Developed in the mid-sixties and first commercially introduced in the 1970s, facial recognition technology has since made huge strides. Now, it's considered a significant feature for major players in mobile and has helped improve security in law enforcement and defence. But given its much improved performance and convenience, it’s important to understand exactly what facial recognition is…and is not.

Facial recognition technology is based in its ability to quickly and accurately match what the device camera sees with an image that has been saved either on a server somewhere, or on the device itself. When there is a strong match between the two, the device using recognition allows a user to gain access to an account or a physical place. In other words, the technology verifies a legitimate user has access to a device, confidential or sensitive personal information, or something like a restricted room, building or car.

Facial recognition has been adopted across many industries. It is relatively easy to integrate and deploy, but it has also given people a sense of using a technology that is more advanced and secure than passwords or PINs, enhancing the user experience. However, on the path to deploying what many consider to be the optimal biometric solution, much is still misunderstood, creating some pretty significant blunders along the way.

Facial recognition uses and failures

When Apple first introduced Face ID on the iPhone X to the public, users were treated to their first taste of consumer-facing facial recognition technology. However, within days Apple’s new 3D face recognition feature, meant to replace Touch ID with better, easier user security, was heavily criticised for allowing fakes like photos and non-human objects – and even people who looked similar – to open their devices. Again, in late 2017 Apple faced public scrutiny over its biometric solution because of its inability to differentiate between different Chinese faces.

Similarly, in the world of surveillance in July 2018, Amazon’s facial recognition system, Rekognition, raised more concerns over accuracy when it matched 28 US Congress members with the mugshots of known criminals.

And more recently in March of 2019, continuing this dubious streak, facial recognition on Samsung’s new S10 was publicly spoofed by customers and journalists using photos, videos and even non-twin siblings. Considering Samsung, Amazon and Apple all state that their versions of facial recognition provide state-of-the-art security, it makes a person wonder if these organisations even understand their own technologies.

Recognition vs Authentication

Apple made big claims that the probability that a random person could successfully use it to unlock a smartphone is “approximately 1-in-1,000,000”. Yet, this was publicly disproven, among other instances, when a Chinese woman requested a refund for her iPhone after a co-worker accessed her phone using Face ID with their face. Apple is not unlike many organisations making overly optimistic statements that can be easily proven wrong. This isn’t only potentially bad for consumers and damaging to the business’s reputation, but the entire biometric security industry’s reputation suffers as the market begins to accept facial recognition as a flawed and potentially dangerous technology. Incorrectly defining their “security” solutions as an identity authentication tool rather than simply a convenience that can quickly and fairly accurately match images does not advance the very real potential of biometrics providing convenient and highly effective digital identity security.

Most consumer-level facial biometric tools are image-matching technologies. They do not, however, “authenticate”, or actually positively verify a legitimate, live user. True face authentication, of which recognition/matching is a subset, employs AI-driven liveness detection, giving it the ability to distinguish between an image, video or non-human 3D object like a mask or mannequin head, from a real human. By analysing dozens of unique human traits, like textures, micro-movements and reflections, face authentication can quickly determine if these traits – collectively – add up to what the camera sees as a living person.

The future of face biometrics

Of all the biometric modalities – fingerprint, voice, gait, behavioural, DNA and others – face is gaining acceptance more quickly because it is not only easy for nearly anyone to use, but a face provides so much “signal”, or data to a sensor (here, the camera) and system than any other option. For example, fingerprints – for all their uniqueness and seeming complexity – cannot match the myriad variations in a face’s shapes, sizes, unique markings and other distinguishing features a trained AI system can very quickly recognise.

Face is also more generally easier to use in varied circumstances where lighting, weather, social restrictions and physical access to a smart device can prevent a user from speaking into their phone or using a fingerprint reader. When the technology is developed, applied and deployed properly, facial recognition and face authentication will be taken to new heights.

For day-to-day commercial applications other than law enforcement and surveillance, when there is a need for more security than is required to unlock a phone or buy a cup of coffee, authentication with liveness detection is the most effective solution. If a system can be certain the user asking for access is not only the legitimate user, but is actually alive at the time of the access request, high-value accounts like banking/finance, medical records, autonomous vehicle access, and blockchain-based services like crypto currency wallets and confidential contract signing, will gain trust quickly, bringing a raft of advanced services to an eagerly awaiting global audience.

We are now just beginning to see face authentication technologies introduced in services such as identity management and banking, though still mostly in conjunction with other legacy technologies like fingerprint or SMS verification. But within the year or so, we’ll see major global organizations embracing more advanced face biometrics using cutting-edge, AI-driven technologies to improve their security offerings and truly protect the user from identity theft and data breaches. Face authentication with liveness detection will not only provide an enhanced, frictionless user experience, but anyone with a typical smart device will be able to enjoy unparalleled levels of real-world protection against attacks like phishing, ID theft and synthetic identity fraud.

The promise of biometrics is finally about to deliver.

Steve Cook

A Leading Specialist in Biometrics and Digital Identity.