The Fast IDentity Online (FIDO) Requirements provide a comprehensive framework for addressing identity document authenticity verification. It describes a variety of techniques malicious actors utilize to tamper with or entirely falsify documents. These techniques range from straightforward alterations, such as changing numbers or letters, to more complex manipulations like creating entirely fictitious documents or tampering with security features.
Document presentation attacks, or “spoofs”, are when fraudsters use false reproductions of an ID such as photocopies or images on a digital screen to misrepresent their identity during digital onboarding. Our research indicates that a large majority of document attacks on digital onboarding are spoof attacks. It follows that document liveness detection is a crucial security function. Recognizing its significance, FIDO implies the eventual inclusion of document liveness in future updates to the requirements, though it is currently out of scope.
This article discusses the notion of liveness detection as a FIDO requirement, with a particular focus on specific attacks that could be classified under the umbrella of liveness and are currently prevalent in the IDV market. These include:
Screen replays
Printed copies
Printed cutouts (both laminated and non-laminated)
Replications on plastic