Fraud

Liveness detection: How not to get spoofed by identity fraudsters 

February 23, 2023
Liveness detection: How not to get spoofed by identity fraudsters 

To combat the rise of identity fraud, organizations across industries have started implementing biometric (e.g., facial, retinal, fingerprint) scanning as part of their onboarding and log-in processes. In addition to innovating how companies verify and authenticate users, biometrics also lends to a more seamless user experience (like utilizing FaceID or TouchID on your phone instead of trying to remember multiple passwords). 

While biometric technology has become more ubiquitous in everyday life, it’s not foolproof. We’ve all seen that movie where a professional thief uses a synthetic fingerprint to bypass a major security system. Online fraudsters, likewise, have a variety of options at their disposal (i.e., presentation attacks) to keep pace with the latest security advancements, making online identity verification and fraud prevention a never-ending game of cat and mouse.

What is liveness detection? 

The answer, in part, to the vulnerabilities that exist in biometric scanning is liveness detection. Beyond just using facial, retinal, or fingerprint recognition as a means for identity verification, liveness detection goes one step further by determining whether the source of the sample is a live human being or a presentation attack, also referred to as “spoofing the system.” 

Liveness detection can even be applied to voice recognition technology, as there is no limit to the number of vectors a hacker will infiltrate when attempting identity fraud. 

Essentially, liveness detection utilizes AI-based algorithms to weed out presentation attacks, whether during an initial identity verification process (e.g., someone signing up for a bank account) or any authentication attempt (e.g., someone logging into their account). With facial recognition, for example, liveness detection leverages computer vision technology to more accurately detect whether the sample (either a selfie or video) is a real human face that also matches the identity document presented.

Active vs passive liveness detection

While solutions vary based on the type of biometric sample being considered, there are two main methods for liveness detection: active and passive. 

Active liveness detection, as its name implies, requires active participation from the user. For facial recognition, this can include turning their head from side to side or up and down, which allows the scan to create a 3D map of the subject’s face through depth perception. This version of active liveness detection is ideal for combatting 2D spoofing attempts, where a fraudster may try to bypass a selfie prompt with a photo of the subject they are trying to impersonate.

Furthermore, active liveness detection is leveraged when asking the user to complete a task that cannot be easily recreated by a spoof or imposter (e.g., blinking or following dots on a screen with your eyes).

Passive liveness detection, on the other hand, is performed with little to no user interaction (i.e., a user can take a selfie without having to move their head). This is because passive solutions have developed algorithmic processes that can recognize a presentation attack based on a single frame of biometric data. Since passive detection works in the background and requires no action on the part of the subject, it is considered the more seamless, user-friendly of the two methods, and typically takes less time to verify the user. 

There is also a hybrid version known as semi-passive liveness detection, which requires one simple, less burdensome action from the user, like having them smile in order to be verified. 

Presentation attacks to consider

As noted above, there are several different methods that hackers and fraudsters use to spoof the system, which are evolving at almost the same rate as the methods developed to thwart identity-based fraud attacks. 

Depending on the sophistication level of the biometric scan being infiltrated, presentation attacks can involve 2D or 3D (i.e., photograph or video) spoofing, as well as mechanisms for modification or replication (changing one’s facial hair vs wearing a synthetic mask). The least sophisticated attacks will typically involve the fraudster trying to bypass a facial recognition scan with a photo or video of the intended subject.

However, there are several more savvy methods that involve a variety of masks (whether made of paper, latex, or silicone), which attempt to create a 3D rendering that exploits a certain weakness in a biometric scan. Fraudsters use the same synthetic properties for retina and fingerprint scans, with the level of sophistication usually matching the level of access or amount of money the fraudster is after, as more advanced methods of spoofing tend to be more expensive. 

For fraudsters looking to bypass video facial scans, the emergence of deepfake technology has played a prominent role. Through deepfakes, a person’s digital likeness (down to their facial movements) can be replicated and superimposed, allowing hackers to pass as their victims. As the quality of deepfakes continue to improve, even the most advanced liveness detection solutions will need to push innovation further, to better decipher what’s fake from what’s not. 

Bottom Line 

As we evolve into an increasingly digital — and potentially password-free — society, biometric scanning for identity verification may become the norm. And while there is no one-size-fits-all approach guaranteed to thwart every presentation attack, there are a variety of methods your organization can implement to help detect when an authentic user is present or not.

In particular, when user experience is thrown into the mix, creating as little friction as possible is advised, which is why many industries are prioritizing passive liveness detection, especially for use cases where speed and ease are of the essence, like someone checking into a flight. 

Regardless of how an organization plans to implement biometrics into its user onboarding process, liveness detection will only play a larger role going forward as fraudsters keep exploring new ways to spoof the system.

Integrate ID document scanning into your existing application today

Continue reading

Find more thoughts on the industry insights, use cases, product features, trends in AI, and development processes.

What is identity documentation verification and how does it work in finance?
ID and Document Verification

What is identity documentation verification and how does it work in finance?

August 31, 2023

Identity document verification ensures the authenticity of presented documents, which helps to mitigate the risk of fraudulen…

Upgrade your UX with ID document scanning for web browsers
Technology

Upgrade your UX with ID document scanning for web browsers

February 23, 2023

How easy is it for your customer to start utilizing your product or service? In an age with no abundance of time, no shortage…

Microblink’s top 5 blogs of 2022

Microblink’s top 5 blogs of 2022

December 28, 2022

What a year it has been.  For both our Identity and Commerce business units, 2022 was highlighted by growth, innovation…

Identity Document Scanning product updates – November 2022
Product Updates

Identity Document Scanning product updates – November 2022

November 22, 2022

Find out what’s new in the v6 release of Identity Document Scanning, and how the updates empower your solution and delight yo…

Blue in the face: Twitter’s vexing verification raises identity issue on social media
Social Media

Blue in the face: Twitter’s vexing verification raises identity issue on social media

November 17, 2022

In the Twittersphere, the term “verified” has progressively taken on a meaning of its own. It was back in 2009 when the socia…

Document Verification product updates – August 2022
Product Updates

Document Verification product updates – August 2022

August 10, 2022

Here’s a quick overview of all new features and supported documents in the latest version of Document Verification. Our…

Identity Document Scanning product updates – July 2022
Product Updates

Identity Document Scanning product updates – July 2022

July 31, 2022

We’re super excited to announce a new-better-than-ever version of Identity Document Scanning with 50 new identity docum…

Security by Design Meetup Recap
Technology

Security by Design Meetup Recap

May 21, 2024

Discover insights from the panel session on security by design and best practices. This blog post is a recap of our highly su…

How to Enhance Your Fraud Detection in Banking Transactions
Fraud

How to Enhance Your Fraud Detection in Banking Transactions

May 13, 2024

Digital banking has completely revolutionized how we manage our transactions and accounts. However, with the ease and conveni…

Understanding Today’s US Online Gambling Laws
Online gambling

Understanding Today’s US Online Gambling Laws

April 26, 2024

Online gambling has been a popular pastime since its inception, but it soared to substantial new heights during the pandemic…