It’s only in movies like “Identity Thief” ID concealment is a comedy story with a happy end.
Actually, frauds of this kind lead to stolen accounts and broken lives. Only in 2020, the number of identity theft cases has risen by 113%.
Hello, digital life under COVID-19!
Given that the majority of financial organizations are switching to remote onboarding and full-cycle digital service, efficient identity verification has become more critical than ever.
With advances in biometric systems, spoofing schemes are becoming more sophisticated. Twenty years ago, fingerprint authentication was a novelty technology believed to be super secure. Now it’s a norm.
To top it off, this norm can be easily cracked with toy things like Play-Doh or silicon masks.
The only thing to protect users from presentation attacks (PAs) is liveness detection for fintech.
Go on discovering this article, but first, check whether your bank app uses biometric liveness algorithms.
What you will learn:
Why biometrics needs liveness detection?
Remember the scandal around iPhone X Face ID technology cracked by a Vietnamese cybersecurity firm?
The technology claimed to be highly resilient to attacks was hacked with a hand-made mask. And this isn’t any sort of joke.
Identity theft is a “silent crime”, experts say that every two seconds someone’s identity is stolen.
To prevent the fastest crime, companies invest in smart biometric systems widely adopted in these use cases:
- digital onboarding;
- access to digital operations;
- ATMs;
- time and attendance control;
- online check-in;
- training.
Biometrics includes different technologies like face recognition, fingerprint verification, iris scanning, vein pattern identification.
To compare, in 2019 the global contactless biometric technologies market amounted to 16.6 billion U.S. dollars. Contactless biometric technologies, in particular face-based authentication, reached 6.92 billion U.S. dollars.
By 2027, both markets are projected to achieve 55.42 and 30.15 billion U.S. dollars milestones.
From payments confirmation to KYC procedures – biometrics is everywhere preferred over passwords and codes by Fintech players.
Over 10 years, worldwide spending in the identity verification market increased threefold.
The respondents of the Statista survey believe that the greatest benefit of biometrics is that it’s quicker and easier than traditional confirmation methods.
But what about security?
The tandem of Mastercard and Oxford University experts found out that 77% of consumers consider face recognition as a secure authentication technology and 93% of customers think that fingerprints are risk-free.
As practice demonstrates, biometrics isn’t a 100% safeguard against deep fakes and spoofs.
Criminals use 3D videos, photos, masks, and puppets to dupe the system. Fingerprints of real people are replaced with silicon models.
UKFinance reports that impersonation scam cases doubled to almost 40,000 cases in 2020, which is the largest increase of all scam types.
It means that even biometrics systems require an extra level of security — fingerprint and face vitality detection for fintech.
Face liveness detection for fintech: what, when and how
Financial players can’t ignore KYC regulation with its requirements for new customer identification.
Earlier, during a live meeting in a bank branch, a manager conducted ID card and documents verification, leaving a small room for fraudsters to impersonate a client.
But now when all banks have gone digital, eKYC has become a new norm.
Adapting to new conditions, banks have to integrate robust liveness detection solutions to make sure that a new client is a real person.
Only after, systems can start a process of cross-referencing checking the ID of a new client with the records in the database.
Liveness is the quality or state of being alive, made evident by anatomical characteristics, involuntary reactions or physiological functions, or voluntary reactions or subject behaviours — ISO/IEC 30107
When financial apps conduct face liveness detection, they measure and analyse a person’s anatomical characteristics and emotional reactions. Only in this way, they can understand that you’re a real person, not a non-living spoof.
Facial recognition liveness detection for fintech is a solution integrated into a bank or financial app.
The most popular software is BioID, FaceTec, Anyline, Thales.
Technologies they deploy include video-based facial recognition, AI-enhanced 3D face verification, and real-time ID verification.
Alongside security issues and legislation requirements, facial spoof detection stems from the need to enhance customer experience and the desire to innovate.
Active and passive face liveness detection in fintech
Active Liveness Testing is based on physical indicators like blinking or smiling. A bank app may ask you to demonstrate an eye or lip movement or facial gesture to log in or sign up.
This method seems to be more reliable than simple selfie scanning, but it’s not.
In March 2021, tax fraudsters hacked the Chinese government active identity verification system with deepfake puppets responding to the app commands.
Free apps like Heritage do this job excellently.
Unlike active spoof-testing, passive liveness checks are more intelligent. They don’t require any actions taken, they take into account the texture and skin features, light exposure, micro-movements. To top it off, passive liveness verification isn’t visible to fraudsters and has high accuracy.
Innovatrics, for instance, runs an instantaneous check in the background of the device. The solution needs only one frame to tell whether a person is alive or a spoof.
MobbScan uses biometric algorithms to compare selfies taken by bank clients and match them with photos from IDs.
MobbScan solutions are integrated with Banco G&T Continental and Pronet’s Payment App AKISI.
Fingerprint liveness detection
Precise Biometrics, one of the popular solutions for instant fingerprint liveness detection for Fintech, explains how biometrics identity check happens:
The user places their finger on the reader. The system creates the template and matches the unique characteristics of the fingerprint with other templates from the database.
In case of a positive outcome, the check is completed, the user is authenticated and provided with access to the app.
In case there’s no match, the access is denied.
There are two types of fingerprint readers: capacitive and FOD fingerprints. The statistics show that the market of FOD fingerprints is growing more quickly than the other technology. The reason lies in better security: capacitive fingerprints can be easily tracked by hackers.
Consider JustСoded as your trusted fintech software development partner
JustCoded, a team of Fintech web and mobile developers, build applications for clients worldwide: EU, UK, MENA, USA, Singapore, Vietnam, etc.
The tasks we cover: mobile app development, app UX/UI design, consulting.
We help our clients overcome different challenges: from Fintech regulations to security issues and scalability ambitions.
The security of mobile apps is our top priority. We always partner only with those software vendors who provide advanced user authentication, sophisticated data encryption and are compliant with data protection protocols.
We integrated FaceTec in one of our recent projects to implement liveness detection for a Login as a Service app.
FaceTec is a feature-rich solution for KYC onboarding paired with liveness checks and 3D testing for ongoing authentication.
It’s applied to any industry, from automobile to finance. FaceTec uses video selfies to verify 3D liveness, compare users’ faces with Photo IDs, OCRs and ID tests. Then searches for duplicates in previously enrolled FaceMaps. These steps are repeated every time the user comes back to the app.
FaceTec’s 3D FaceScans and FaceMaps can’t be phished, duplicated and provide anonymous age checks.
There are 2 types of face data used in the FaceTec Platform: 2D Single Frame Digital Images and 3D FaceScans/Maps.
Users can choose a type or mix them to achieve better results.
Also, FaceTec offers Free 2D Liveness for everyone in need of basic anti-spoofing security.
It works with low camera resolutions and processes single photo frames captured in a semi-supervised environment, e.g. at the airport.
FaceTec has very detailed integration docs for devs working on mobile financial apps.
On a side note
Liveness checks in mobile Fintech apps is a very hot topic now. The news feeds are crowded with stories about recent collaborations between third-party solutions and industry players: Spoko app, BitcoinPoint cryptocurrency platform and others.
The global lockdown gave a green light to digital criminals looking for new victims. And financial companies weren’t ready for this.
Active and passive liveness checks are what can make any biometrics system stronger and the onboarding process — smoother.
Among the major benefits of face & fingerprint live presence check are: high security against fraud and money laundering, better user conversions and satisfaction rate, lower admin costs, competitive edge over rivals.