The Fast IDentity Online (FIDO) Requirements provide a comprehensive framework for addressing identity document authenticity verification. It describes a variety of techniques malicious actors utilize to tamper with or entirely falsify documents. These techniques range from straightforward alterations, such as changing numbers or letters, to more complex manipulations like creating entirely fictitious documents or tampering with security features.
Document presentation attacks, or “spoofs”, are when fraudsters use false reproductions of an ID such as photocopies or images on a digital screen to misrepresent their identity during digital onboarding. Our research indicates that a large majority of document attacks on digital onboarding are spoof attacks. It follows that document liveness detection is a crucial security function. Recognizing its significance, FIDO implies the eventual inclusion of document liveness in future updates to the requirements, though it is currently out of scope.
This article discusses the notion of liveness detection as a FIDO requirement, with a particular focus on specific attacks that could be classified under the umbrella of liveness and are currently prevalent in the IDV market. These include:
- Screen replays
- Printed copies
- Printed cutouts (both laminated and non-laminated)
- Replications on plastic
An introduction to several document-based attacks
Screen replays involve displaying the digital image or video of an original document on a screen and presenting it as genuine. This technique is problematic because it can effectively reproduce color, font, and design elements, potentially misleading automated or human verification systems. As with screen replays, the quality of screenshots can fluctuate. Some may exhibit a noticeable Moiré effect, an unwanted image distortion resulting from an overlapping grid pattern between the digital screen and the camera capturing it.
On the other hand, some screenshots are captured using high-resolution screens in low-light settings to eliminate glare, resulting in significantly high-quality images. This poses a considerable challenge for verification procedures due to their near-perfect reproduction.
Printed copies refer to physical duplicates made using a printer. While these copies may not exactly replicate security features found in the original documents, their deceptive similarity in layout and design can trick untrained eyes or less sophisticated verification systems.
Printed cutouts are another class of forgeries where parts of a genuine document are printed, cut out, and used to replace parts of another document. These can be non-laminated, laminated, or even replicated on plastic. Non-laminated cutouts can be easily detected due to their texture and the discrepancy between the original and forged parts. Laminated cutouts, on the other hand, can appear more authentic, as the lamination can obscure subtle differences.
Finally, cutouts on the plastic attempt to mimic the feel and rigidity of some security cards or documents, making them even more challenging to detect.
Detection document liveness and the role of AI
Artificial Intelligence (AI) algorithms play a significant role in discerning between original documents and these numerous types of forgeries. Top-performing AI systems are usually trained on extensive datasets, including millions of examples of both original and forged documents. By learning to recognize subtle discrepancies in texture, document edges, and printing resolution, these algorithms can outperform human verification methods in both speed and accuracy. Such deep learning models like EfficientNets are widely used in this task while Vision Transformers (ViT) are coming. However, the most impressive feature is that the AI-based approach for document liveness can be geographically agnostic. The printing resolution, background texture, or document edges can be learned by AI with no dependency on font type, language or country issued the document providing the new global level of the service.
The continual evolution and refinement of AI models enable them to adapt to emerging forgery techniques, thereby staying one step ahead in this ongoing game of cat and mouse. In conclusion, the concept of “liveness” offers a new frontier for combating document forgery, extending the principles and techniques outlined in the FIDO standard. By understanding the intricacies of liveness-based attacks and harnessing the power of AI, we can enhance the integrity of our document verification processes, bolstering our defenses against an ever-evolving threat landscape.