FAR / FRR (biometric error rates)
What do FAR and FRR mean?
FAR (False Acceptance Rate) is the probability that a biometric system incorrectly accepts an unauthorised person as a legitimate user. It is the system's security-failure rate.
FRR (False Rejection Rate) is the probability that a biometric system incorrectly rejects a legitimate user. It is the system's usability-failure rate.
Together, FAR and FRR describe the two competing failure modes of any biometric authentication system. Tuning one almost always affects the other, and the trade-off between them is the central design decision in every biometric deployment.
FRR meaning in banking
In banking, FRR refers to the False Rejection Rate of the bank's biometric authentication systems — face-match login, fingerprint authentication, or voice biometrics applied during account access or transaction authorisation. High FRR translates directly into customer frustration, abandoned transactions, and increased branch and call-centre load.
Banks therefore tune their biometric systems for the lowest acceptable FRR consistent with their fraud-risk appetite. The relationship to onboarding is covered in our Know Your Customer (KYC) overview.
The FAR / FRR trade-off
A biometric system makes its accept/reject decision by comparing a captured sample to a stored template and producing a similarity score. The system then applies a decision threshold — above the threshold the match is accepted, below it rejected.
Tightening the threshold
Raising the decision threshold means the system demands a closer match before accepting. FAR falls (fewer impostors get through) but FRR rises (more legitimate users are rejected). High-security use cases — sanctioned-area access, large-value transaction authorisation — typically run tight thresholds.
Loosening the threshold
Lowering the threshold means the system accepts looser matches. FRR falls (legitimate users get through more easily) but FAR rises (more impostors slip through). High-convenience use cases — consumer app login, retail check-in — typically run looser thresholds.
The Equal Error Rate (EER)
The Equal Error Rate (EER) — also called the Crossover Error Rate (CER) — is the threshold setting at which FAR equals FRR. EER is the single most-cited summary metric of biometric system accuracy: a lower EER indicates a fundamentally more accurate system, and it is used to compare biometric algorithms independently of any specific threshold choice.
FAR vs FRR vs EER: quick comparison
| Metric | What it measures | Direction at tighter threshold | Direction at looser threshold | Used to evaluate |
|---|---|---|---|---|
| FAR | Impostor acceptance | Lower | Higher | Security risk |
| FRR | Legitimate-user rejection | Higher | Lower | Usability friction |
| EER | Threshold where FAR = FRR | N/A — single crossover point | N/A | Overall algorithm accuracy |
How FAR and FRR are measured
Both rates are measured against defined biometric performance standards that allow numbers to be compared across vendors and deployments.
ISO/IEC 19795
ISO/IEC 19795 is the international standard for biometric performance testing and reporting. It defines the protocols, sample sizes, demographic coverage, and statistical methods used to produce FAR and FRR numbers that can be compared across vendors. Reputable biometric vendors publish their performance against ISO/IEC 19795 protocols.
NIST FRVT, FpVTE, and IREX
The US National Institute of Standards and Technology (NIST) runs the global benchmark evaluations for face (FRVT), fingerprint (FpVTE), and iris (IREX) systems. NIST publishes per-vendor accuracy scores across enormous test datasets, and NIST results are widely treated as the most trusted independent measure of biometric algorithm accuracy. Our practitioner deep-dive on how facial biometrics work in digital identity covers how these benchmarks translate into deployed systems.
Setting FAR and FRR by use case
The "right" balance between FAR and FRR depends entirely on the use case and the cost of each error type.
High-security use cases
For high-security applications — large transfers, sanctioned-area physical access, privileged-system login — FAR must be very low because the cost of incorrectly accepting an impostor is severe. FRR is allowed to be higher; legitimate users may be re-prompted or routed to fallback authentication. Combining face-match with strong liveness — see our liveness check primer and the deeper facial liveness detection writeup — lets institutions push FAR very low without destroying user experience.
High-convenience use cases
For consumer-app login, retail check-in, and low-value transactions, the dominant cost is user friction. FRR must be low because a frustrated user abandons the session, and the cost of an occasional impostor accept is bounded by other controls (transaction limits, device binding, behavioural signals). The threshold is set looser, accepting a higher FAR for a meaningfully lower FRR.
Risk-based threshold tuning
Modern systems apply risk-based thresholds — tighter for high-value transactions, looser for routine ones, with the system stepping up to additional checks when behavioural or device signals raise concern. This produces a substantially better operating point than any single fixed threshold could.
FAR and FRR in KYC and eKYC
Remote identity verification through eKYC and face-match APIs is one of the largest applications of biometric authentication today. The institution captures a selfie at onboarding, matches it against the photo on the customer's ID, and applies a similarity threshold tuned for the appropriate FAR/FRR balance.
For onboarding flows, FRR matters disproportionately because a rejected legitimate customer often abandons the application entirely. Strong eKYC platforms publish their FAR and FRR against ISO/IEC 19795 protocols and NIST FRVT benchmarks, and offer configurable thresholds that institutions can tune to their risk appetite — typically delivered through a unified biometric verification workflow.
Spoof and deepfake exposure further complicates the choice of threshold. Our writeup on how deepfakes can bypass biometric verification covers the controls that compensate when FAR alone is insufficient as a defence.
Other related biometric metrics
Beyond FAR, FRR, and EER, three further metrics frequently appear in performance reports:
- FTE (Failure to Enrol) — the rate at which a customer cannot complete enrolment because their biometric sample cannot be captured at acceptable quality (e.g., a damaged fingerprint or poor lighting for a selfie).
- FTA (Failure to Acquire) — the rate at which an authentication attempt fails before reaching the matching stage, typically due to capture quality issues.
- PAD error rates — APCER (Attack Presentation Classification Error Rate) and BPCER (Bona-fide Presentation Classification Error Rate) measure how well a presentation-attack-detection system distinguishes a live person from a spoof (photo, video replay, mask, deepfake).
At a Glance
| Full forms | FAR = False Acceptance Rate · FRR = False Rejection Rate · EER = Equal Error Rate |
|---|---|
| Purpose | Performance metrics for biometric authentication systems |
| Governing standards | ISO/IEC 19795 (biometric performance testing and reporting); NIST FRVT, FpVTE, IREX evaluations |
| Common applications | Face recognition, fingerprint, voice, iris, palm-vein |
| Related concepts | eKYC, Liveness Detection, PAD, Face Match, Biometric Authentication |
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Biometric Verification
Authenticate users with facial, fingerprint, and liveness biometrics powered by AI to prevent identity spoofing and fraud.
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
Database Verification
Instantly verify user information by connecting to trusted databases across jurisdictions for accurate, compliant, and faster onboarding.
FAQ
What does FRR mean?
FRR stands for False Rejection Rate. It is the probability that a biometric system incorrectly rejects a legitimate user — the system's usability-failure rate.
What is the difference between FAR and FRR?
FAR (False Acceptance Rate) measures how often a biometric system incorrectly accepts an unauthorised person. FRR (False Rejection Rate) measures how often it incorrectly rejects a legitimate user. FAR is the security-failure rate; FRR is the usability-failure rate. The two move in opposite directions when the decision threshold is changed.
What does FRR mean in banking?
FRR in banking refers to the False Rejection Rate of the bank's biometric authentication systems — face-match login, fingerprint authentication, voice biometrics — applied during account access or transaction authorisation. A high FRR translates directly into customer frustration, abandoned transactions, and increased branch and call-centre load.
What is the Equal Error Rate (EER)?
The Equal Error Rate, also called the Crossover Error Rate, is the threshold setting at which FAR equals FRR. EER is the single most-cited summary metric of biometric system accuracy — a lower EER indicates a fundamentally more accurate system — and is used to compare biometric algorithms independently of any specific threshold choice.
How are FAR and FRR measured?
FAR and FRR are measured against the ISO/IEC 19795 international standard for biometric performance testing and reporting. The US National Institute of Standards and Technology (NIST) runs the global benchmark evaluations — FRVT for face, FpVTE for fingerprint, IREX for iris — which are widely treated as the most trusted independent measure of biometric algorithm accuracy.