Liveness detection is a part of almost every identity verification solution on the market; yet very few offer protection against advanced fraudsters, who know all the tricks for bypassing the technology.
We’ve spent the past few years investigating how fraudsters bypass existing liveness solutions. Learning by fixing, we tested out dozens of technologies long before finally getting to where we are now. Hard work resulted in a celebratory cake and a liveness solution that works.
Now we want to share our findings with you.
Back to basics: the essence of the liveness technology
Liveness is an identity verification technology that uses image-processing, face-mapping, and motion-detection to prevent fraudsters from accessing personal accounts and profiles.
Most liveness technologies are based on 2D projections that analyze images as flat, so they can detect certain movements but don’t scan for depth and micromotions. Now, we’re going to look at a couple of examples that demonstrate why throughout the course of our research such systems have failed dramatically in 40% of cases.
How frauds get round liveness checks
Physical cutouts vs 3D liveness projections
Unsophisticated liveness systems can fail to detect when fraudsters use pictures of someone else to pass the check. Given enough ambition, a catfish can use a printed picture with cut-outs for the eyes and blink into the camera themselves—here you have the image and the movement. Before choosing a liveness product, try this trick yourself. The results may surprise you.
Only liveness 3D projection can analyze the depth of the image and separate a flat piece of paper from a dimensional human face.
Why wearing a Donald Trump mask can trick your platform
Basic liveness and 3D checks can catch simple movements—blinking, smiling, and tilting your head. However, these movements can be done when wearing a mask. So, in a mask just like you see in the picture, the impersonator will be able to trick the system.
Something that can help is an emotions detector—a feature that captures the position of facial muscles and screens for micro-motions. This way, a static face with no facial expressions and movements won’t bypass the security.
Here’s how our 3D liveness detection technology works. Each dot on the video is a tiny muscle. Any emotional response will cause these muscles to move, allowing the system to determine whether the person is real.
Random tasks are your secret weapons
The hardest task for every liveness is to expose a pre-recorded video. It has the right movements, mimics, and there is a dimension to it.
Random tasks assigned to the user during the verification routine can help it. The more tasks you have and the more complicated these tasks are—the stronger your fraud protection is. Here, however, you have to think about conversion. For instance, it might be inconvenient for a person if they’re asked to pronounce a phrase during the verification, so they will simply drop onboarding.
Do it Sumsub’s way
Platforms have a history of being easily tricked before, with masks, printed images, videos, avatars. That’s why we call for stronger identity protection measures. Here is how our liveness looks like.
Our system simply asks users to turn their head in a slight circle—that’s it. We also decided not to assign random tasks, as doing so could lower conversion rates. Instead, we employ state-of-the-art technology to detect if fraudsters have hacked a device or inserted a pre-recorded video. This allows us to keep onboarding flows simple while providing bulletproof security.