FB pixel

FaceTec biometric liveness detection spoof bounty program expands to five levels and $100k

FaceTec biometric liveness detection spoof bounty program expands to five levels and $100k
 

FaceTec has expanded its biometric spoof bounty program with two new levels and increased funding to further advance the company’s presentation attack detection (PAD) technology for greater security. The spoof bounty program has successfully defended more than 35,000 spoof attacks in the nine months since it was launched according to the company announcement.

Level 4 and 5 on the Liveness.com PAD Artifact/Bypass Attack Vector Scale have been added to the program, and the reward money available increased to $100,000, to enable FaceTec to be informed of unknown vulnerabilities in its liveness artificial intelligence system by white hat hackers and patch them before they can be exploited by malicious actors. The spoof bounty program was originally launched for three PAD attack levels with $30,000 in possible payouts last October.

In an email, FaceTec CEO Kevin Alan Tussy told Biometric Update that while end users may not be aware of them, Level 4 and 5 attacks have been targeting businesses, and are now the favorite attack vector for professional cybercriminals. A government in Latin America was recently forced to shut down a digital identity app when fake identities were found shortly after its launch, despite the app being protected with liveness detection that had been found to conform to Level 1 and 2 PAD standards by an independent testing lab. FaceTec is now in talks with that government to provide its liveness detection technology.

FaceTec 3D Face Authentication has been trained with tens of millions of spoof attacks over seven years of intensive development, FaceTec says, with both digital and physical spoof artifacts, including high-resolution photos and videos, deepfakes, mannequin heads and realistic masks.

“Shedding light on an industry that has been hiding behind its ‘black boxes’ for decades hasn’t been easy, but two years ago we started pushing for third-party Liveness testing so purchasers could make fully educated decisions. We hoped the testing labs would evolve as the threats have, but unfortunately they have not kept up, and, recently, unscrupulous liveness vendors are exaggerating their security levels dramatically,” comments Tussy in the press release. “With the world in the midst of a pandemic, this is not the time to be gaming testing, hyping phony PAD credentials, and selling inferior Liveness Detection that will endanger the digital security of companies, governments, and end-users.”

The company launched Liveness.com last year to promote the concept of biometric liveness detection as the way to stop identity theft while retaining privacy, and Tussy argues that the market would be best served by the transparency of every biometric liveness vendor instituting their own spoof bounty program for Level 1 to 5 attacks.

Tussy says FaceTec hopes NIST will take up the management of spoof bounty programs to raise the bar past where it has been set by for-profit testing labs.

“As the PAD (Presentation Attack Detection) testing system currently works, once a standard is published, a for-profit testing organization reviews it and determines if testing against it is a viable business for them,” he explains. “But if the tests look like they will be too hard for vendors to pass, then the testing lab will probably narrow the scope until they can make it a viable business.”

This could lead to lower security requirements even before the protocol has been approved and the lab accredited by another third party to test for it, by which point the field will have changed significantly. ISO/IEC 30107-3 was published in 2017, and therefore does not refer to deepfake puppets among spoof artifact definitions.

“We will see 3D Liveness Detection become the standard, and 2D gimmicky Liveness, like blink and smile, will fade away as 2D AI has been proven to be less than adequate against emerging threats like deepfake puppets and Level 5 Camera Bypasses,” Tussy says in the email. “We’ll see fewer ‘Perpetual License’ Liveness products and more Liveness as a Service offerings. For example, FaceTec’s software is not a one-time-purchase, because we are continually tuning the AI to address new threats as they emerge, fortifying our AI models to address new threats within a few days and then quickly pushing an update out to our customers.”

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics deployments expand protection against fraud and lying about your age

Biometrics are protecting against false claims of all sorts in several of the most-read articles of the past week on…

 

UN says law enforcement should not use biometrics to surveil protestors

Law enforcement agencies should not use biometric technology to categorize, profile or remotely identify individuals during protests, the United Nations…

 

How to explain the EUDI Wallet? Industry and citizens discuss Europe’s digital ID

The European Digital Identity (EUDI) Wallet is well on its way towards becoming a reality. To explain the major impact…

 

Decentralize face authentication for control, stronger protection: Youverse

The implementation method of biometric face authentication has become increasingly important in recent years due to the limitations of traditional…

 

Researchers develop display screens with biometric sensor capabilities

Traditional display screens like those built into smartphones require extra sensors for touch control, ambient light, and fingerprint sensing. These…

 

Meta, porn industry and Kansas governor weigh in on age verification

As Europe mulls how to restrict access to certain content for minors, Meta offers its own solution. Meanwhile, U.S. states…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events