Liveness Detection: Fighting Fraud With Anti-Spoofing AI

anti-spoofing id verification

You won’t get five minutes into a conversation about facial recognition before someone invariably mentions the movie “Minority Report.”

This action thriller, set in 2054, shows a future where police use connected psychics to arrest and convict murderers before they commit their crime. Tom Cruise plays the head of the PreCrime division until he himself is accused of the future murder of a man he hasn’t even met.

Flashback to 2018

In a slightly different way, digital identity verification companies like Jumio prevent crime by prohibiting fraudsters from gaining access to trusted networks and ecosystems. However, as we develop new processes and leverage emerging technologies like artificial intelligence and machine learning to detect and deter fraud, the bad actors continue to create new threat vectors and evolve new exploits.

Thanks to dozens of massive, broad-scale data breaches and the resulting rise of the Dark Web, legacy verification and authentication methods have been compromised. Knowledge-based authentication and even two-factor authentication can no longer be relied upon to let the correct user in and keep the bad guys out.

That is, they’re no longer effective for online user verification, let alone PreCrime.

Why KYC Isn’t Enough

A Guide to Fighting Fraud and Financial Crime from Onboarding to Ongoing Monitoring

When a photo of the ID is taken during the digital onboarding process, confirming its authenticity is extremely challenging. Using sophisticated computer vision, OCR and machine learning, identity verification solutions can better detect fraudulent IDs — but that’s only part of the story.  We’ve developed a layered approach that combines a government-issued ID scan, a selfie and 3D liveness detection. Government-issued IDs contain holograms, watermarks or chips and are by far the most trusted means of identification during in-person interactions, but they can be tampered with or forged very convincingly. To curb unwanted alterations, we require the user to take a selfie and their face is then matched with the face on the ID, preventing a stolen and altered ID from passing. Further, we’ve layered in 3D liveness detection to ensure that the correct person is physically present during the verification process, preventing spoofs from representing a live user.

We’ve recently integrated certified 3D liveness detection from FaceTec to thwart the many well-documented vulnerabilities in 2D liveness detection methods which render them susceptible to spoofing. Some common examples of liveness spoofs include:

  • Photo attack: The attacker uses someone’s photo, which is printed or displayed on a digital device. Often, for example, a pencil or ruler can be held horizontally and swiped vertically between the photo and the camera to simulate blinking.
  • Animated avatar attack: A more sophisticated way to trick the system utilizes a regular photo that is quickly animated by software and turned into a lifelike avatar of the fraud victim. The attack enables on-command puppeted facial movements (blink, node, smile, etc.) that look far more convincing to the camera than a lifeless photo.
  • 3D mask attack: With this attack, a mask is worn by a fraudster with the eye holes cut out to fool the liveness. It’s an even more difficult attack to detect than playing a face video, because in addition to natural eye movements, it appears to exhibit the same 3D depth as a real human face.

FaceTec’s technology delivers state-of-the-art 3D liveness detection that can’t be spoofed with 2D photos and videos and has proven resilient to every mask attack it has been tested against. To truly trust an unsupervised authentication, robust liveness detection in real-time is absolutely critical, whether it is for login identity authentication or remote onboarding and enrollment.

The new liveness detection platform has two key advantages for our customers:

1. Resistance to Spoofing Attacks

FaceTec’s ZoOm® with 3D liveness detection is the first and only biometric authentication software to achieve a Level 1 rating in the iBeta (NIST/NVLAP) Presentation Attack Detection (PAD) certification test. The test determines the real-world effectiveness of anti-spoofing technology in compliance with the ISO 30107-3 global standard. In fact, more than 1,500 spoof sessions were attempted over six days of demanding testing and ZoOm achieved a perfect 100 percent anti-spoofing score. Those results are music to the ears of our security team and provides far better protection for our customers.

2. A Better and Faster User Experience

While it’s imperative to detect and deter fraud, business customers know it’s also imperative to ensure that legitimate users have simple, intuitive and low-friction experience. Users simply center their faces in the on-screen oval and move the camera a few inches closer. As they zoom in, the front-facing camera captures high-resolution video frames of their 3D faces. The user experience is easy, fast and intuitive, and the security is unmatched.

While predicting crime is probably still a long way off, preventing it no longer requires a sci-fi-like vision of the future — it’s already here and in use. Jumio’s new liveness detection technology (delivered by FaceTec) helps us better detect online fraud and spoofing attempts while also simplifying the user experience.

While it may appear that Jumio has “psychic” abilities when it comes to discerning fraudsters from good customers, the truth is, it’s not Precogs seeing the future, but sophisticated AI that has learned from the past and powers our identity verification solution.

Identity Proofing and Corroboration guide