New forms of authentication will shape the future of digital identity, with privacy as the cornerstone.
Passive proof of life: An enhanced customer experience
Ver versión en Español
Using passive proof of life in identity verification procedures optimizes the possibilities offered by facial biometrics and provides the entire operation with security and control.
acing ever-growing cybersecurity challenges, biometrics is emerging as a trustworthy and accessible technology; its maximum potential still to be discovered. Today, most people are familiar with fingerprint or facial recognition systems to activate services or devices. Developers are more concerned than ever with humanizing technology and in this sense, artificial intelligence offers exceptionally efficient possibilities adaptable to client needs. This is the case in facial recognition proof of life procedures, which helps in the automation of onboarding where they perfectly verify the identity of the person on the other side of the screen.
Implementing an active proof of life is an efficient way to avoid fraud against facial recognition systems, known as presentation attacks (PAs). PAs range from inserting fake images on a screen or cropped photos of the person to be imitated, to masks or 3D reproductions. Nevertheless, active life tests, which require the user to smile or make specific gestures with their head, also have some drawbacks. The very mechanism of these tests provides criminals with valuable clues on steps to be taken and can as well be frustrating for customers.
On the other hand, passive proof of life eliminates these concerns by reducing friction throughout the customer journey and saving time. While active solutions need to capture video pieces or multiple images to detect subtle changes, thus allowing you to detect life; passive mechanisms use only a single frame, a still image. The user takes a Selfi and this same pose works to trace the faith of life. It works through a system that requires no cooperation and, imperceptible to humans, provides no clues to fraudsters as to what methods are being used. This image assessment does not require any important technical specifications.
The mechanism uses an algorithm that is divided into three parts. The first is a face detection engine, based on analyzing dozens of points on the user’s face and rejecting images with more than one person. The quality engine analyzes small changes in eye movement, angle of the head, etc. Thanks to machine learning it is able to distinguish between a static image and a moving person in real time or a PA. The third one merges these evaluations and establishes a score that results in a life review: fit or unfit.
This entire process does not demand customers to update their device or download any applications, and in comparison with active options, it also minimizes the amount of data to be sent.
Providers must strongly commit to privacy in the use of facial recognition algorithms and proof of life. It is essential to inform customers at all times of what information is being stored and make it clear that with biometrics, only one attribute is used that allows us to recognize each individual, and not the entire trait (fingerprint, face, etc.). When companies work with trusted external partners, they must make sure that the biometric images or data are used only to compare the information and establish the trust score. The identity-related data that the partners produce from the previous information will never be shared with the customer or the company. Once a minimum safety period has passed (different for each territory), that usually does not exceed 6 months (may be longer if fraudulent activity is detected that needs to be reported); third parties are obligated to destroy the images. Generally, companies only retain the original images and scoring data at the customer’s request and until the contractual relationship is terminated.
Biometric technology is here to stay, and it is proving to provide qualities that customers highly value, especially when compared to the discords of passwords and PINs. Without ignoring the challenges of privacy protection, implementing elements such as passive proof of life is an effective way of focusing on the user, pampering their experience without wasting their time and giving them the confidence, they need.