Facial biometrics currently represents the cutting edge of online identity verification, and companies such as PXL Vision are focused on taking it to the next level.
The technological innovations that are at the forefront of facial biometrics are being researched and developed at the intersection of artificial intelligence and machine learning. This matters, given the entire industry is constantly looking for new ways to innovate and deliver a better customer onboarding experience.
With the current Covid-19 pandemic situation still upon us, our societies are undergoing a rapid reorganization as we shift more of our services online in order to allow greater social distancing. This shift towards convenience is now accelerating at an exceedingly rapid pace, and more customers are digitally onboarding using biometric identity verification services.
From home office to distance learning, internet banking, online shopping and streaming of at-home entertainment, more and more of our daily interactions are taking place online. The OECD reported that the Covid-19 crisis has placed an unprecedented demand on communication networks, with some operators claiming a 75-80% increase in Internet traffic.
As a result of this migration to a more centralized online existence, is the pressing need for a more robust, secure and trusted digital identity verification platform. This is required, so we can know and trust our work colleagues and fellow students – or allow banks and online merchants to know who their customers are.
A long practiced method for online identity verification has been founded on biometrics. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Examples include, but are not limited to fingerprints, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odor/scent.
On the other side of online identity verification are the hackers, fraudsters and spammers that work towards bypassing these “secure” verification procedures for their own illegal gain. These criminal individuals are at times successful, providing the impetus for companies to improve the robustness of their online identity verification platforms.
In some cases, it is necessary to rethink the identification method used in its entirety. For instance, the still widely used method of fingerprint scans as a biometric sign-on solution, has been proven to be easily beatable. Already back in 2013, a league of whitehat hackers from Germany, the Chaos Computer Club (CCC), demonstrated how easy it was to create a fake fingerprint from a scan.
Hacker Starbug from the CCC quipped: “As we have said now for years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
Because it has been proven that biometric fingerprint technology is not as secure as once thought, other methods for online identity verification are being researched and developed.
One of the more promising methods rising out of this research is facial biometrics, which is currently on the forefront of online identity verification. One clear advantage to facial biometrics is that, unlike fingerprints, people do not randomly leave their face prints around. As it happens, people do leave pictures and videos of themselves all over the internet.
Hackers can take this visual media and perform what are commonly called ‘presentation attacks’ on facial biometric secured platforms. Therefore, constant innovation in the industry is required.
One such attempt to get around the new Apple Face ID is posted here by whitehat hacker Andrew Sink. Sink made a mask from his own face in an attempt to fool Apple’s platform, and he was surprisingly semi-successful. If an amateur hacker can almost fool Apple’s facial biometrics, what are the implications for businesses trying to secure their customer’s data with less secure software solutions?
Active vs. passive liveness detection
There are two main methods in use when checking if the person behind the camera is a real “live” person. One is known as active liveness detection and the other as passive liveness detection.
To the uninitiated, active liveness detection certainly sounds better than passive liveness detection. Here is why it’s not:
“Move your head from left to right… now blink 5 times… then smile slightly…. now touch your nose and ears at the same time … now do all of the above 2 more times really fast while holding your breath!”
What you just read was an example of the sometimes too elaborate instructions for active liveness detection. A little exaggerated of course, but you get the idea. Not surprisingly, there are often many user dropouts when onboarding with active liveness detection as people become frustrated with the instructions.
The cumbersome user experience aside, active liveness detection is also not immune from hackers as it can easily be spoofed through presentation attacks.
Passive liveness detection explained
Just as the human eye can spot the difference between a real person in front of them and a photo, so too can machines. PXL Vision’s R&D into passive liveness detection employs artificial intelligence and machine learning technologies in order to stay one step ahead of the hackers.
Passive liveness detection is named as such because it doesn’t require the user to perform any of the motion tasks of active liveness detection. The user is instructed to take a normal video selfie of themselves and that is all. With this user-side simplicity, hackers are often unaware that there is a liveness check in progress and thus have no idea that there is even a process to beat.
While both methods require the user to take a selfie to prove who they are, the backend still needs to prove if it is actually a real person. Deep fake images, morphing and AI can fool most systems. Even simple photos and masks cannot be detected if there is no security layer. A replay attack using a video can also bypass most of these processes too. Therefore, what’s the answer?
Identity verification with facial biometrics at PXL Vision
Successfully verifying an identity using PXL Vision’s software involves a two-step authentication process.
The first step examines the user’s documents and the second step the person:
1. The submitted ID documents must match the person
To meet the first prerequisite, the onboarding user has to “capture” their ID card with their smartphone camera. PXL-Vision extracts all of the relevant data from the user’s identity documents, applying its in-house researched and designed software. The software performs a state-of-the-art enhanced comparison of the Visual Inspection Zone (VIZ) and the Machine Readable Zone (MRZ) of the user’s uploaded identification documents and checks its authenticity by verifying hundreds of visual key features on the document simultaneously. There is also an additional option that detects and checks specific visual security features such as holograms and data from NFC biometric chips.
2. The person submitting the documents must be “live”
The second prerequisite requires the person submitting their documents to be “live”. This measure, extremely important to facial biometrics, is meant to protect us in a world where our biometric data is often accessible through a quick Google search or easily found on our social media channels.
As shown in Sink’s video above, hackers are already hard at work attempting to bypass these facial biometric platforms using presentation attacks. As evident in the video there are a number of “liveness” attributes that are being looked for but it is not yet entirely clear what they are or how to get around them.
After PXL Vision has verified the authenticity of the document and the liveness of the user, another step is made to ensure that the document also belongs to the user. The face verification tool compares the user’s face from the video-selfie to the photo printed on the identity document and/or stored on the NFC chip.
PXL Vision’s facial biometrics innovations
Because all biometric identity verification processes are vulnerable to sophisticated presentation attacks, the goal is to detect these attacks without introducing too much friction into the process.
PXL Vision and its proprietary passive liveness detection software finds itself on the cutting-edge of facial biometrics. By analyzing depth, texture and appearance and employing sophisticated deep learning algorithms, PXL Vision is able to lower fraud rates without causing customer abandonment of digital onboarding processes.
PXL Vision believes in a truly passive liveness detection approach that doesn’t require active participation by the user. It operates in the background, detecting features such as edge, depth and motion detection, as well as passive observation of features such as skin texture.
There is also an emotion analysis function in the works, which determines if the user is being forced to perform a verification. By capturing such a large amount of information in a single take, PXL is able to make a particularly fast decision with a higher than 99% accuracy rate.
Flexibility is key
Given the current backlog and immense need for a large number of online identity verifications, PXL Vision’s technology aims for a flexible and fully-automated approach with as little human involvement as possible. Of course, there will always be the option for a manual check as a backup if anything goes awry.
PXL Vision is the industry leader in facial biometrics and online identity verification
In addition to serving many customers across a variety of industries, PXL Vision provides the ID verification services to SwissID, the national standard in digital identity in Switzerland.