Biometrics: Why Advanced Liveness is a Necessity When it comes to Spoof Detection

Biometric technology is advancing at a rapid pace.  However, it can only be trusted in the real world as long as it is consistently and effectively secure.  A glaring problem for the industry is that customers have not had an objective 3th party test that can verify biometric performance claims, allowing and even encouraging vendors to exaggerate those claims, which has already led to fraud issues.  So let’s lift the lid!

Biometrics are fast becoming a critical part of cyber security, and when done right can be nearly impossible to replicate.  Everyone’s biometric data is unique to them, and once collected by a sensor they are stored as an encrypted binary which cannot be reverse-engineered back into a recognisable analogue image.  However, spoofing – or presenting a non-human, fake representation of an authorized user – is different.

Spoofing can be done in various ways, including typical examples such as using a photo, a video playback, a mask, or even just mimicking a voice.  These derivatives are referred to as “artefacts” and are reproducible representations that can be replayed in non-real-time.  

Just because it appears a user’s traits are present does not prove human “liveness” because the traits are just observed characteristics that can be captured and replayed during a spoofing attempt.  Therefore, true liveness detection in real-time is absolutely critical, whether it is just for a login identity authentication or remote on-boarding and enrolment.  

Many different liveness detection methods currently being used are ineffective and can’t determine the difference between “likeness” and “liveness”.  Even though there have been many solutions offered in the past that aim to solve the spoofing problem, none have been able to effectively perform in 3rd party presentation attack testing, and therefore are difficult to be taken seriously by the market.

Legacy systems that rely on blinking, smiling or head movements can be very easily fooled by videos and animated photos, or replicated by 3D models or masks.  While matching algorithms are improving with every year, liveness detection hasn’t kept pace and many biometric vendors are fully aware they are selling software with serious vulnerabilities.  Deploying strong anti-spoofing systems couldn’t be more of a necessity than it is today.

FaceTec has taken a different and unique approach to solving the liveness and authentication challenges.  Their ZoOm 3D Face Authentication product is a passive process that scans a 3D face with a standard 2D camera to ensure the real user is present and alive, and that they match their previous enrolment.

Measurable perspective distortion (the “fisheye effect”) occurs when a camera is moved closer to a 3D human face, allowing ZoOm to capture much more human signal than can be acquired from photos or videos.  And because the FaceMap includes data from unZoOmed, transitional and fully ZoOmed frames, it can reliably determine 3D depth and human liveness.  This makes ZoOm vastly superior to fingerprint, palm, iris and 2D Face.

Why is this difference important in daily use?  When a biometric authenticator is truly spoof-proof against digital media, 2D representations of a user won’t fool the system, so bad actors can’t take readily available photos or videos from social media platforms and use them to impersonate a correct user.  2D Spoof attempts are futile and stolen user media is rendered useless.

ZoOm detects the difference between “likeness” and “liveness” using Artificial Intelligence (AI), and requires dozens of real human characteristics be observed concurrently.  These characteristics cannot be captured and reproduced without measurable digital generation loss and when identified as a digital reproduction cannot be phished or shared like passwords.  

ZoOm’s world-leading anti-spoofing technology runs during both enrolment and authentication, key to verifying the correct user is present and alive at login.  In addition, ZoOm has a convenient and intuitive graphical interface that has proven very quick to adopt, and is now in production on four continents in banking, connected transportation, government, and ID/access management.

ZoOm’s AI-driven authentication technology has transcended the typical definition of Facial Recognition.  FaceTec’s patented solution recently underwent a rigorous testing programme with iBETA, the only NIST-approved lab, achieving Level 1 compliance with the ISO 30107-3/4 international PAD test standard, delivering a 100% spoof-proof “score”.  No other biometric has been able to pass this test.  You can find out more regarding the iBeta test  here.

Organisations of all sizes have a responsibility to their users to choose security solutions that are 3rd party tested, but in the past it was extremely difficult for enterprises to properly assess the security of biometric systems.  The iBeta PAD test is an important step towards bringing much-needed transparency into the biometrics industry.

A major, revolutionary advancement in digital authentication, ZoOm is rated highest and is cross-platform compatible, working on iOS and Android, and mobile and desktop web browsers using webcams, enabling unparalleled security on most of today’s billions of devices.

Steve Cook, Specialist Biometrics and Fintech Consultant.

18th September 2018.