Virgin Money serves more than 6 million customers across the UK. A digital-first bank, Virgin (now owned by CYBG) implemented digital identity checks to verify customer identities. Two of the identity verification processes the bank employs are facial recognition and selfie capture, which compare selfies at login to selfies on file to prevent fraud. However, fraudsters and their methods are becoming more sophisticated, using deepfakes and or even 3D masks to fool facial recognition technology. To get ahead of the current wave of fraudulent attempts, Virgin also uses liveness detection technology.
What is liveness detection?
Antispoofing.org, an educational resource for the IDV community, defines liveness detection as: “a method of detecting biometric attacks by verifying whether a biometric sample captured by a system belongs to a living person or not. Liveness detection is a capability of a biometric system to differentiate falsified biometric traits presented to its sensors from the genuine ones”. It’s a process through which artificial intelligence recognizes an actual human face in front of it.
So, when a customer takes a live selfie to log into their Virgin Money account, the app can tell the difference between a human and a fraudulent actor holding up a mask or photo or deepfake video to the camera. Liveness detection technology adds another layer of user identity verification to firms’ security approaches, shoring up anti-money laundering (AML) processes and ensuring that, through know your customer (KYC) programs, they really do know their customers.
Liveness detection is also a boon to the user experience. Virgin Money took a digital-first tack to speed onboarding and reduce friction in sign-up and sign-on processes. Liveness detection techniques improve security without sacrificing the user experience.
Gartner's latest report on identity verification
How does liveness detection work?
There are two forms of liveness detection: active liveness detection and passive liveness detection. As the name implies, active liveness detection requires the customer to perform an action, such as blinking or smiling, to verify a human being is standing in front of the camera. The challenge of active liveness detection is that criminals can use presentation attacks to mimic a live person.
Presentation attacks (or face spoofing) usually employ videos, photos, 3D masks or other media that trick an app or service into believing they’re interacting with a real person. These face spoofing attacks can fool active liveness detection software. Passive liveness detection can thwart these spoofing attacks.
Passive liveness detection checks for liveness in the background. By not asking customers to perform an action, passive liveness detection further removes friction from the customer experience and makes it harder for fraudulent actors to spoof real people, in part because the verification happens without the user knowing it.
With passive detection, the platform looks at contextual factors, like the background or even textures in the image its seeing. This helps the identity verification solution discern between a printed image or video and a real 3D person.
What are the types of liveness detection?
Though these examples focus on liveness detection techniques for facial recognition systems, this form of liveness check is not the only way AI can determine whether the appropriate human is accessing the app or service.
Many biometrics systems compare a pre-recorded voice memo with a live recording to authenticate a user’s identity. However, fraudulent actors are learning to spoof voice clips by synthesizing speech or using a recorded replay. Criminals are able to get around voice biometrics because those systems ask, “are you the person you claim to be?”
Anti-spoofing voice liveness detection takes the line of questioning a step further, asking “are you a real person?” Typically, spoofed voices leave signal artifacts behind. Undiscernible by the human ear, liveness detection AI can unearth these artifacts and identify when a voice authentication is actually a spoofing attempt.
Another form of identity fraud, along the lines of using photos or videos to mimic people, leverages fake documents to fool identity verification systems. Criminals will provide an app with a forged document, like a government-issued ID or other proof of residence, to gain access to the victim’s accounts. Document liveness detection solves the problem of document spoofing.
Document liveness detection algorithms use deep neural networks to analyze images. This analysis comprises views scoring of angles, lighting, pixels, and thousands of additional variants. The cumulative score determines if the document being presented is authentic. The speed, accuracy, and efficacy of using machine learning to determine document liveness is far better than even the most expertly trained document analyst.
As criminals continue to evade detection, companies will continue to explore other means of detecting liveness. In the early stage of its development, emotion detection promises to read human emotions through facial expressions and voice fluctuations and patterns. This approach understandably raises ethics questions and is and still in development. It is evident, however, that the push and pull of identity verification will likely continue apace.
Liveness detection is the ultimate biometric add on
Biometrics are gaining steam as the preferred identity verification format. Some analysts believe biometrics will eventually replace static passwords altogether. However you view the trajectory of password-based credentials, it’s clear biometrics offers a more secure method for securing accounts and personal information.
Yet, as has also become evident, fraudsters are increasingly adept at skirting the rules biometrics and other identify verification solutions attempt to stand up. Unfortunately, biometrics without liveness detection isn’t foolproof. These days, liveness detection is a must have, rather than a nice-to-have solution.
That’s why we’ve created MiPass. MiPass is a biometric and liveness-based authentication solution that is safer than passwords, simpler to manage, easy for firms to implement and doesn’t stand in the way of an efficient and effective customer service offering. The liveness detection solution is exactly what is needed in the world of spoofing and presentation attacks. It layers authentication processes on top of biometric enrollment in a leading-edge platform that does not disrupt how customers interact with platforms.
Liveness detection is the future of identity verification
Nearly eight in 10 Brits want banks to adopt the latest technology to keep their accounts safe. Citizens even ranked security as a priority over ease of access or account opening. Securing accounts is the primary way firms like Virgin Money and others earn the trust of their customers.
To earn that trust, organizations turn to ever-more advanced identity verification methods at all stages of the customer journey. Solutions that use biometrics and other user interactions to prevent identity fraud ensure strong KYC policies to demonstrate account security. However, criminals are developing sophisticated methods for fooling more static identity verification methods, including biometric systems.
Enter liveness detection. Liveness detection is the latest in a long line of anti-fraud tools. By homing in on what makes us truly human and what makes us, us, liveness detection platforms represent the vanguard in the fight against fraud. By employing strong authentication methods without sacrificing the user experience, banks and other organizations can continue to earn the trust of their customers, differentiating themselves from competitors in the process.