Liveness detection to take biometric adoption to new heights
There is a compelling reason to believe that in the next few years, the use of biometrics will massively expand in adoption across the digital landscape. And that reason is liveness detection, more specifically passive liveness detection because it is frictionless to users while being spoof-proof.
The beauty of biometrics is that they possess these fundamental characteristics, which are Universal – Every person using a system or application can be expected to possess the feature (e.g., face, fingers), Unique – Every person has unique, different, and distinguishable aspects of the feature (e.g., facial features, print ridges and valleys), Permanent – The feature is reasonably stable, permanent, and invariable over time for matching, Collectable – The feature set can be acquired, measured, and processed with ease during capture, Defendable – The feature can be defended from abuse, misuse, theft, imitation, and substitution with liveness detection, Performant – The feature when combined with matching and liveness detection performs with accuracy, speed, scale, and ease of use, and finally, Adoptable – The population expected to use their personal features are willing adopters and enrollers.
Criticisms of biometrics have predominantly, and appropriately, focused on privacy, bias, misuse, deep fakes, spoofing, collection, theft, and surveillance as well as user experience, convenience, and cost.
However, our digital post-pandemic world has created an inflection point to rethink and redesign many identity-related ceremonies. For example, passport applications, driver’s license renewals, proof of vaccination, access to electronic prescriptions, consumer banking, employee onboarding and many other in-person ceremonies can all be adequately performed remotely through digital methods. The challenge, until now has been the various regulations and requirements to collect evidence of identity in the form of credentials and documents plus an identity validation process, which has required a person to confirm the evidence is authentic and that the data is valid, current, and related to an actual, live individual via either in-person or in supervisory-mode.
In 2022, the FDIC and Financial Crimes Enforcement Network (FinCEN) held a Digital Identity Tech Sprint challenge to answer “What is a scalable, cost-efficient, risk-based solution to measure the effectiveness of digital identity proofing to ensure that individuals who remotely present themselves for financial activities are who they claim to be?” The designation for market readiness was awarded to Team 6 for their Identity Scoring System (video).
The case for remote, unsupervised identity proofing was made recently by vendor ID R&D with its case study in banking and financial services, where new account or loan applications saw an improvement of 35 percent to achieve a 95 percent completion rate while delivery a higher bona fide classification error rate.
Aware also provides its PAD technology to banks around the world. The use case for remote, online identity verification in healthcare focuses on electronic prescription drugs using liveness detection by another implementation of Aware’s technology, and additional uses cases such as mobile patient registration, patient identification, mobile authentication and identity deduplication are possible.
Another vendor, FaceTec, is up to a billion liveness checks performed per year, including many for fintechs and crypto exchanges like Avarta. One of the company’s higher-profile customers is the Match Group, and owner of the Tinder dating app, to prevent relationship scams and catphishing. Instead of the consumer bearing the burden of performing background checks on potential prospects, social media and data apps can ensure their subscribers are legitimate individuals and screen out fake profiles.
FaceTec also operates a Spoof Bounty, for which it recently increased the scope and payouts available, to stay ahead of any potential vulnerabilities.
As with all new biometric technologies and techniques, it is critical that solutions are independently tested and certified to meet the highest security standards for anti-spoofing and presentation attacks against fraudsters. There are two independent testing labs — BixeLab and iBeta which perform NIST/NVLAP and ISO/IEC-30107 compliance evaluations. Part 3 of the ISO standard was updated at the beginning of 2023. Related standards, such as for biometric sample quality, and tests, like for demographic disparities in liveness, are also being further developed.
As the biometric and liveness detection technology industry and use cases across industries mature, labs are being tooled to go beyond testing for biometric matching and anti-spoofing.
BixeLab also goes beyond standard NIST and ISO accreditations, providing testing services electronic identity verification, algorithm testing, and mobile testing, including to FIDO Alliance standards. Third-party testing helps to ensure the true validity and performance of vendors’ algorithms, baseline bona fide error rates, perform bias checks, and identify bugs before customer’s incorporate SDKs into applications. It is equally important that customer solutions, which incorporate liveness detection SDK’s from vendors, are evaluated for compliance and tested for implementation and production use.
In March, the third edition of the Handbook of Biometric Anti-Spoofing was released which has been updated with broader coverage of presentation attack detection (PAD) methods for a range of biometric modalities, including face, fingerprint, iris, voice, vein, and signature recognition.
Adoption of PAD technologies has accelerated, with providers reporting major sales growth over the past several years. Reports of successful presentation attacks show the need for implementation to expand further still.
The liveness detection market has yet to mature to the point where reliable adoption statistics and market forecasts are widely available.
If there is any silver lining from the past two years of remote interactions, it may be the technical advancement and maturity of the biometrics and liveness detection industry to advance the state of the art for remote and online identity proofing and verification for the masses.
About the authors
Carla Roncato is the Founder of Authora Research and Evangelist at the OpenID Foundation.
Chris Burt is managing editor and industry analyst at Biometric Update.