FaceID and FacePay: How to Protect Yourself from Attacks?

The evolution of facial recognition technology has brought about numerous benefits in terms of security and convenience, but it has also introduced new vulnerabilities that must be addressed. In the realm of authentication, where systems like FaceID and FacePay are becoming increasingly common, the need for protection against various fraudulent attacks is paramount.

A system that enables facial recognition for authentication purposes (such as app logins, door access, payments, transaction verifications, or document signings for government or banking services, etc.) requires protection against fraudsters' attacks.

Among the various types of attack, the most prevalent are:

• Presentation attacks: where a fraudster presents the victim's face to a camera (computer, terminal, smartphone) or hides their own face using printed paper photos, volumetric silicone or paper masks, images, or pre-recorded videos of faces on device screens.
• Injection attacks: where a fraudster programmatically substitutes the camera's video stream with a video recording of someone else's face or a stream from another camera, including deepfake streams.

These attacks can be countered using Liveness technology, as well as at an organizational level (by implementing two-factor authentication, involving employees for additional verification in high-risk scenarios, etc.).

3DiVi Algorithms for Counteracting Fraudulent Attacks

Depending on the level of threat, a suitable method of attack detection or even a combination of methods is chosen:

Image-based detection from the camera feed

This method identifies various anomalies in the image, such as borders of printed photos, edges of smartphones or tablets, rough edges of paper masks or cut contours, pixelation (on devices), blurriness (on generated images), lighting inconsistencies (on silicone masks), etc.

This approach is the simplest and most versatile, as it does not require the use of special equipment on the user's end.

Using depth map from depth sensor

This method employs an additional infrared depth sensor to determine volume. It serves as an additional control factor in specialized biometric access control terminals or at checkout counters in stores.

User activity analysis

This method operates solely on video. Users are prompted with changing scenarios (smile, wink, turn, or tilt head) to discern whether it's not a presented photo or mask and not a pre-recorded video.

Face color change detection based on terminal screen illumination

This method also operates solely with video. The device screen flashes different colors in a specific sequence. The conformity of the skin color change to the specified sequence is evaluated to discern whether it's not a presented photo or mask and not a video injection with deepfake substitution.

User session environment analysis

Information is gathered about all previous user actions (IP, browser, device, country of connection, etc.), and deviations trigger an increased threat level. When a threat is detected, a live operator is engaged in the operation. Applied to banking and governmental systems where the detection of fraudulent activities is crucial.

Here at 3DiVi we incorporate these described technologies and algorithms into our products. We'll definitely tailor a reliable solution for you!

Visit the 3DiVi website for more info https://3divi.ai/

#cybersecurity #privacy hashtag#security #gdpr #dataprotection #infosec #tech #innovation #software #ai #tools