Passive liveness detection: how to stop presentation and replay attacks
In recent years, businesses have to deal with a growing number of online scams and identity thefts with a potential devastating impact. As reported from several statistics, including the ones of the Federal Trade Commission of the United States (FTC) and the Identity Theft Research Center (ITRC), the breach into banks, insurances companies or other public or private institutions has been rising exponentially over the years (along with cybercrimes in general) and the trend does not seem to slow down.
Facial recognition technology is not enough to stop all the spoofing attempts of fraudsters. Using relatively simple and cheap technology, or with the help of deepfakes, criminals are indeed often able to break into these systems causing million-dollar losses, jeopardizing the financial stability and destroying the reputation of thousands of businesses.
In order to more effectively deal with these threats, passive liveness detection can act as a valid support to facial recognition, increasing its safety and effectiveness with a sophisticated as well as user friendly method.
In this article, we will clarify how passive liveness works, analyzing the differences with active liveness and exploring its numerous advantages.
Liveness: What Are We Talking About?
In biometrics, the concept of liveness detection can be defined as a method of differentiating a live input from a fake or spoofed one. Introduced almost 20 years ago, long before the rising of AI technology, at the time it was executed by human operators in a rather simple way, such as showing your ID document on a video call to confirm your identity and the correspondence of your physical appearance with the picture in the document.
This procedure is known as “liveness check” and has been obviously evolving since then, but its functioning principles remain the same. Nowadays, liveness detection (also defined as Presentation Attack Detection, or PAD) involves a series of different software able to differentiate a live person from fraudsters who are using deceiving photos, avatars or AI techniques.
Active and Passive Liveness: what are the differences?
We can differentiate two main categories of liveness, called “active liveness” and “passive liveness”. From a user’s perspective, “active liveness” requires a series of intentional activities in front of the camera, for instance inclining your head, smiling, nodding or making similar physical movements in different directions. At that point, the system normally uses liveness algorithms that “catch” images from the video stream and detect presentation attacks, neutralizing spoofing attempts (for example the ones using pre-recorded videos or photos) recognizing your 3D movements.
Passive liveness, on the contrary, doesn’t require any intentional action and relies only on one snapshot, which is then analyzed by AI operating in the background. Through special sensors and deep learning methods, it automatically recognizes some physiological characteristics and checks in real time if the user is live and present, stopping presentation attacks. In detail, we can summarize two main differences between active and passive liveness:
- Active liveness integrates AI with more than one image, while passive liveness requires only one snapshot
- To properly function, active liveness needs the user to perform a conscious movement, while passive liveness doesn’t involve any voluntary action.
Why Is Passive Liveness better?
Although at first sight it may seem effective to detect potential hackings, active liveness detection is extremely vulnerable. Fraudsters are in fact still able to bypass the system in a relatively easy way, carrying out an effective presentation attack that doesn’t require expensive tools. To steal one’s identity and spoof the active liveness check, they often need to invest only a few dollars buying a cheap 3D paper mask (or other similar gadgets) following the indications as if they were the real user. In other cases, they can also effectively carry on a presentation attack by modifying photos or videos.
Being based on a sophisticated AI technique, passive liveness is instead far more effective. Not having to rely on the user’s collaboration, the system operates automatically on the background relying on the detection of elements such as depth and texture within a few seconds. This way, it is able to successfully detect a presentation attack by immediately recognizing 3D masks, photos, animations and even more sophisticated deepfakes.
User Friendly Solution
The effectiveness of passive liveness technology in detecting presentation attacks is not the only reason why this solution is preferable to active liveness. Another huge advantage is being user-friendly: a lot of times people get extremely upset by active liveness checks and procedures, having to execute movements and activities that can easily be misread by the system and in some cases can lead the user to abandon the online interaction. This could create serious financial damages for businesses, negatively impacting their ability to attract and satisfy their customers. Passive liveness doesn’t require any effort from the user, who would just act normally not even realizing that the liveness check is going on. A simpler online interaction is often completed successfully, creating a safer environment for the user, providing a big advantage for businesses who aim to gain the trust of the public and increase their potential cash flow.
When Is Passive Liveness Used (And Why Is Crucial)
As mentioned, the increasing number of online frauds is one of the main threats businesses have been facing in recent years. Thanks to its simple and user-friendly features, passive liveness detection is key in fighting spoofing attempts in a fast and effective way, acting as an efficient support to facial recognition. A great variety of activities, including Know Your Customer (KYC) procedures, can benefit from passive liveness. Just think about the authentication processes often used by employees to register their presence in the office, or security systems normally provided by banks or institutional websites to protect their clients’ identity. In the future, the importance of passive liveness will certainly increase, as demonstrated by innovative digital shopping models through which customers can buy goods or lease services by using self-checkout stations. In all these different scenarios, passive liveness will with no doubt be the best system to detect a presentation attack in an easy and not invasive way.
15 interesting use cases for passive liveness
- Access control: A passive liveness solution could be used to verify that the person attempting to access a secure location or system is a real, live person and not a photograph or video of someone.
- Banking and financial transactions: Passive liveness checks could be used to confirm the identity of a person attempting to access a bank account or make a financial transaction online.
- Online education: A passive liveness solution could be used to verify the identity of a student participating in an online exam or class.
- Health care: Passive liveness checks could be used to confirm the identity of a patient or healthcare worker accessing electronic health records or other sensitive information.
- Government services: A passive liveness solution could be used to verify the identity of a person accessing government services online, such as filing taxes or applying for a passport.
- Employment verification: A passive liveness solution could be used to confirm the identity of an employee during onboarding or when accessing certain sensitive systems or data.
- Online gaming: Passive liveness checks could be used to verify the identity of a player in an online game, helping to prevent cheating and ensure fair play.
- Social media: A passive liveness solution could be used to verify the identity of a person creating a new account on a social media platform.
- Customer service: Passive liveness checks could be used to confirm the identity of a person interacting with a customer service representative over the phone or online.
- Mobile apps: A passive liveness solution could be integrated into mobile apps that require secure access, such as banking or messaging apps.
- Online dating: A passive liveness check could be used to verify the identity of a person creating a profile on an online dating website, helping to ensure that users are who they claim to be.
- Online auctions: Passive liveness checks could be used to verify the identity of a person bidding on items in an online auction, helping to prevent fraud and ensure fair play.
- Government identification: A passive liveness solution could be used to verify the identity of a person applying for a government-issued identification, such as a driver’s license or passport.
- E-commerce: Passive liveness checks could be used to confirm the identity of a person making an online purchase, helping to prevent fraud and ensure the security of sensitive financial information.
- Travel and hospitality: A passive liveness solution could be used to verify the identity of a person checking into a hotel or booking a flight online, helping to ensure the security and safety of guests.
For more information on how fight back deepfakes, online frauds or other spoofing attempts, contact us at: email@example.com