Qoobiss Prepares ONTRACE for Advanced PAD and IAD Testing as eIDAS 2.0 Raises the Bar for Digital Identity

Overview

As Europe moves toward the rollout of the European Digital Identity Wallet, the digital identity ecosystem is entering a new phase. The question is no longer only whether digital identity technology can support faster onboarding and cross-border access, but whether the underlying verification infrastructure can withstand a new generation of AI-enabled fraud.

For organizations operating in regulated industries, this shift brings new expectations around biometric security, fraud prevention, and compliance. Presentation Attack Detection, known as PAD, remains an essential part of identity verification. However, as attacks increasingly move beyond the camera and into the data pipeline itself, Injection Attack Detection, or IAD, is becoming equally important.

Bucharest, Romania — As the European Union advances the implementation of eIDAS 2.0 and prepares for the European Digital Identity Wallet, Qoobiss is preparing its ONTRACE identity verification platform for advanced PAD and IAD testing in line with the emerging European standards for biometric attack detection.

The initiative reflects Qoobiss’s commitment to supporting regulated organizations with identity verification technology that is secure, compliant, and ready for the next stage of Europe’s digital trust infrastructure.

Europe’s Digital Identity Framework Is Entering a New Stage

Under eIDAS 2.0, the European Union is building a common framework for digital identity across all Member States. The European Digital Identity Wallet is expected to give citizens and residents a secure way to identify themselves, share verified attributes, and access public and private services across borders.

For businesses, this creates an opportunity to streamline onboarding, reduce friction, and simplify identity verification in sectors such as financial services, telecommunications, insurance, healthcare, transport, and digital platforms.

At the same time, the new framework raises the bar for trust. Digital identity systems will need to prove not only that they are easy to use and interoperable, but also that they are resilient against increasingly sophisticated fraud techniques.

This is particularly important in remote onboarding, where organizations must verify a person’s identity without physical presence. As more high-value services move online, the identity verification layer becomes one of the most critical points in the entire trust chain.

Why PAD Alone Is No Longer Enough

Presentation Attack Detection has been a core part of biometric security for many years. PAD is designed to detect whether a biometric sample comes from a real person or from an artefact, such as a printed photo, a replayed video, a mask, or another spoofing method presented to a camera.

These controls remain essential. However, the threat landscape has evolved.

Modern fraud attempts increasingly use synthetic media, manipulated video streams, virtual cameras, modified applications, and deepfake-based techniques. In these cases, the attacker may not try to fool the physical camera at all. Instead, they may attempt to inject falsified biometric data directly into the verification process.

This is where Injection Attack Detection becomes critical.

While PAD asks whether the person shown to the camera is real, IAD asks a different question: did the biometric data actually come from the genuine device camera and the intended capture process?

That distinction is becoming increasingly important for regulated organizations. A verification system can be strong against traditional spoofing attempts, yet still remain exposed if it cannot detect data that has been injected into the process before it reaches the biometric verification engine.

The Role of ETSI TS 119 461 and CEN/TS 18099

European standards are beginning to reflect this new reality.

ETSI TS 119 461 defines policy and security requirements for remote identity proofing services used in trust service environments. The updated direction of the standard places stronger emphasis on the integrity of remote identity verification processes, including the ability to detect biometric attacks.

CEN/TS 18099 focuses specifically on biometric data injection attacks and provides a framework for evaluating the resilience of biometric systems against attempts to replace or manipulate biometric samples before they are processed.

Together, these standards are helping shape the next generation of identity verification requirements in Europe.

For Qualified Trust Service Providers, identity verification platforms, wallet providers, and regulated relying parties, PAD and IAD are moving from technical best practices to strategic compliance priorities. Organizations that depend on remote onboarding will increasingly need to work with partners that can demonstrate independently tested and standards-aligned biometric attack detection capabilities.

Qoobiss’s Approach to Digital Trust

Qoobiss operates at the intersection of digital onboarding, identity verification, biometric technology, and regulatory compliance. Its ONTRACE platform is designed to help organizations automate identity verification while supporting KYC, AML, GDPR, eIDAS, ISO, and ADR-aligned workflows.

ONTRACE supports automated identity verification through document capture, AI-powered data extraction, OCR and MRZ reading, document authenticity checks, liveness detection, biometric face matching, and audit-ready verification reporting. The solution is used in regulated and security-sensitive environments where fast onboarding must be balanced with strong fraud prevention and compliance control.

As the regulatory environment evolves under eIDAS 2.0, Qoobiss is preparing ONTRACE for PAD and IAD testing at an advanced assurance level. This step is intended to support the needs of regulated clients that must demonstrate resilience against both traditional presentation attacks and more advanced injection-based attacks.

“Digital identity is entering a phase where compliance and security can no longer be treated separately. Organizations need verification systems that are not only fast and user-friendly, but also demonstrably resilient against the types of attacks enabled by generative AI,” said Teodor Rogojina, CEO of Qoobiss.

“PAD and IAD testing are becoming essential elements of digital trust. For Qoobiss, preparing ONTRACE for this level of evaluation is part of our commitment to helping clients stay ahead of regulatory expectations and emerging fraud risks.”

Romania’s Role in the European Digital Identity Ecosystem

Romania is becoming increasingly relevant in Europe’s digital identity landscape. The country hosts the European Cybersecurity Competence Centre in Bucharest and continues to develop its national digital identity infrastructure in the context of eIDAS 2.0.

For Romanian fintechs, banks, insurers, telecom operators, digital platforms, and identity verification providers, the next phase of eIDAS 2.0 is not a distant regulatory development. It is a near-term operational reality.

As digital identity wallets, qualified electronic attestations, remote signatures, and cross-border verification use cases become more widely adopted, the quality of the underlying identity proofing process will become even more important.

A compromised identity at the onboarding stage can affect the entire trust chain. This means that biometric verification, attack detection, auditability, and compliance readiness are not isolated technical features. They are foundational components of the future digital economy.

Building Trust Infrastructure, Not Just Technical Infrastructure

The success of Europe’s digital identity transformation will depend on more than the availability of digital wallets. It will depend on whether citizens, businesses, and public institutions can trust the credentials issued and accepted within the ecosystem.

That trust begins with identity proofing.

If attackers can use deepfakes, synthetic identities, or injected biometric data to compromise the issuance process, the risk does not remain limited to one onboarding flow. It can extend to every downstream transaction, credential, signature, or verification based on that identity.

This is why continuous testing, independent evaluation, and standards-based assurance are becoming central to the future of digital identity.

Qoobiss’s preparation of ONTRACE for advanced PAD and IAD testing reflects this broader shift. The objective is not only to meet a regulatory requirement, but to strengthen the trust architecture that regulated organizations will depend on as eIDAS 2.0 becomes a practical reality across Europe.

Looking Ahead

The digital identity market is entering a new phase. Speed, automation, and user experience remain important, but they are no longer enough on their own.

The organizations that will lead in the post-eIDAS 2.0 environment will be those that can prove their verification infrastructure is secure, standards-aligned, and resilient against evolving attack methods.

For Qoobiss, this means continuing to invest in ONTRACE as a secure and scalable identity verification platform for regulated industries. Preparing the platform for advanced PAD and IAD testing is a natural next step in that direction.

As Europe builds the foundation for a more interoperable digital identity ecosystem, the strength of that ecosystem will depend on every layer of the trust chain.

And in the age of AI-enabled fraud, the ability to detect not only fake faces, but also fake data pipelines, will be essential.