Over the last two decades, the global fight against financial crime and terrorist financing has led to an enhanced regulatory regime for Know Your Customer (KYC) and Customer Due Diligence (CDD) – with most organizations adopting these checks to verify the identity of their clients. Identity verification with active and passive biometrics is a critical step to keeping your business compliant and preventing fraud on your platform. According to PwC, the US lost $42 billion to fraud in 2020. The situation is a little better in Europe, while the fraud rates in Africa and Asia are much higher.
Moreover, the COVID-19 pandemic has forced many organizations to move to an online-first business model, where the customer is not physically present to allow in-person KYC checks. On the other hand, fraudsters have developed tactics to bypass some of the existing conventional checks. This new business environment has made remote identity proofing and assurance a must. This is where liveness checks come in. Typically, liveness checks use Artificial Intelligence/Machine Learning (AI/ML) software to increase efficiency in digitally verifying user identities. There are two types of liveness checks: active and passive biometric checks. This guide will dive into how both kinds of checks work so you can decide which might be right for your business.
Passive Biometrics: The Future of Active Biometric Checks
Active liveness checks require the user to perform specific actions in front of the camera to prove their identity. Such actions include blinking, turning the head, following a dot on the screen with the eyes, smiling, etc.
In this case, if a fraudster is using someone’s documents, they will be scared to go through the active check, or the check will find out that they are faking their identity. While active biometrics may appear like an ideal Anti-Money Laundering (AML) solution, it’s sometimes faced with challenges such as spoofing by fraudsters through presentation attacks.
Here, a bad actor can trick the system through different tactics. For instance, if the check requires the user to blink, the impersonator can wear a print cutout of the person they are impersonating and then use the eye cutout to blink when necessary. For more on how bad actors bypass systems, read “Deepfake Detection for the Modern Media Threat.”
Some fraudsters use more sophisticated tactics, such as video replays, deepfakes, and other animation software. Generally, active liveness demands more time and effort from the user, which may make impatient users drop out. However, customers who want a high level of assurance regarding the safety of their accounts may see this as an ideal verification method.
Introduction to Biometrics
Biometrics is a rapidly evolving field that leverages unique physical or behavioral characteristics to identify and authenticate individuals. Technologies such as facial recognition, fingerprint scanning, and voice recognition have become increasingly prevalent across various industries, including finance, healthcare, and government. These biometric solutions offer a secure and efficient way to verify identities, significantly reducing the risk of identity theft and fraud. By utilizing biometric data, organizations can enhance their security measures, ensuring that only authorized individuals gain access to sensitive information and services. For more on biometrics and liveness detection, read “Liveness Detection Software for Digital Trust.”
Types of Biometrics
There are two primary types of biometrics: active and passive. Active biometrics require explicit user participation, such as scanning a fingerprint or iris. This type of biometric authentication relies on physiological components and necessitates the user to perform a specific action to verify their identity. On the other hand, passive biometrics analyze intrinsic aspects of an individual without requiring any user action. Behavioral biometrics, for instance, examine patterns like typing speed, mouse movements, or gait. Understanding the differences between active and passive biometrics is crucial for selecting the most suitable biometric solution for a particular application, ensuring both security and user convenience.
What is Active Biometrics?
Active biometrics is a type of biometric authentication that requires explicit user participation to verify an individual’s identity. Unlike passive biometrics, which analyzes the intrinsic aspects of an individual without requiring user action, active biometrics relies on physiological components. Common examples include fingerprint scanning and facial recognition, which are widely used in various applications, including mobile device security. By requiring users to actively engage in the verification process, active biometrics provide a robust layer of security that is difficult to bypass, enhancing user convenience.
How Do Active Biometric Systems Work?
Active biometric systems work by requiring users to intentionally provide their biometric characteristics, such as placing a finger on a device or holding a camera in position for retina scanning. The system then compares the provided biometric characteristic to existing data in a database to verify the user’s identity. Often, these systems are used in conjunction with behavioral biometrics to enhance security. For instance, companies like Twosense utilize behavioral biometrics to monitor user behavioral patterns, adding an extra layer of protection to the authentication process.
Facial Recognition and Liveness Checks
Facial recognition is a popular active biometric technology used for identity verification. However, it can be vulnerable to spoofing attacks, where an attacker uses a fake face or image to trick the system. To mitigate this risk, liveness checks are employed to determine whether the biometric sample originates from a real human being or a fake representation. Liveness checks can be active or passive, with active liveness checks requiring explicit user actions, such as turning their head or adjusting their face. This ensures that the system is interacting with a live person, thereby enhancing the security of the identity verification process and filtering out non-authentic inputs (like photographs or videos) that could otherwise lead to false positives or incorrect verifications.
Joshua Vowles-Dent, Business, Strategy, and Partnerships Manager at ComplyCube, states, “Liveness detection is a critical part of fraud prevention checks, as facial recognition processes are often subverted by non-authentic inputs, such as deepfakes. Liveness detection can quickly identify anomalies in skin texture, lighting, and more, effectively deterring fraudsters.”
Identity Verification with Active Biometrics
Active biometrics are widely used for identity verification in various industries, including finance, healthcare, and government. They provide a high level of security and accuracy, making them an essential component of identity security. Active biometrics can be used for secure access to devices, applications, and services and for verifying identities in person or online. By incorporating active biometric verification, organizations can ensure that only authorized individuals gain access to sensitive information and services while also maintaining regulatory compliance.
Enhancing Security with Active Biometrics
Active biometrics offer an additional layer of security that other forms of authentication cannot replicate. They are particularly effective in preventing identity theft and unauthorized access to sensitive information. By combining active biometrics with other security measures, such as passwords, user behavior, and behavioral biometrics, organizations can create a robust security system that protects against various types of attacks. This multi-layered approach ensures that even if one security measure is compromised, others remain intact to safeguard user data.
Customer Experience and Active Biometrics
While active biometrics provide a high level of security, they can also impact the customer experience. For example, requiring users to provide their biometric characteristics can add an extra step to the authentication process, potentially leading to frustration. However, many active biometric systems are designed to be user-friendly and seamless, minimizing the impact on the customer experience. By implementing active biometrics in a way that is convenient and intuitive, organizations can enhance security without compromising the user experience. This balance ensures that users feel secure while enjoying a smooth and efficient authentication process.
Biometric Verification and Authentication
Biometric verification and authentication are critical components of identity security. Biometric verification involves comparing a user’s biometric data to a stored template to confirm their identity. This process ensures that the individual attempting to gain access is who they claim to be. Biometric authentication, on the other hand, uses biometric data to grant access to a system, device, or application. This method provides a high level of security, as biometric characteristics are unique to each individual and cannot be easily replicated or stolen. Organizations can protect sensitive information and prevent unauthorized access by incorporating biometric verification and authentication into their security protocols.
Passive Authentication Biometric Checks
Unlike active biometrics, which require active user participation, passive biometric checks don’t require the user to perform any actions. Here, the AI/ML software runs in the background, performing necessary checks using machine learning without the user realizing it. Passive authentication enhances user experience by reducing friction during the authentication process, making it particularly beneficial for industries like Banking and Telecom.
With passive liveness checks, users and potential fraudsters are often unaware that an identity verification check is happening, which reduces user interference and makes the check more spoof-proof. Passive behavioral biometrics verify a person’s identity based on their current behavior compared to past behavior, operating in the background without disrupting user experience and enhancing security.
Passive biometrics have a higher capacity to detect traces of presentation attacks such as skin texture, edges, and depth that differentiate a live person’s face from a spoofed or inanimated face. Besides, passive checks effectively point out masks, deepfakes, and software that mimic smiles, blinks, and other facial expressions.
Due to their spoof robustness, passive biometrics make it challenging but not entirely impossible for fraudsters to pass through. Passive biometric verification improves KYC/AML processes by reducing false alarms and boosting regulatory compliance. Compared to active liveness, passive liveness takes very little of the users’ time, and the entire process is much smoother because the user isn’t required to perform multiple actions in front of a camera.
Multi-Factor Authentication and Passive Biometrics
Multi-factor authentication (MFA) is a security process that requires users to provide two or more authentication factors to access a system, device, or application. Passive biometrics can serve as an additional factor in MFA, offering an extra layer of security that is difficult to replicate. Behavioral biometrics, such as those used by Twosense, can be combined with active biometrics to enhance overall security. By integrating passive biometrics with traditional MFA methods, organizations can significantly reduce the risk of security breaches, ensuring that only authorized users gain access to their systems and data.
Customer Experience and Passive Biometrics
Passive biometrics can significantly enhance the customer experience by providing a seamless and secure authentication process. For example, facial recognition can authenticate customers without requiring them to enter passwords or PINs, reducing friction and streamlining the user experience. Passive biometric verification can also simplify the customer onboarding process, making it easier for customers to access services and applications. By leveraging passive biometrics, organizations can improve customer satisfaction and loyalty while maintaining a high level of security. This balance ensures that users feel secure while enjoying a smooth and efficient authentication process.
Active Biometrics vs. Passive Biometrics
In a nutshell, both types of liveness checks help organizations detect and stop fraudulent and money laundering activities by ensuring the integrity of biometric data in both active and passive biometrics. However, none of these checks boast ultimate superiority because they both offer protection against fraud depending on the needs of the organization in question.
Passive biometrics significantly enhance identity verification processes by integrating advanced biometric solutions that increase security and compliance. This ultimately boosts user trust and streamlines the verification experience for businesses and their clients.
Active vs. Passive Liveness Detection
So, the choice between active and passive biometrics narrows down to the organization’s risk-based approach. Unlike physiological biometrics, which rely on physical characteristics like fingerprints, passive behavioral biometrics focus on analyzing a user’s behavioral patterns in the background without disrupting their experience. You should opt for one that meets your company’s user verification needs while still creating a positive user experience and keeping you ahead of the game.
For more information on how you can fortify your business operations with active or passive biometric checks, reach out to our expert compliance team today.
