FaceTec’s bounty for biometric liveness spoofs doubles to $200K
The Spoof Bounty Program run by FaceTec to uncover vulnerabilities and test the defense of biometric liveness detection systems has been doubled, with awards rising from $100,000 to $200,000.
The program was introduced in October, 2019, to further presentation attack detection (PAD) and liveness technologies and research. Since then, FaceTec’s 3D Liveness Detection has been used to defend against more than 110,000 attacks under the program, the company says.
FaceTec advocates for spoof bounty programs to evaluate liveness detection effectiveness against a full range of sophisticated attacks, and encourages other liveness vendors to follow suite with their own programs.
“We hoped PAD testing labs would evolve with threats, but they haven’t kept up, allowing unscrupulous liveness vendors to dramatically exaggerate their security levels,” said Kevin Alan Tussy, FaceTec CEO. “Organizations choose FaceTec because security is paramount to them. Breaches can now cost billions, and more people are being hurt by identity theft than ever before. FaceTec’s mission is to stop fraud, not just check a regulatory box. This is why so many of our customers are in unregulated industries.”
The company also argues that deepfakes are inherently beyond the detection capacity of 2D liveness detection systems, and that they are the top threat to remote identity proofing systems, citing a report by ENISA and a research paper from earlier this year.
FaceTec constructed the bounty program based on testing for NIST testing for ISO/IEC 30107-3 Level 1 and 2 PAD, Level 3 attacks, which are not covered by NIST’s testing programs, and Level 4 and 5 bypasses, to include a full spectrum of attack vectors, according to the announcement. Level 4 deals with tampering with biometric templates, while Level 5 covers camera bypasses like hijacking, emulators and video injections.
biometric liveness detection | biometrics | bug bounty | deepfakes | FaceTec | fraud prevention | presentation attack detection | research and development | spoof detection