FaceTec liveness stops all Level 4 biometric spoof, bypass attacks in independent test

FaceTec’s 3D biometric liveness detection technology has succeeded in stopping all attempts to spoof and bypass it with Level 4 attacks.

The company’s SDKs were examined and independently tested by Praetorian Security, which attempted to tamper with data, reverse engineer biometrics, and decrypt and edit the contents of a 3D FaceScan payload, according to the company announcement.

Praetorian found the software has no critical, high, medium or low risk issues, and it scored a 0 percent Attack Presentation Classification Error Rate (APCER), according to the “Spoof Bypass Certification” letter. A single “informational issue” was found.

The penetration test included 200 hours attempting to force a “3D Liveness Success” result, and three weeks with access to FaceTec’s Client and Server SDKs spent attempting to find encryption and decryption flaws that could be exploited to reverse engineer data.

Level 4 attacks are defined in FaceTec’s Spoof Bounty program as attacks which decrypt and edit “the contents of a 3D FaceMap to contain synthetic data not collected from the session,” and “have the Server process and respond with Liveness Success.” Level 3 is for sophisticated biometric spoof attacks, such as with ultra-realistic 3D masks. Level 5 is injection attacks.

Praetorian also performed the recent assessment of FaceTec’s UR Code protocol that similarly found 0 critical, high, medium and low security issues.

FaceTec is profiled as a pioneering developer of biometric presentation attack detection (PAD) technology in the “2025 Face Liveness Market Analysis & Buyer’s Guide” from Biometric Update and Goode Intelligence.

Article Topics

3D liveness detection  |  biometric liveness detection  |  biometrics  |  certification  |  face biometrics  |  FaceTec  |  Praetorian Security  |  presentation attack detection  |  spoof detection