Facial Biometrics: Asserting the Authenticity of User Identity in an Online World
Face biometrics for remote authentication delivers increased security and convenience when compared to session-based authentication factors.
The world is digitizing at an incredible pace and we’re now at the stage where many organizations are moving their services online. These changes bring fresh challenges: the most important being how to ensure that someone is who they say they are online in a secure, yet convenient way.
The Failings of Traditional Methods of Authentication
Traditional onboarding methods like video call verification have proven to be not only expensive, but inefficient, inherently biased, and error-prone.
Performed remotely using a video call to verify identity not only causes inconvenience to the end user as it requires them to take action, for example, book an appointment and it’s also costly for organizations in terms of human resource and training. In addition, the rise of generative AI and the low-effort barrier needed to create convincing synthetic imagery have also given rise to serious vulnerabilities in video call verification. Humans are poor performers at distinguishing between bona fide people and Generative AI (Gen AI) imagery, especially if it takes place over a low-quality video stream. Even specialist examiners are error-prone and unreliable when confronted with unfamiliar faces achieving an accuracy of 55% which is not much higher than chance (Source: 2015 Study by Davis and Valentine from the University of Greenwich and Goldsmiths, University of London respectively).
And, there are large differences between the abilities of different individuals.
AiThority.com News: Mikkel Drucker Joins SIEM Leader Logpoint as the New CEO
As fraud technologies and methodologies advance in sophistication and scale, facial biometric authentication has emerged as one of the most secure and convenient methods for organizations to verify a user’s identity online, be it a customer or a member of the workforce, and ensure that the individual is the right person (rather than an imposter) and the real person (not a spoof). This capability is what’s commonly referred to as liveness detection.
Face biometrics for remote authentication delivers increased security and convenience when compared to knowledge and possession-based authentication factors, such as passwords and one-time passcodes (OTPs). The vulnerabilities of passwords and pins are well-known. They can be stolen, lost, or compromised. According to Verizon’s 2023 report, 49% of data breaches involved stolen credentials.
OTPs, while an improvement on passwords as they introduce a degree of randomness and a challenge response, still pose security issues with a network flaw enabling bad actors to divert, acquire, and use OTPs at scale. For users, OTPs are highly vulnerable to phishing and smishing attacks.
What Makes Facial Biometrics Different?
Unlike knowledge and possession factors, face biometrics use the user’s inherent features – their face. The security relies not in that faces are secret – they’re not – but that they cannot be stolen, lost, or shared. People take their faces wherever they go, and there’s nothing to remember or forget, making the user experience highly convenient.
Finally, as the person’s face is matched against the biometric template, face authentication is linked to an original government-issued ID, meaning that the organization can assure that the user is who they claim to be each time they authenticate.
However, the landscape is evolving and cybercriminals are finding innovative ways, often using Gen AI tools, to undermine remote identity verification and gain access. While Gen AI completely undermines remote video identification processes, it has also been successful with inadequate biometric solutions. The truth is not all facial biometric technologies provide an adequate level of security, resilience, or adaptability to novel threats like digital injection attacks, which are highly scalable and easily replicated.
Unlike presentation attacks, they don’t require the creation of a physical artifact or any physical presentation and can bypass the camera on a device. These kinds of attacks have dramatically increased and the 2023 Biometric Threat Intelligence Report shows us that they now occur five times more frequently than persistent presentation attacks across web browser verifications. Since these attacks are highly scalable the danger of digital injection attacks increases.
Incorporating a unique real-time biometric into liveness technology that’s passive to the user (meaning no action like moving their head or blinking is required) is essential for organizations to defend against the growing threat of fraud and synthetic media. O******* biometric uses a randomized challenge-response mechanism to ensure that an individual is authenticating in real-time and is not a photo or mask, or a digitally injected attack using a replay of a previous authentication, or synthetic video (such as a deepfake).
Security and AI Capabilities: The Risks Threatening Employee Data in an AI-Driven World
Continuous Visibility
Given the ever-transformative nature of Gen AI and the scalability of digital injection attacks, biometric security must be actively managed 24/7. The most effective facial biometric solutions are those that are resilient to the ever-evolving threat landscape and utilize threat intelligence to ensure that they can provide the expected level of identity assurance.
Using a cloud-based solution to monitor activity in real-time enables attack patterns to be detected across multiple geographies, devices, and platforms and ensures that the biometric system is one step ahead of the evolving threat landscape. Having full visibility of threat development is crucial because once attack tools or methodologies successfully breach a system, they are often quickly shared – typically on the dark web or within Crime-as-a-Service (CaaS) networks at which point they can scale very quickly.
Cloud-based facial biometrics also offers distinct advantages for organizations seeking robust security and authentication measures.
Facial biometric authentication demands minimum effort from individuals, resulting in an improved user experience with seamless interactions. Furthermore, the scalability and adaptability of cloud-based facial biometric systems make them suitable for organizations of varying sizes and industries.
Ultimately, because threats are constantly evolving, the need to understand the threat landscape and make decisions based on real-world, in-production intelligence is imperative.
By leveraging science-based liveness detection that incorporates a unique real-time biometric and continuous monitoring, organizations can harness the power of facial authentication and be sure that someone is who they claim to be online rather than a fraud or a spoof. Moving forward the integration of cloud-based facial biometrics is certain to be a vital component of authentication systems for organizations as they look to shape a secure and user-friendly future for identity authentication and workforce access control.
Comments are closed.