Outdated biometric liveness tests create ‘false sense of security,’ FaceTec argues
Biometrics are replacing legacy knowledge-based authentication for remote and unsupervised authentication scenarios. But the latest liveness detection report from FaceTec argues that without liveness detection, and 3D liveness in particular, presentation attack detection (PAD) technologies may not perform as advertised.
The 2024 Liveness Security Report reviews the company’s $600,000 Spoof Bounty Program and the activities of FaceTec’s internal red team, and explains video injection attacks. More than 150,000 attacks against FaceTec’s 3D liveness detection have been mounted, all unsuccessfully, under the Spoof Bounty Program in the last two years.
The company’s 3D liveness detection has also passed a 14-day test of video injection penetration attack protection from a European biometrics laboratory, according to the report.
The report suggests that tests against the ISO/IEC 30107-3 PAD standard create “a false sense of security,” since the standard, established in 2017, was “rendered obsolete within just a few years.”
The company has, however, passed PAD assessments by both iBeta and BixeLab.
FaceTec also notes that the 2024 Remote Identity Proofing – Attacks & Countermeasures from the European Union Agency for Cybersecurity (ENISA) highlights the importance of 3D data in liveness assessments, and of spoof bounty programs in general.
“Mechanisms utilising various types of convolutional neural networks (CNNs, e.g. region-based CNNs, deep CNNs) and preference for 3D face liveness over 2D are recommended, considering the developments in quality of the deepfakes that can be produced,” ENISA says of automated artefact detection.
The highest recommendation of FaceTec’s 3D liveness may be the 2.6 billion annual checks the company carries out with, it notes, no reported fraud.
Article Topics
3D liveness detection | biometric liveness detection | biometrics | face biometrics | FaceTec | presentation attack detection
Comments