The COVID-19 pandemic shone an unflattering bright light on the state of cybersecurity all around the world. By the end of 2021, the global cybercrime loss is expected to total $6 trillion—and $10.5 trillion by 2025. From spoofing to other presentation attacks, the world is seeing a global uprise in cybercrime. In order to combat these types of scams, it is imperative that consumers are aware of the problem and ways to protect themselves. These statistics are alarming but unfortunately without proper education and secure identity proofing, these numbers will continue to grow.
Threats to digital ID security
Spoofing is one of the most common methods cybercriminals use as a means to beat biometric authentication methods. Spoofing is the industry term for impersonating legitimate users with fake biometric identifiers in order to gain access to valuable data. Most spoofing methods rely on faking physical characteristics like facial features, fingerprints, or vein patterns, thereby tricking sensors into recognizing users who are not there.
In March 2021, the facial recognition service of the Chinese government was hacked. As a result, two hackers stole more than $76 million by sending fake tax invoices to companies and their customers. According to the research carried out by Accenture back in 2012, there are basic biometric fraud patterns that hackers exploit systematically. A successful spoof can lead to substantial financial loss for both the individual and enterprise. As a result, biometric providers are relying on several tools in order to combat biometrics spoofing. The biggest method is liveness detection.
Liveness detection defined
Liveness detection in biometrics is the ability of a system to detect if a fingerprint or face (or other modality) is real (from a live person present at the point of capture) or fake (from a spoof or lifeless body part). There are two main types of liveness detections: active and passive. Active liveness detection prompts the user to perform an action that cannot be easily replicated with a spoof. A technique is named “active” if it expects the user to do something to confirm that they are a live person. Normally, a user would be expected to either change the head position, nod, blink their eyes or follow a mark on their device’s screen with their eyes. Additionally, it might incorporate multiple modalities such as keystroke analysis or speaker recognition. Passive liveness detection uses algorithms to detect indicators of a non-live image without user interaction. Unlike the active example shared a moment ago, with passive liveness the user may not be aware that a liveness check is being performed because it doesn’t impact the user experience. Capturing high-quality biometric data during enrollment improves the performance of matching and liveness detection algorithms.
The importance of liveness detection
Biometric solutions are becoming the accepted and preferred method of security and identity proofing. Many mobile applications and solutions have deferred to facial recognition technology now readily available on the latest generation of mobile devices. Facial recognition is a commonly used biometric modality for mobile onboarding and authentication:
- Nearly all mobile devices have built-in cameras that support it.
- The user experience of capturing a “selfie” is exceptionally intuitive and convenient.
- Face recognition is 99.7% accurate and getting more so by the year, according to NIST.
However, without liveness detection, some facial recognition algorithms can be spoofed with relatively little effort due to the wide availability of facial images throughout the internet and the ease at which someone can mask part of their face. For this reason, it is essential to apply robust liveness detection when using facial recognition for mobile authentication.
How strong is the liveness detection in your biometric solution?
In a world with fraudsters, it is imperative that enterprises and consumers stay informed about various cybersecurity scams in order to protect their data. As the world continues to embrace biometric technology, we have to be sure that the liveness detection is strong enough to ward off spoofing and presentation attacks. When looking for a biometric liveness detection vendor for remote digital onboarding or authentication, there are several factors to consider: reliability, speed, the user experience, and third-party presentation attack detection (PAD) testing for anti-spoofing. PAD testing is essential because many active liveness solutions actually do not work efficiently. The liveness software must be proven and validated by a third-party testing lab, such as iBeta, that it is safe and robust. iBeta is an accredited lab with NIST which has tested many vendors’ software for anti-spoofing.
If you are in the market for stronger authentication, the Knomi® mobile biometric authentication framework is a robust option. Knomi provides identity proofing to support mobile onboarding. Its advanced security checks can authenticate driver’s licenses and passports and ensure spoof-resistant biometric facial matching between live and printed images. Additionally, the Knomi solution passed PAD testing levels 1 & 2 in accordance with ISO/IEC 30107-3, conducted by iBeta—an achievement only a small handful of companies have achieved.
Not sure about the liveness detection in your current solution or want to learn more about Aware’s Knomi? Contact us below.