First, let’s start with some level-setting on definitions. What do we mean by “biometrics”? The word itself has a sci-fi movie feel—and indeed, retinal scanning and voice recognition are biometrics that Captain Kirk and 007 used in their outer space and international espionage shenanigans. But even if you aren’t a starship captain or secret agent, you likely still use biometrics more than you realize.
At their simplest, “biometrics” are any kind of technology that tracks a person’s unique features to verify their identity. This can be as commonplace as the fingerprint scan to open your phone. But that simple level of biometrics is often not as secure as you’d think—there have even been cases of play-doh being used to unlock phones by transferring fingerprints.
The more advanced biometrics involve facial matching and analytics, yet even many of these solutions can still be “spoofed.” As digital identity document verification starts to rely more and more on different levels of biometric algorithms, getting those biometrics right—that is, making sure they’re accurate without introducing excess friction—is becoming an increasingly crucial competitive differentiator.
The Key to Unlocking Better Biometrics
Biometrics are a highly accurate way to identify that a person is who they claim to be—if those biometrics are used correctly. “Liveness” tests are the key to unlocking truly reliable biometrics.
Liveness tests ensure only real humans can create and access accounts, and by doing so, solve some very serious problems that can completely invalidate any identity documentation verification. For example, Facebook had to delete 5.4 billion fake accounts in 2019 alone! Requiring proof of liveness would have prevented these fakes from being created in the first place.
So What is “Liveness”?
“Liveness” is a test performed during an identity verification process which typically occurs during user onboarding or as an authentication check later in the customer lifecycle. Combined with advanced biometrics, liveness detection ensures that the person trying to get through security checks has captured their selfie in real-time and isn’t using an image of an image, a stolen photo, or even a life-like mask or other advanced spoofing attempt to create or access online accounts.
How Does Liveness Go Wrong?
Biometrics and liveness in identity document verification are typically used to answer three questions:
1. Does the photo of the person presenting the document match the photo on the document?
2. Is the photo of the person submitting taken in real-time and accurately depicting the submitter?
3. Is the person depicted in the selfie actually alive?
To answer those questions, most identity document verification providers rely on a liveness check that involves an active movement to prove “life.” This could be reading numbers on the screen aloud, blinking, following along a line coming down the screen, turning a certain way, or some other form of proof. The assumption is that a spoofed photo cannot mimic the actions of a live person. But these liveness checks create friction, introduce latency, and inform fraudsters of the steps necessary to break the system. In fact, many are now easily broken. At best they add user friction at a crucial part in the process; at worst, they cause drop offs entirely (and are ineffective to boot). They also aren’t compliant with Web Content Availability Guidelines (WCAG), which are the Internet’s gold standard to ensure utmost accessibility.
How Socure Gets it Right: Passive Liveness and Biometrics
With Socure’s Predictive DocV solution, liveness checks occur in the background (which is called “passive” liveness in the industry), with no input needed from the user, so they don’t add friction to the onboarding experience. A single frame capture is used for both photo matching and liveness detection, then automated biometric algorithms reduce friction while maintaining accessibility and accuracy.
Socure data science engineers have created a new proprietary computer vision model that predicts the age of the selfie and measures it against the age on the document being verified, among other “secret sauce” passive liveness tactics. Socure DocV also employs predictive risk signals and advanced algorithms specifically targeted at the new levels of identity fraud detected across the company’s customer consortium. This means that the more a fraudster tries to break through, the more Socure’s machine learning recognizes them, the harder it gets to perpetrate fraud, so forth and so on.
Find Out if Your Identity Verification Provider Gets Biometrics Right
Talk to your provider about how they measure liveness, how they use biometrics, how they ensure accessibility, and what level of friction it all introduces (including latency—videos are commonly part of liveness, which often cause huge latency delays due to bandwidth constraints). Their answers may surprise you. Then, talk to Socure about what we’ve done to meet the highest standards of certification in biometric and liveness capabilities.
Joel Sacmar is a Senior Solutions Consultant at Socure and has more than a decade of experience in identity verification and biometric authentication. In a previous role at Daon, Joel led the services team's enterprise deployments, including working with USAA to become one of the first major U.S. financial institutions to deploy voice and facial recognition for consumer mobile login. Prior to joining Socure, Joel worked as a Senior Solutions Engineer at Onfido to expand their North American presence.