Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
The point where a biometric system's false acceptance and false rejection rates are equal; a lower CER means a more accurate system.
Crossover Error Rate (CER) Definition: The point where a biometric system's false acceptance and false rejection rates are equal; a lower CER means a more accurate system.
The Crossover Error Rate (CER), also called the Equal Error Rate (EER), is the point at which a biometric system's False Acceptance Rate (FAR) equals its False Rejection Rate (FRR). It represents the threshold where the two error types balance, and a lower CER indicates a more accurate biometric system, making it the standard single-number metric for comparing biometric solutions.
A biometric system uses a sensitivity threshold to decide whether a presented sample matches a stored template. Loosening the threshold lets more people in, lowering false rejections (FRR) but raising false acceptances (FAR); tightening it does the reverse. As you sweep the threshold, FAR and FRR cross at one point, that intersection is the CER. Plotting these errors produces a curve from which the CER, and the related Receiver Operating Characteristic (ROC), are read. Biometric performance testing is governed by standards such as ISO/IEC 19795 and NIST SP 800-76.
CER matters because it captures the inherent security-versus-usability tradeoff of authentication. A system that rejects legitimate users frustrates people and drives insecure workarounds; one that accepts impostors fails its core security purpose. CER gives security architects a vendor-neutral way to compare fingerprint, face, or iris systems before deployment, and reminds them that operating points should be tuned to context rather than left at the crossover by default.
For example, a high-security data center configures its fingerprint readers below the CER threshold, accepting more false rejections (occasionally turning away authorized staff who must re-scan) in exchange for a very low chance of admitting an impostor. A consumer smartphone does the opposite, setting the threshold above the CER for convenience and quick unlocks, tolerating a slightly higher false-acceptance risk. The same CER metric informs both, but each picks a different operating point. Related terms: FAR, FRR, Biometric authentication, Equal Error Rate, ROC.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →