Your users have signed up, you've verified their identity and provided them with an account.
Now the user, through no fault of your company, has had their data stolen, their name, date of birth, social security number, drivers license, passport number, home address history, phone number, credit card information, fingerpints, employment history, and secret question answers have all been compromised. With the user's data stolen, how do you ensure the user is still who they say they are?
One of the answers is a new cutting edge technology called Liveness Detection. Liveness detection is used for continuous authentication by using biometrics to verify that a real human is currently present, through means such as facial or vocal recognition. This technique can identify if the user is a real person and not a robot or fraudster. Such tools are typically combined with facial comparison technology to ensure that your now verified live user is the user tied to the account. Liveness detection can be used to detect attemps at spoofing, such as:
- Print Attacks: Presenting a physical copy of a biometric sample, such as a photograph.
- Replay Attacks: Presenting a previously captured biometric sample, such as playing a voice or video recording.
- Deepfake Attacks: Using artificial intelligence or machine learning techniques to generate a visual biometric sample that does not belong to the person presenting it.
- Physiological Manipulation Attacks: Manipulating the physiological characteristics of the person presenting the biometric sample, for example, speaking in a different voice.
- Spoofing Attacks: Presenting a synthetic biometric sample, such as a 3D-printed face or a synthetic voice.
Visual liveness detection can be done actively whereby a user is required to perform a specific task, such as blinking or smiling, or passively, allowing for a smooth user experience, with both methods often only requiring a split second of camera interaction.
Liveness detection is becoming an increasingly important part of continuous authentication. It provides an additional layer of security that can help to prevent malicious actors from accessing sensitive data, helping to ensure that only the rightful owners can access accounts and systems.