Today, there is key requirement for remote digital onboarding and authentication practices, and that is biometric liveness detection. Biometrics provide a secure method for matching a person's face, voice, iris, fingerprint or palm, but how do you prevent spoofing attacks or someone trying to impersonate you. This is where liveness detection plays a key role. 

For digital identity, not only do you need to prove that a person is who they say they are but are they a real person in the first place. With an increase in deepfakes and animated lifelike videos that look real, they can fool the majority of onboarding systems. Whether opening a new bank account or applying for a personal loan, organisations need to protect against these kind of fraud attacks. Fraudsters are clever!  They can manipulate a photo of anyone and turn it into looking as if it is a real person. 

Deepfakes will be a serious disruptor for online service providers. There are many celebrity deepfake examples across various social media platforms.  It is easy to recognise them but then what if it is someone you don't know.

This is why robust liveness detection is a must requirement for digital onboarding or authenticating payments which can easily detect whether there is a real person present and not a fake video or screen shot.

Also combining biometrics such as face and voice together in one frictionless process would prevent many of these attacks, particularly with high-risk transactions. Whether it is for onboarding new customers remotely, logins or authenticating transactions, you must consider having real-time liveness detection. 

This is why security around Strong Customer Authentication (SCA) must be able to prevent fraudsters from posing as you. Biometrics do a good job at matching you against your enrollment credentials but liveness detection ensures the whole process cannot be broken.

Liveness detection comes in two forms; defined as active or passive.  Active liveness requires the customer to perform a task such as some kind of gesture motion.  The customer is challenged to perform this task in order to prove that there are a real human being.  However, there are many different liveness challenges on the market today and because there is no standard method, it can be confusing for ordinary customers to grasp.

Most digital onboarding solutions involve capturing the ID (IE a passport or driving license), then taking a selfie to match with the ID photo, then performing a liveness check.

Asking customers to perform a task such as nodding your head, moving the device into your face, leaning into your desktop computer, taking multiple selfies, or having flashing lights in your face can be the difference between signing up new customers or not.  Most of these tasks are completely unnatural.  It is also very time consuming creating an extra step in the process for liveness and if the instructions aren't clear, abandonment rates can run as high as 50%.  A top tier global bank reported that this was a serious issue for them.  Asking customers to nod their head each time when confirming a payment sounds ridiculous and unnecessary.

Liveness detection is an important part of the customer onboarding journey but asking customers to do something to prove they are a real person is where the problem lies.

Active liveness has long had its day, as now there is a new generation of liveness detection which is defined as passive.  Passive means that liveness detection can be adopted smoothly in the process without troubling the customer with complex challenges.  It sits in the background.

Passive liveness is AI based technology using neural network that can now analyse a single frame image, such as a selfie. The same selfie image that is captured for face and ID matching can be used for liveness checking. Hence, removing the extra step, speeding up the digital onboarding journey and providing a simple method for making sure the person is real.  Passive liveness is now leading the market and it is the preferred choice for ID&V and KYC vendors.

Also, it is also important that your liveness provider has been through third-party PAD testing. This is referred to presentation attack detection and it is a global standard ISO 30107-3 for anti-spoofing that means the software has been benchmarked for APCER or BPCER.  Attack Presentation Classification Error Rate (APCER) describes the rate at which a spoof attack is allowed to pass through.  The other kind of error is Bona Fide Presentation Classification Error Rate (BPCER).

So if your organisation has deployed active liveness in your digital identity or onboarding process, you should consider moving to a more passive approach because do you really want your customers to fiddle about with active liveness checks, when a single image method is all your need.  It provides a much better user experience, reduces abandonment rates and makes the whole process frictionless.

If you would like more information, please feel free to contact me.

Steve