Without effective countermeasures, bad actors can present a document displayed on a screen instead of one that is “live” and in their physical possession.
The powerful sensors and processors common in today’s mobile devices can be leveraged to conduct onboarding in a way that is cost-effective for organizations and convenient for users. The technologies let us verify identity without in-person supervision, but the process must include countermeasures for each vector of attack that a bad actor could attempt to intentionally misrepresent their identity.
The “presentation attack” is one such attack, where fraudsters falsely present biometric and other identity data that is not “live” and physically present during an onboarding process. For example, without facial liveness detection countermeasures a fraudster can use a digitally displayed image of someone else’s face in place of their own selfie. In this way, a fraudster could open multiple fraudulent accounts and avoid accountability.
Document-based presentation attacks
There is an analogous mode of presentation attack that prompts the need to perform document liveness detection. Document liveness detection helps ensure that images of documents are not a “replay” displayed on a screen or printed on paper. There is an extensive identity proofing process behind the issuance of trusted government-issued documents, and so they can play an extremely useful role in verifying identity during digital onboarding, assuming the validity of the documents and their presentation can be validated.
While document security features help prevent the use of a “fake ID”, preventing document-based spoof attacks ensures that the ID presented is live; that it is physically present and in the possession of the presenter. Otherwise, bad actors could source large volumes of digital images of documents–such as from the dark web–modify them, and then use them to apply for fraudulent accounts at scale.
“Portrait substitution” is yet another related threat. A fraudster might present the document with an image of a different face placed over the original portrait. Without countermeasures, a fraudster could use an ID with a substituted portrait for account applications, perhaps while also spoofing the live selfie. By combining multiple presentation attacks, bad actors can be even more effective at fraud.
Document liveness detection is an important enhancement to digital onboarding processes
While document liveness detection is an effective countermeasure on its own accord, there are benefits from a comprehensive approach to liveness. By ensuring that the face and the document are live, and the face on the document is genuine, there is greater trust in the identity data provided and the conclusions of the identity proofing. With greater trust in the security of the onboarding process, the user can be permitted to make higher-value transactions, be granted higher credit limits, or be granted access to more data.
Liveness techniques and technology – security without negative UX impact is key
Technologies applied to achieve frictionless spoof detection vary, but there are analogies between face and document liveness detection, and several techniques proven most effective for facial liveness detection can also be applied to document liveness. For example, an algorithm that effectively detects a digital screen regardless of the subject of the image can be effective for both faces and for documents.
|Printed spoof||Selfie taken of facial image printed on paper||Image taken of document printed on paper|
|Digital spoof||Selfie taken of facial image displayed on a digital screen||Image taken of document displayed on a digital screen|
|Mask; portrait substitution||Selfie taken of a face while wearing a 2D or 3D mask; paper, plastic, composite, etc.||Image taken of document with paper image of face overlain upon the genuine portrait on the document|
Table: Document- and face-based presentation attacks are analogous
Document liveness detection is essential for secure digital onboarding
As adoption of digital onboarding grows, fraudsters will continue to try to attempt to exploit perceived security gaps. documents play such an essential role in identity proofing, and so spoofing of documents presents a serious threat to digital onboarding integrity where reliable countermeasures are not in place. But data shows that machines are now better than humans at recognizing faces and at detecting facial spoof attempts. Document liveness techniques leverage many of the same approaches and can be applied as an important and complementary fraud countermeasure without adding user friction, enabling higher-value transactions and other benefits for customers.