Blog article
See all stories »

Liveness Detection - What to look out for!

When it comes to choosing a biometric liveness detection vendor for remote digital onboarding or authentication, there are several factors to consider. Reliability, speed, the user experience and above all third-party presentation attack detection (PAD) testing for anti-spoofing.

PAD testing is essential because a great many active liveness solutions actually do not work efficiently. Active liveness causes too much hassle for end users. It is assumed that to prove someone’s identity and also check whether it is in fact a real person, some vendors believe that you have to challenge the end user to perform a task. Typically, these calls to action involve moving the device around, nodding your head left and right, smiling or following dots round a screen. A number of onboarding studies have shown that this causes abandonment in the customer flow.

When onboarding new customers, the biggest problem is that customers are either confused with all the different active challenges and give up, or struggle with the instructions on what they have to do. When you are presented for the first time with this kind of request, it is extremely off-putting to the average internet user or mobile banking customer! Furthermore, fraudsters have also found clever ways to by-pass these methods with fake photos, videos and masks, making it less secure. Trust is fundamental and proving that a real person is being presented is critical whether it is for digital onboarding or authentication.

Imagine having to perform one of these gimmicks each time a step-up authentication process is required for high risk payments. This is where a fully passive liveness approach will ease the authentication journey. Passive means that the user does not need to do anything other than take a selfie image. It is very straight forward which all smartphone users know how to do. However, it is important that this process is also secure. The liveness software must be proven and validated by a third-party testing lab such as iBeta that it is safe and robust. iBeta is an accredited lab with NIST which has tested many vendors’ software for anti-spoofing. Many liveness solutions have failed at this hurdle to meet even basic anti-spoofing standards!

At ID R&D, we have achieved both Level 1 and Level 2 for the ISO 30107-3 global standard for anti-spoofing and we are the only liveness vendor to offer a passive single image capture process (such as a selfie) for a liveness check. The same image captured for face matching can be used for the liveness validation. Thus, reducing the friction and time to onboard new customers or authenticate transactions, particularly when it comes to the type of payments that falls under the scope of Strong Customer Authentication (SCA) and the PSD2 guidelines.

SCA requires a minimum of two-factors and will come into force in the EU next September. This will need to be a very secure process that is trusted by both the user and the payment rails. Device biometrics such as FaceID simply will not be sufficient as this is really just one factor leveraging the device in the same channel and SCA requires each factor to be independent of each other and one cannot compromise the other. Behavioural biometrics also has it's challenges as a second factor and unless Banks or Enterprises have built up customer data and a payment history, then there is no way of knowing who the customer really is! Behavioural has it's limitations.

ID R&D’s Level 2 test with iBeta included 1,500 total presentation attacks on two smartphones, a Samsung Galaxy S8 Plus and an iPhone 6S Plus. None of the attacks were successful, for an Attack Presentation Classification Error Rate (APCER) of 0 percent.

Passive liveness detection has the advantages that it requires no additional software on the capture side, generates no incremental increase in traffic to the server, making it ideal for customers in low-bandwidth areas, and that it eliminates the vulnerability that arises from separating the image capture for liveness detection and face recognition.

The software also determines liveness in under a second and as a passive system, it enables easy integration as a separate incident function requiring no change to the user interface. The AI algorithms can be applied to any images that meet the minimum requirements for selfie biometric comparisons.

In the age of Covid, more and more touchless biometrics are being deployed for online services. The benefits for frictionless liveness detection are that it is a very smooth user experience, a faster onboarding and authentication process, and it is highly secure.

5446

Comments: (0)

Steve Cook
Blog group founder

Steve Cook

Biometrics and Digital Identity Consultant

Biometrics for eCommerce

Member since

07 Oct 2015

Location

London

Blog posts

20

Comments

2

This post is from a series of posts in the group:

Biometrics

Biometrics are the new weapons of war against online fraud and supporting financial services with biometric authentication and their KYC (Know Your Customer) procedures. ​ There are many different areas where biometrics are being deployed. For example in digital identity; an alternative to user names and passwords; protecting against ID theft; account takeovers and multiple accounts. ​ Mobile biometric authentication is helping to verify new and returning customers at the point of log-ins, payments and digital on-boarding.


See all