Passive liveness: what, why and how does it work?

Selfie

Identity document authentication allows your organisation to verify government-issued identity documents to help determine who you are working with, as an important first step to reducing fraud. However, in the online world, when you may not wish to or be able to meet people face to face, how do you ensure that your applicant is the person on the document?
Facial Recognition biometrics can offer an additional layer of fraud prevention, particularly when combined with a liveness test. Liveness testing ensures that a selfie image is taken by a real person and isn’t a photo, video playback or even a mask.

TrustID face match services rely on Passive Liveness – a key way to protect against spoofing and provide a frictionless customer experience.

What is Passive Liveness?

Employing a liveness test is critical in preventing spoofing – also known as Presentation Attacks – such as photos images being accepted as the real person during the facial recognition matching process. Common Presentation Attacks include people trying to use printed photographs, cut-out photos, video replay and masks.

Until now, most systems used some form of active liveness testing, such as blinking, smiling, or moving a head back and forth to detect liveness, assuming that a photo image cannot mimic the actions of a live person. However, active liveness tests can create customer friction, take time, and inform fraudsters of the steps necessary to break the system.

Passive liveness requires no additional steps from the user to detect liveness, which results in less friction and lower user abandonment during processes such as remote customer onboarding.

How does Passive Liveness work?

The passive liveness detection in our service uses a single frame to accurately determine liveness. It works by examining a single image captured from any smartphone or web camera. Like most face biometric systems, it determines matching based on a selfie; if the selfie is good enough for the face recognition technology, it is good enough for the passive liveness check.

Passive liveness processes the selfie image via Computer Vision Machine Learning (CVML). There are three main parts to the algorithm: face detection, quality engine and liveness engine.
The face detect engine uses 68 focal points to ensure that the image represents a single person and will reject images with multiple people. The quality engine gauges facial position for good analysis, measuring things such as pitch and angle of the face.
Machine Learning examines a wide variety of image elements to help distinguish between a photo of a live person and a Presentation Attack.

The software fuses the output of these analyses to assess liveness either Live, Not Live or Poor Quality.

Why use passive liveness?

Passive liveness adds an additional layer of security to a document verification process by ensuring that the document is being presented by a live person.

The system doesn’t require an applicant to make any movements or gestures or capture additional video to recognise them as a live person: they just need to take a selfie for facial recognition and the technology works passively in the background. This keeps the user experience as simple and quick as possible.

As a single frame solution, users get no indication of when liveness testing is happening or what the service is looking for, which means that fraudsters also get no clues on how to beat it.

The single frame approach minimises the amount of data that needs to be sent from the device, compared to solutions which send multiple frames or videos of photos. The result is an easier, faster and more secure liveness solution.

 

If you’d like to find out more about our face matching biometrics and how they can add additional security to your on-boarding process, please get in touch or

Find out more about face biometrics here

What being ISO27001 certified means

Our IS27001 accredited certification lets you know that we follow information security best practice, helping to eliminate or minimise the risk of a security breach, keep information secure and ensure compliance with data protection regulations.

ISO logo