False acceptance rate

Learn what the false acceptance rate (FAR) is, how it impacts authentication, and how to reduce FAR for more secure identity verification systems.

What is the false acceptance rate (FAR)?

The FAR is a metric measuring how often an authentication system mistakenly allows access to an unauthorized user.

In other words, the FAR measures the rate at which an authentication system mistakenly identifies a non-matching sample, like a voice or face, as a match. In a voice authentication system, a high FAR means that someone could spoof a voice or present a deepfake audio clip and still gain access to sensitive information. A low FAR indicates a more secure system, as fewer impostors are falsely accepted.

False acceptance rate is a critical metric in authentication and is often compared to its counterpart, the false rejection rate (FRR), which measures how often valid users are incorrectly denied access. Together, these metrics define a system’s accuracy and reliability, often visualized through the Equal Error Rate (EER) where FAR and FRR intersect.

Why is the false acceptance rate important?

The FAR plays a pivotal role in evaluating the security and usability of identity verification systems. In industries where sensitive data or financial transactions are handled, a high FAR can lead to unauthorized access, fraud, and data breaches.

For companies deploying biometric-based security, like voice analytics, facial recognition, or fingerprint authentication, the FAR helps define the thresholds for acceptable risk. If the FAR is too high, the system may become vulnerable to spoofing attacks or deepfake fraud. If the FAR is too low, the system may reject legitimate users more frequently, leading to customer frustration and increased support costs.

How is the false acceptance rate calculated?

The FAR is calculated using the following formula:

FAR = (Number of false acceptances) / (Total number of impostor attempts)

This metric is typically expressed as a percentage. For instance, if 5 out of 1,000 unauthorized access attempts are falsely accepted, the FAR would be:

FAR = (5 / 1000) = 0.005 or 0.5%

A system’s FAR can vary depending on the threshold setting, or the confidence level the system uses to determine a match. Lowering the threshold makes the system more lenient (and increases FAR), while raising it makes the system stricter (and increases FRR). This tradeoff is why security architects often refer to the Equal Error Rate (EER) when tuning systems, as it represents the balance point where FAR equals FRR.

What is the difference between false acceptance rate (FAR) and false rejection rate (FRR)?

Although both FAR and FRR are error rates in biometric and other authentication systems, they serve opposite functions:

A system with a low FAR and high FRR is very secure but may frustrate users by denying them access too often. A system with a low FRR and high FAR is more convenient for users but exposes the system to potential fraud and security breaches.

This balance is crucial when designing authentication systems for environments where both user experience and security are priorities. Financial institutions, for instance, must prevent unauthorized transactions without locking out valid account holders. That’s why threshold tuning and multifactor authentication are often used to find the optimal balance.

How can organizations reduce the FAR?

Examples of false acceptance rate in real-world scenarios

What is a good FAR?

There is no one-size-fits-all FAR target. It depends on the context, industry, and risk tolerance. However, generally:

The key is balancing FAR and FRR based on what matters most to your users and business. Pindrop helps organizations make these tradeoffs with confidence by providing flexible, data-driven authentication tools that adapt in real time.