Be it a child accessing an online casino with their parents’ photo, a car-sharing vehicle stolen with a fake ID or a formal KYC that is simply tricked with a prerecording, liveness performance directly impacts company’s financial status and reputation. But how can you know if the system is always right?
Liveness detection is a part of almost every identity verification product and still, there are few that can protect platforms from imposters. Most of them can’t handle crafty fraudsters that know all the tricks to bypassing the technology.
We spent the last couple of years on the case, investigating the cunning ways fraudsters break into accounts. Learning by fixing, we tested out dozens of technological solutions long before finally getting to where we are now. Hard work resulted in a celebratory cake and a liveness solution that works.
Now we want to share it with you.
Back to basics: the essence of the liveness technology
Liveness is an identity verification technology that prevents frauds from gaining access to personal accounts and profiles. The solution itself is based on image-processing, face-mapping and motion detection mechanisms.
The majority of liveness technologies are based on 2D projections that analyze images as flat, so they can detect movements but do not scan for depth and micromotions. Now, we are going to look at a couple of examples that demonstrate why throughout the course of our research such systems have failed dramatically in 40% of cases.
How frauds get round liveness checks
Face picture cutouts vs 3D liveness projection
Printing out a picture of somebody’s face and trying to pass it for a real person can break liveness system. Given enough ambition, a catfish can use a printed picture with cut out eyes and blink into the camera themselves — here you have the image and the movement. Before choosing a liveness product, try this trick yourself. The result will most probably surprise you.
Only liveness 3D projection can fight it, as it screens for the depth and separates a flat piece of paper from a dimensional human face.
350+ businesses and 10 000 000 users benefit from the accuracy of Sumsub liveness detection system while getting the highest conversion rates. Learn more about us here.
Why wearing a Donald Trump mask can trick your platform
Basic liveness and 3D checks can catch simple movements — blinking, smiling and tilting your head. Wearing a mask just like you see on the picture, impersonator will be able to trick the system.
Something that can help is an emotions detector — a feature that captures the position of face muscles and screens for micro-motions. This way, a static face with no facial expressions and movements will not bypass the security.
To give an example, here is how it works with our 3D liveness detection. Every dot on the video is a micro-muscle. Once there are the slightest emotional changes on the human face — they move and show that it is a real person on the back of the screen.
Random tasks are your secret weapons
The hardest task for every liveness is to expose a prerecorded video. It has the right movements, mimics, and there is a dimension to it.
Random tasks assigned to the user during the verification routine can help it. The more tasks you have and the more complicated these tasks are — the stronger your fraud protection is. Here, however, you have to think about conversion.
The best choice for us was a two-factor authentification. First, we ask the user to repeat a random movement after an emoji — it can be tilting your head, smiling, etc. Second, we ask them to pronounce a random phrase. Emotion and micromotion sensors can automatically detect if the face of the user is doing the correct movement and mimics the right words. Here is how it looks like.
Platforms have a history of being easily tricked before, with masks, printed images, videos, avatars. That is why we call for stronger identity protection measures.
At Sumsub we aim to make liveness identity verification quick, strongly protected, fun and easy. Talk to our team so we can help you boost the client conversion while securing their privacy and keeping them happy.