Presentation Attack Detection: Dissolving the Myth of easy-to-fake Face Recognition
One of the most common assumptions concerning face recognition is that it can easily be faked with one’s photo ‒ which, in times of Facebook and Instagram, is publicly available to anyone. Further, if a facial recognition software cannot be cheated this way, then surely with a video or a 3D avatar. This idea is deeply rooted in most people’s heads, naturally making biometric authentication seem insecure to them. This article will work on dissolving the myth of easy-to-fake face recognition by elaborating on a significant innovation called liveness detection. Scientifically, this is called presentation attack detection (PAD). E.g. it describes the ability of a facial recognition technology to prevent spoofing through 3D masks, deepfake videos, and photos.
A short history of facial recognition technology
When facial recognition systems came up in the 1990s. They were based on image processing and strongly dependent on the field’s state-of-the-art. Back then, the mere capability of analyzing the similarity of two images was the focus of this discipline. Having achieved considerable progress with a focus on faces, this led to the first attempts at commercializing facial recognition in the late 1990s and early 2000s. Despite the highly innovative face recognition industry, successful spoofing with images was making headlines. Biometric companies were testing various techniques, such as blinking detection, which unfortunately could also be tricked easily with eye holes cut into the photos. So, even though the industry was soon aware of the issue, it had problems delivering trusted solutions and keeping up with technological advancements that broadened impostors’ possibilities. The myth of easy-to-fake face recognition was born.
Being deeply rooted in research and development, BioID soon focused not only on the accuracy of their face recognition software but also on mechanisms to ensure fake prevention. As a result of its constant commitment to presentation attack detection, in 2005 and 2013, BioID achieved memorable patents in the field of fraud prevention: liveness detection enabled through motion-based analysis of images. Since then, BioID’s efforts have strongly been directed toward this topic, finally delivering an industry-leading comprehensive face liveness detection solution. In addition to over 15 years of experience in detecting presentation attacks, BioID also leverages the latest technologies. Artificial intelligence (AI) is now a key driver of our fake prevention performance.
Presentation attack detection research for the bad guys
BioID’s face live detection offering takes into account the rapid development of software and hardware technology, e.g. concerning image and display quality. The patented 3D motion analysis only requires two images with slight movement between the capturing. Without the need of special equipment like a 3D camera, the software is capable of deciding whether a real person is sitting in front of the camera or not. In order to prevent video replay attacks, BioID has implemented directional analysis through a challenge-response mechanism. Even if an impostor is in possession of a video of someone, the chances of gaining unauthorized access are minimized as the system randomly asks for certain movements. Ultimately, BioID has invented the so-called “Replay Defender” to stay ahead of fraud attempts through animated 3D avatars as well as high-quality video replays. By combining these different technologies, BioID delivers a stand-alone solution that complements the BioID Web Service (BWS). BWS has thus become a strongly secured authentication service.
Presentation attack detection prevents biometric fraud
Similar to the past, dispelling a myth is not a process that happens quickly and completely. Anyhow, the face recognition industry, with BioID as a key player in liveness detection, is working on delivering an updated picture. New fields of applications are opening up to biometric security as it becomes a trusted part of the authentication area. Use cases like identity proofed onboarding with automated ID checks are benefiting the financial industry. Also, digital identities can be secured with a new level of assurance. Any transaction can be connected specifically to the related person. In terms of GDPR, user consent can be explicitly asked for and proven without doubt. Liveness detection guarantees user presence, meaning any user and company can be sure their digital identities are not used if they aren’t actively there.
What about data privacy?
We can address another myth here: Face recognition does not automatically imply surveillance or misuse of data. Instead, there is a transparent and privacy-assured way of implementing facial recognition with face live detection. For instance, BioID’s pseudonymized biometrics are decoupled from the user management that deals with personal data. This means that we, as the service provider, do not know whom we recognize. In addition, we do not have any other data than the binary biometric template. Combined with strong liveness detection, no one other than the related person can thus use their biometrics. In this context, biometric authentication is the key element for data privacy and security by proofing one’s identity with high levels of assurance (LoA). Anti-spoofing presentation attack detection (PAD) restricts access to accounts and data exclusively to the entitled person, securing these with “face-to-face” identity proofing.
No more fraud. No more friction. Just be recognized.
Liveness Detection/Presentation Attack Detection can be tested at the BioID Playground. For making a test integration of our Web-APIs into your services, please request a free trial instance here: bwsportal.bioid.com/register.
+49 911 9999 898 0