Blog article
See all stories »

The importance of passive facial liveness detection

The importance of passive facial liveness detection is key for digital onboarding and a frictionless user experience.

Liveness detection has become a critical part of the digital identity process for face biometric authentication, onboarding and fraud prevention.

With today's facial recognition systems, there are two questions that need to be asked. Is this the correct person being identified and is it a real person being presented? Facial recognition cannot determine is a person is real or not. Therefore, you now need to prove that a person is a real human being, particularly in online situations! Hence the term liveness detection. There are two forms of liveness checks, either active or passive.

Unfortunately active liveness solutions on the market today cause friction in onboarding and many ID&V operators are seeing increasing abandonment rates due to the variety of different liveness checks. The end user is presented with a challenge, such as being asked to blink, smile, nod their head, move the device towards their face or even read out a set of random numbers or text. In some cases, we have seen abandonment rates as much as 50%, particularly in emerging markets.

Sophisticated fraudsters have found ways to exploit onboarding and authentication methods using fake selfies, in which deepfake images, morphing and AI cloning can fool most systems. In some onboarding applications, it is even possible to bypass these processes with simple photos and video recordings.

The main advantage for passive liveness is the speed. It is much faster than all active solutions. A number of market studies have shown that abandonment rate increases when more time is taken in the onboarding enrollment process. Some active solutions claim to be frictionless but this is simply not true. Asking customers to do something unnatural is not a smooth method because it is very important to have a good user experience. With the variety of different active solutions on the market today, it is also causing confusion with customers as it can be difficult to follow the instructions precisely.

Another advantage for the passive method is that potential bad actors do not know there is actually a liveness check taking place, and therefore they would struggle to work out how to defeat it. Current active solutions give the game away. It is all too easy to replicated blinking, smiling and even moving your head from side to side in a video replay attack or using deepfake screen images. There are many examples on the web! Most remote digital onboarding experiences use one of these active methods and have shown to be vulnerable.

Fake IDs and fake selfies are causing concern. That is why it is important for all biometric face vendors to have their software properly tested by third party testing labs and to be certified for anti-spoofing to ensure that their solutions can be trusted and are secure against such possible attacks.

All face biometric solutions are vulnerable to sophisticated presentation attacks. It is important to recognise that passing ISO 30107-3 describes how strong the system is from a security point of view, but it says nothing about the user experience. There are systems that have passed, but as I say, they have been known to cause abandonment in the customer journey because they can be difficult for the user to follow instructions and execute properly.

With the outbreak of Covid-19, digital identity checks are expected to rise by 20 percent as the outbreak is likely to have an impact regarding authentication for payments and onboarding methods. Therefore, it is essential that all biometrics can be valuated as being as secure as possible. Compliance with iBeta's anti-spoofing standards are a must. Vendors have to back up their claims that their solutions are robust.

3584

Comments: (0)

Steve Cook
Blog group founder

Steve Cook

Biometrics and Digital Identity Consultant

Biometrics for eCommerce

Member since

07 Oct 2015

Location

London

Blog posts

17

Comments

2

This post is from a series of posts in the group:

Biometrics

Biometrics are the new weapons of war against online fraud and supporting financial services with biometric authentication and their KYC (Know Your Customer) procedures. ​ There are many different areas where biometrics are being deployed. For example in digital identity; an alternative to user names and passwords; protecting against ID theft; account takeovers and multiple accounts. ​ Mobile biometric authentication is helping to verify new and returning customers at the point of log-ins, payments and digital on-boarding.


See all