Liveness test

Last updated

A liveness test, liveness check or liveness detection is an automated means of checking whether a subject is a real person or part of a spoofing attack. The technique is used as part of know your customer checks in financial services [1] and during facial age estimation. [2]

Contents

Liveness detection is a cornerstone of digital safety. [3]

Test process

The threat in face spoofing attacks is that "the attacker only needs to find a good face swap library on Github and understand how to inject the model in the camera feed during the KYC process". Fraudsters usually buy stolen IDs on the dark web to start a deepfake attack. An AI-powered generative adversarial network (GAN) then generates the face swapping model that most online verification services will not detect. [4] Low level hackers may use face swapping apps such as SwapFace, DeepFaceLive, and Swapstream (increasing interest for those apps in 2023 according to Google Trends). [5]

In a video liveness test, users are typically asked to look into a camera and to move, smile or blink, and features of their moving face may then be compared to that of a still image. Artificial intelligence is used to counter presentation attacks such as deepfakes or users wearing hyperrealistic masks, or video injection attacks. [3] [6]

Other forms of liveness test include checking for a pulse when using a fingerprint scanner [7] or checking that a person's voice is not a recording or artificially generated during speaker recognition. [8]

Adoption and certification

In a 2022 report published by the security firm Sensity, it was demonstrated that the liveness test of most US banks was easily cheated with new and publicly-available AI-powered techniques. Many of these banks disregarded the results of the report. [4] [9] In the first half of 2023, the security firm iProov detected a 704% increase in face-swap attacks. [5] In 2023, in the UK, many customers of Ryanair were upset to have to go through many ID verification checks, including liveness tests, before boarding, as the airline was using it as a mean to deter customers to buy tickets through third-party websites. [10]

In the first half of 2024 iBeta Quality Assurance issued 18 new ISO/IEC 30107-3 Presentation Attack Detection certificates, raising the cumulative total to 85 since 2018. [11]

In January 2024, the Department of Homeland Security (DHS) opened applications from vendors to test their Liveness test. Identity frauds peaked during the covid-19 lockdown, leading government agencies to take reinforced measures to secure their digital applications. [12]

See also

References

  1. Vincent, James (May 18, 2022). "Liveness tests used by banks to verify ID are "extremely vulnerable" to deepfake attacks". The Verge .
  2. Omran, N; Alrayes, M; Khlifa, Z; Alfagi, A (July 2022). "Real-Time Liveness Detection Algorithm Based on Eyes Detection and Utilize Age Estimation Technique to Build a Controllable Environment" (PDF). International Science and Technology Journal. 30.
  3. 1 2 Akhtar, Khurram (9 February 2024). "A Guide To Liveness Detection: Enhancing Facial Recognition Security". Forbes. Retrieved 2025-10-29.
  4. 1 2 Petkauskas, Vilius (18 May 2022). "Deepfakes are scary good at bypassing remote identification". Cybernews. Retrieved 2025-10-29.
  5. 1 2 Cluley, Graham (8 February 2024). "Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire". www.tripwire.com. Retrieved 2025-10-29.
  6. Simonchik, Konstantin (2024-05-02). "Video injection attacks: What is that and the way forward?". Biometric Update. Retrieved 2025-01-02.
  7. "How to prove and verify someone's identity". GOV.UK .
  8. Slivova, Martina; Voznak, Miroslav; Tovarek, Jaromir; Partila, Pavol (March 1, 2022). "Detection of speaker liveness with CNN isolated word ASR for verification systems" . Multimedia Tools Appl. 81 (7): 9445–9457. doi:10.1007/s11042-021-11150-1 via ACM Digital Library.
  9. Vincent, James (2022-05-18). "Liveness tests used by banks to verify ID are "extremely vulnerable" to deepfake attacks". The Verge. Retrieved 2025-10-29.
  10. "BBC One - Rip Off Britain - Why do I need to verify my Ryanair flights?". BBC. Retrieved 2025-10-29.
  11. "iBeta Liveness Trends H1 2024". Axon Labs. 2024-10-01. Retrieved 2025-06-29.
  12. "Next digital identity testing at DHS to focus on 'liveness' detection". Nextgov.com. Archived from the original on 2024-01-25. Retrieved 2025-10-29.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.