FB pixel

Active and passive liveness detection for biometric face authentication explored in ID R&D whitepaper

Active and passive liveness detection for biometric face authentication explored in ID R&D whitepaper
 

As biometric liveness detection technology advances, companies are struggling to keep up with developments sufficiently to understand the relative advantages and disadvantages of different offerings, such as active and passive liveness checks, according to a new whitepaper from ID R&D.

The Important Role of Liveness Detection in Face Biometric Authentication and How to Choose the Right One for Your Use Case” details the background of increasing facial recognition use in identity verification for a range of applications, including logical access, financial transactions and onboarding, and the need for liveness detection to secure them against fraud attempts.

ID R&D Senior Vice President John Amein told Biometric Update in an email interview that “the majority of the companies we talk to are aware of liveness because it is essential in the onboarding process, required both by regulation and bank security.”

They might adopt and continue using active liveness technologies, if not for high customer abandonments rates, and the vulnerability that comes with making the mechanism obvious to potential fraudsters, he says.

The whitepaper explains that liveness detection is a process of detecting presentation attacks like photo or video spoofing, deepfakes, models or 3D masks, rather than a matching process. Active and passive approaches are defined and compared.

ID R&D notes abandonment rates for active liveness detection of up to 50 percent have been reported, defeating the purpose of a system meant to enable easy remote onboarding, but the alternative is not yet widely known.

“At this point most companies are not aware that a truly passive solution is now possible,” Amein states.

ID R&D launched its passive liveness detection technology last August.

Pros and cons for different use cases

Different active liveness detection mechanisms based on user responses to a challenge, such as moving a certain way, following an object on the screen, or moving the camera are noted.

Passive approaches include shining varying lights at the user, capturing short videos, examining a selfie, and hardware-assisted approaches like depth-sensing.

The potential drawback of using a single selfie image for passive liveness detection is that it requires a server-side component to perform the analysis. This does not present a problem for many use cases, including digital onboarding for banks, which Amein says stands out as the hot segment among a number of verticals.

Convincing customers that it provides a high level of security may more of a hurdle to overcome for some businesses.

“There’s huge skepticism that a single selfie can work!” Amein admits. “We laugh about this with people when we do demonstrations because they have a hard time believing it. Then we show them. Then they try for themselves using software we provide so they can test on their own databases of images. So far, the feedback we get is, ‘Your technology is amazing!’”

Onboarding new customers and accounts, securing digital customers, payment security and cardless access use cases are considered, and five key considerations for organizations evaluating liveness technologies are described in the whitepaper. Simplicity, environmental factors, cross-channel compatibility, and ease of integration and deployment are identified as things to think about when choosing which specific type of liveness detection technology to implement.

ISO liveness standard challenging

The final consideration set out by ID R&D is third-party testing, to the ISO presentation attack detection (PAD) standard. The company notes that iBeta Quality Assurance, which performed ID R&D’s Level 1 PAD testing, is the only biometric testing lab accredited for NIST’s National Voluntary Laboratory Accreditation Program (NVLAP). The company says it also plans to soon undergo Level 2 testing.

The whitepaper states only two companies have passed ISO/IEC 30107-3:2017 testing with active detection technologies, and two with passive detection technologies known to be certified or compliant so far.

“ISO 30107-3 compliance is a tough standard whether active or passive. Many companies have failed to pass because for Level 1, there is zero margin for error. Not even one spoof attempt is allowed through,” explains Amein.

“What’s also important to recognize is that passing ISO 30107-3 describes how strong the system is from a security point of view, but it says nothing about the user experience. There are systems that have passed, but they also cause customer abandonment because they can be difficult for the user to follow instructions and execute properly. This is why we see more companies choosing to partner with technology providers like ID R&D to bring a compliant solution to market that also delivers a great user experience.”

All face biometric solutions are vulnerable to sophisticated presentation attacks, the whitepaper concludes. Detecting these attacks without introducing too much friction into the process is the challenge for business implementing liveness technology, according to ID R&D. With an understanding of the options and how they apply to the business’ use case, fraud rates can be lowered without causing customer abandonment of digital processes.

Article Topics

 |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Cryptomathic is Belgium’s digital wallet mobile app security provider

Tech from Cryptomathic has been deployed in Belgium’s digital identity wallet, one of the first to go live in the…

 

Bringing ethics into the discussion on digital identity

A panel at EIC 2024 addresses head-on a topic that lurks around the edges of many discussions of digital ID….

 

Kantara Initiative launches group devoted to deepfake injection attack threats

“It’s probably not as bad as this makes it seem,” says Andrew Hughes, VP of global standards for FaceTec and…

 

Seamfix CEO makes case for digital ID as unlocker of Africa’s growth potential

The co-founder and Chief Executive Officer of Seamfix, Chimezie Emewulu, has posited that digital identity and related services have the…

 

Nigeria’s digital ID authority unveils new measures to uphold data security

The National Identity Management Commission of Nigeria (NIMC) has outlined new measures that align with its push to make data…

 

Data Zoo, Metalenz, Precise, Token, Tools for Humanity add executives

A handful of biometrics and digital identity providers have announced leadership team updates including new finance and technology executives at…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events