False Acceptance vs
. False Rejection"> The studies published to date on questions of biometric security are in the main based on evaluations of the false rejection and false acceptance rates (FRR, FAR) that are so popular with that line of business. In the event of a false rejection a user is prevented from accessing a system despite his or her access authority for the system; the reason usually being that the biometric features of the user are weakly developed, from the point of view of the system. A false acceptance incident on the other hand allows a person whose biometric features have not been registered to log-on to the system. In most cases cheap sensor chips or badly implemented security software is responsible for a malfunction of this kind. Generally speaking, however, the statistically determined error probabilities do not give clear answers to the question of whether biometric solutions are able to protect a system even against an assailant bent on overcoming biometic protective measures. Unlike empirical scientific procedure, a hacker is scarcely likely to muster a battery of a thousand experimental subjects in the hope that one of them might perhaps be mistakenly accepted by the system. But the latter is the very core question that a security system must be made to answer. Although the Fraunhofer Research Institute, based in the German city of Darmstadt, in collaboration with the German Federal Institute for Information Technology Security (BSI) conducted an extensive series of tests last year in the course of which "deliberate" searches for security loopholes in specific system were undertaken, the results, obviously due to pressure from the manufacturers, were never made public. Instead of finally laying its cards on the table, the biometrics line of business prefers to hide behind error rates it has measured itself.