FRR applies to legitimate users rather than fraudulent attempts:
The business impact of a high FRR
If legitimate customers are rejected during onboarding, they may abandon the process entirely. This can create a poor user experience and reputational damage. Furthermore, it can lead to financial exclusion, which UK regulators are increasingly scrutinising through frameworks like the UK’s FCA's Consumer Duty.
Balancing FAR and FRR: Understanding the trade-offs
FAR and FRR exist at opposite poles of the identity verification spectrum. On the one hand, allowing too many illegitimate users in during KYC presents a huge AML and supervisory risk. As Fourthline's Chief Risk Officer Chris Van Straeten puts it, these risks are “costly to remediate,” resulting in “significant fraud losses linked to account misuse and identity fraud across the sector.”
On the other hand, a high FRR caused by cumbersome authentication processes can impact your business negatively as well. In essence, a high-security threshold reduces fraud risk, but might keep legitimate customers out as well, while a low security improves the user experience but may increase fraud exposure. This fundamental trade-off shapes how organisations balance security against customer experience in their identity verification processes.
According to Chris, for digital-only banks, the trade-off is even more pronounced. Unlike their brick-and-mortar competitors, these banks rely on remote-only onboarding as the primary customer entry point. Add to that their customers’ desire for a quick and seamless experience combined with cross-border functionality, and you’ve got an increase in both exposure to fraud and the cost of accepting illegitimate users. The trick is to strive for something called the “equal error rate,” where all trade-offs exist in relative harmony.
The Equal Error Rate (EER)
The Equal Error Rate (EER), also known as Crossover Error Rate (CER), represents the sweet spot for businesses: the point where FAR equals FRR. This metric provides a single number to assess the accuracy and balance of biometric systems or identity verification performance.
For example, a system with an EER of 1% means that at a specific threshold setting, both the false acceptance rate and false rejection rate are 1%. Generally, lower EER values indicate more accurate biometric authentication systems. However, the optimal levels for a given business will depend on their specific risk tolerance and objectives.
FAR and FRR in KYC and compliance standards
While UK and European regulators don't prescribe specific FAR or FRR thresholds for biometric identity verification, they do require firms to maintain accountability for automated decision-making systems. In practice, this means firms using biometric verification for KYC should:
Document why they've chosen specific FAR/FRR thresholds
Monitor false acceptance and false rejection rates over time
Be able to explain trade-offs between security and customer experience
Demonstrate how they identify and mitigate customer harm from false rejections
Show how they prevent false acceptances from creating AML/CFT risk
Industry benchmarks for biometric error rates
Acceptable FAR and FRR thresholds vary significantly by industry and use case, but there are some general targets to keep in mind:
Banking/Financial services: Typically target FAR below 0.01% (1 in 10,000) with FRR under 3%
Government/High-security: May require FAR below 0.001% despite higher FRR
Consumer applications: Often accept FAR around 1% to minimize FRR and maximize convenience
How Biometric Modalities Affect FAR and FRR
Different biometric authentication methods exhibit varying FAR and FRR characteristics:
Biometric Type | Typical FAR Range | Typical FRR Range | Key Considerations |
|---|---|---|---|
Facial Recognition | 0.01% - 1% | 1% - 5% | Vulnerable to deepfakes without liveness detection |
Fingerprint | 0.001% - 0.1% | 1% - 3% | Highly accurate, but requires quality sensors |
Iris Scanning | 0.0001% - 0.01% | 0.5% - 2% | Extremely accurate, but less user-friendly |
Voice Recognition | 0.1% - 2% | 2% - 5% | Environmental factors affect performance |
Modern biometric authentication systems increasingly combine multiple modalities to achieve optimal biometric authentication accuracy while minimiszing both error rates
Optimising FAR and FRR for identity verification
Advanced techniques can improve fraud detection accuracy while minimising user experience friction. Here are some methods to consider:
Liveness detection: Prevents deepfakes and presentation attacks, lowering FAR without increasing FRR.
Multi-Factor verification: Combines biometrics with document checks for improved overall accuracy.
Adaptive authentication: Adjusts security dynamically based on transaction risk and user behaviour.
Machine learning: Continuously refines decision-making based on real-world performance data.
Organisations should connect FAR and FRR thresholds to their Risk Appetite Framework, balancing security requirements with customer experience goals to achieve automation rate optimisation.
Improve your FAR and FRR with Fourthline
Fourthline's identity verification solution demonstrates how advanced KYC solutions can optimise both security and customer experience. Our system performs over 210 checks on every document and selfie, achieving 99.98% fraud detection accuracy, all while maintaining 90% automated decision-making.
Learn more about Fourthline's biometric verification.
FAQs
What's the difference between FAR and FRR?
FAR measures how often a biometric authentication system incorrectly accepts fraudsters, while FRR measures how often it incorrectly rejects legitimate customers. In identity verification, they represent opposite sides of the accuracy equation.
What is a good FAR rate for KYC compliance?
Most financial institutions set a target FAR below 0.01% (1 in 10,000) for KYC onboarding to minimise fraud risk. However, acceptable thresholds vary based on a given company’s risk appetite.
How do you reduce FRR without increasing FAR?
Advanced techniques like liveness detection, improved biometric algorithms, multi-modal authentication, and real-time user feedback can improve overall system accuracy, reducing both metrics simultaneously.
Why is Equal Error Rate (EER) important?
EER provides a single metric to compare biometric system performance across vendors and technologies, representing the optimal balance point where FAR equals FRR.
How do compliance standards address FAR and FRR?
Regulators don't prescribe specific FAR/FRR levels. However, they do require organisations to demonstrate ongoing governance, continuous monitoring, and accountability for automated identity verification decisions.
Solutions
Solutions
Fourthline has been certified by EY CertifyPoint to ISO/IEC27001:2022 with certification number 2021-039.
Copyright © 2026 - Fourthline B.V. - All rights reserved.
Fourthline has been certified by EY CertifyPoint to ISO/IEC27001:2022 with certification number 2021-039.
Copyright © 2026 - Fourthline B.V. - All rights reserved.