Biometric Authentication & Identity

Vaeloq

The face is one signal — never the whole answer.

Vaeloq is Revexl's biometric authentication and identity platform, built for a world where the face is no longer proof of identity. Deepfakes and injection attacks now defeat face-only verification, while passwords, OTPs, and PINs were already failing. Vaeloq treats the face as one strong signal within a layered, AI-driven, cryptographically-anchored decision — wrapped in injection-attack detection, a real-time risk score, and device-bound passkeys, so a stolen or synthesised face cannot be replayed.

Primary buyers:
  • Banks & FIs
  • Government eID
  • Aviation & Transit
  • CISO · IAM
Why Vaeloq

Defence in depth — five layers, one decision

Face match

1:1 verification and 1:N identification with configurable, risk-tiered thresholds.

Liveness (PAD)

Passive by default with active gestures for step-up, certified to ISO/IEC 30107-3.

Injection detection

Verifies a real hardware sensor and blocks virtual cameras, synthetic feeds, and deepfakes.

Real-time risk engine

Fuses match, liveness, device, behaviour, geo, and document signals into a single score.

Cryptographic anchor

FIDO2 passkeys: the face unlocks a device-bound key locally, so it never traverses the network — no central store of faces to steal.

Renewable templates

ISO/IEC 24745 non-invertible templates: a leaked template can be revoked and re-issued, unlike a compromised static face.

The platform

Two modules on one shared core

Vaeloq Authorize handles real-time transaction and ATM authorization, out-of-band mobile approval for mismatched faces, delegated and family authorization, and aviation & transit access with the face as a token.

Vaeloq Verify handles identity onboarding and KYC, government-ID capture with MRZ cross-read, video-KYC with deepfake monitoring, and ongoing KYC, re-screening, and registry sync. Both run on one shared core: capture, matching, liveness, injection detection, risk scoring, passkeys, and template protection.

Signature flow — stopping ATM fraud in real time

When a card and PIN are used but the face at the ATM does not match the cardholder, Vaeloq pushes a request to the owner's phone, including the live photo of the person present. The owner approves with their own face and a gesture; their device cryptographically signs the decision, binding it to that exact transaction. Cash dispenses only on that signed approval — non-repudiable, and impossible to replay or relay.

Trust & certification

  • HSM-rooted cryptography — keys never leave the hardware.
  • Fail-open availability — a lapsed licence never locks out live authentication.
  • Tamper-evident audit — an append-only, signed record of every decision.
  • Fairness gates — per-skin-tone (Monk/ITA) FMR–FNMR parity checks that are release-blocking.
  • Certification track — ISO/IEC 30107-3, NIST FRVT / iBeta, PCI-DSS, SOC 2 Type II, ISO/IEC 27001, and GDPR plus Southeast-Asian data regimes.

Global by design

The core carries no jurisdiction logic — consent, retention, ID types, national registry, and regulatory profile load as a swappable region pack. The first region packs target Southeast Asia (Indonesia, Malaysia, Vietnam, Thailand, the Philippines, and Singapore), with subsequent expansion to eIDAS 2.0 (EU) and Aadhaar (India).

Get in touch

Stop deepfakes before they reach the vault.

See Vaeloq's five-layer decision and its signed ATM approval flow in action.