Blog article
See all stories »

Digital Identity - Prove you are not a fake?

In today's world of biometric authentication and digital identity, proving that someone is real is a serious challenge for online and mobile services.

Deepfakes, 3D masks, and even fake photos of people can cause problems for digital onboarding vendors as well as other digital enrolment processes. This in turn affects entities such as banks and merchants when it comes to signing up new customers. 

The average online time to enrol a new customer can vary between ten minutes to twenty minutes depending on how long-winded the process is. Often a lot of personal information is required which does cause problems for many sign-up methods. Unfortunately, fraudsters have been able to create synthetic fake identities which are then far too easy to bypass these automated onboarding systems.

Today, a person doesn’t just need to prove who they are but are they in fact real or not. The safeguard is “Liveness Detection”. This is where you need liveness detection as part of your security methods to check in real-time whether there is an attempt by a fraudster to use a fake or stolen identity. 3D masks would easily fool an authentication process. So you cannot rely on just a biometric itself to show whether the person is real, therefore you must have an anti-spoofing or presentation attack detection (PAD) solution to back up the biometric and onboarding process.

Liveness detection basically comes in two forms: Active or Passive. So which is better?

When using face biometrics for authentication, accuracy is no longer a concern. However spoofing attacks are a significant threat.

Whereas facial recognition can accurately answer the question, “Is this the right person?”, it doesn’t answer the question, “Is this a live person?” This is the role of liveness detection. Detecting spoofs is essential for face biometric matching to be trusted, as well protecting the integrity of our biometric data. In other words, because of liveness detection, our biometrics do not have to be kept a secret – which is a good thing since many of us have numerous images and videos posted online!

The first generation of facial liveness detection technology was determined as “active.” Active liveness detection relies on the user’s movements in response to challenges such as nodding, blinking, smiling, or correctly positioning one’s face in a frame. While the technology can be effective at detecting a spoof, it introduces friction into a verification process that was largely desirable for its ability to remove the friction. Therefore, it is less secure as fraudsters have learned how to fool these systems.

The technology behind liveness detection is based on the recognition of physiological information as a sign of life. Historically, liveness algorithms have been trained to identify head movements, dilation of a subject’s pupils, changes in expression, and other physical responses. Unfortunately, because of the variety of different active challenges, this has caused abandonment in the onboarding or payment journey, which in turn creates a poor user experience.

The pursuit of an easier solution, facilitated by increased access to training data for better machine learning, led to a new generation of “passive” liveness detection.

The Differences Between Passive and Active Liveness.

Passive liveness detection is fundamentally different from active in that it requires no action by the user. As such, active liveness is impractical for use cases with frequent login or payment authentication for example. The friction also has a negative impact on new customer acquisition, with some companies reporting abandonment rates as high as 50% when using active liveness. Passive liveness requires no action by the user, which results in less friction and lower user abandonment during processes such as remote customer onboarding.

Passive methods have the advantage of “security through obscurity.” They are generally more immune to spoofing attacks because the fraudster doesn’t have clues as to how to defeat the liveness check. In fact, they won’t even know it’s happening. Whereas active systems provide fraudsters with instructions that can be “reverse engineered” to attack and defeat the liveness check. Known techniques to break them include using a simple 2D mask with cut out eyes or animation software to mimic head movements, smiling, and blinking, and today deepfake software can replicate many of these actions. Many examples of celebrities being spoofed are available online and assuming to watch but real people need to be assured their identities are not being misused!

However, fundamental to all liveness detection solutions is whether they are compliant with ISO 30107-3 global standards for anti-spoofing and have passed iBeta Level 1 and Level 2 PAD testing. At ID R&D, our passive solution has passed Level 1 and Level 2 testing using a single selfie image approach to liveness detection. The only liveness detection vendor to do so.

A passive solution with proven robustness is preferable to an active liveness solution. Both types accurately detect a range of spoofs, but only passive liveness keeps the process fast and effortless. The fact that companies are increasingly prioritizing user experience as a way to attract and retain customers is driving the shift from yesterday’s active solutions to today’s modern, passive liveness detection.

a member-uploaded image
1986

Comments: (1)

Matthew Key
Matthew Key - keyinnovate.com - London 16 December, 2020, 16:09Be the first to give this comment the thumbs up 0 likes

Good summary Steve.

Steve Cook
Blog group founder

Steve Cook

Biometrics and Digital Identity Consultant

Biometrics for eCommerce

Member since

07 Oct 2015

Location

London

Blog posts

19

Comments

2

This post is from a series of posts in the group:

Biometrics

Biometrics are the new weapons of war against online fraud and supporting financial services with biometric authentication and their KYC (Know Your Customer) procedures. ​ There are many different areas where biometrics are being deployed. For example in digital identity; an alternative to user names and passwords; protecting against ID theft; account takeovers and multiple accounts. ​ Mobile biometric authentication is helping to verify new and returning customers at the point of log-ins, payments and digital on-boarding.


See all