While the reliance on traditional passwords is shrinking, other authentication methods are carving their way into your most-used services. Since they're newer, it would seem that this would probably mean that they're more resilient against spoofing attempts. Though, the reality of it is that as authentication tech is advancing, so are the methods to bypass it. Hackers are catching up to biometric authentication, which was seen as an uncrackable measure against spoofing attempts. Those attacks are very harmful because the idea that it can be done isn't in the top-of-mind awareness for most of the public.
To put it bluntly, biometric spoofing is a method in which the perpetrator tries to fool the face recognition checks by imitating other human beings. While previously, this was seen only as something that spies do in Hollywood movies, we’ve now reached the point where this is very much a reality. To avoid being caught off-guard, let’s familiarize ourselves with the main types of biometric spoofing.
This type uses printed or displayed person’s face photos to bypass the checks. They can be successful if the mechanism doesn’t check the photo depth. It’s one of the easiest spoofing methods, and most facial recognition technologies usually include the depth check to prevent photo attacks.
User Replay Video Attack
User replay video attacks are very similar to photo attacks. The main difference is that users replay dynamic video attacks and use a video rather than a static image. This also means that they could look more realistically and be more effective at bypassing checks. Though, they still lack depth and introduce some screen flickering. It may not be that noticeable for a human eye, but that can be detected with special filters.
3D masks are life-like reproductions of a particular person’s face. They even include holes for real eyes to bypass blinking and motion checks. This is one of the most advanced biometric spoofing methods because it provides depth and seemingly has all the same properties of an imitated face. The major drawback is that a mask doesn’t replicate all the facial characteristics of its wearer – there will be some proportional deviations. The second thing will be the retina, which can be an additional biometric factor to check in order to prevent manipulation.
Deepfake attack makes use of machine learning algorithm to feed it a wide dataset of images or videos of their target digitally substituting their face on top of theirs. That way, they can live stream and generate videos. While the results are impressive, this technology has its limitations and can produce various artefacts in the feed that can be detected and revealed as fake.
These new developments put enormous pressure on businesses that are offering remote services. The main challenge of KYC procedures is that fraudsters use more advanced methods. That said, there are an abundance of various filters and methods to check whether the photo or video is fake. Using a combination of them, it’s possible to provide service without disruption and protect your client base from fraud attempts.