Document-centric identity verification is a staple when it comes to onboarding new customers because it is convenient for users and highly cost-effective for businesses. Verifying customer identities using passports, driver’s licenses, or other government issued IDs also helps businesses comply with KYC (Know Your Customer) standards. Unfortunately, fraudsters often exploit this convenient channel for illegal purposes. They present digital document images (either created or purchased on the dark web) to onboard fake or stolen identities and execute financial scams that cost businesses billions of dollars annually. In 2019, identity fraud criminals stole $16.9 billion by opening accounts at financial institutions, maxing out credit lines and taking out cash advances. In fact, losses due to identity theft increased by 42% from 2019 to 2020 primarily due to the COVID-19 pandemic. Aite Group estimates that losses from identity theft will grow to $635.4 billion by 2023 in the US alone. 
When fraudsters create accounts using replicated digital identity documents, it’s often referred to as a presentation or screen replay attack, which is designed to spoof the system. These types of spoof attacks are on the rise due to the ease with which digital images can be found online or purchased on the dark web, as well as easy-to-use document editing tools. To combat this onslaught from bad actors it is critical for organizations to implement secure identity verification solutions with document liveness detection technology.
Ask the Expert: How often are fake documents used in account creation to new platforms?
Expert answer: Research shows that nearly 90% of frauds seen are from counterfeit physical documents. While fraudsters presenting fake documents at onboarding isn’t a new threat to Mitek, it is a growing threat for all id verification providers. Document-centric identity verification using mobile devices is pretty much table stakes for today’s online businesses, and savvy fraudsters come prepared to onboard using realistic looking, but fake digital id documents. Enhancing document analysis early in the onboarding cycle by ensuring the document image submitted is of a real, live document can help to significantly mitigate risk.
Ask the Expert: How do you determine if the photo of the identity document is real?
Expert answer: In milliseconds, our document liveness detection authenticator analyzes hundreds of datapoints in the document image presented and looks for subtle nuances invisible to the human eye, such as color shifts, image patterns and textures. It then scores the authenticity of the document and transmits the liveness check score to the customer. While Mitek is founded on document-centric identity verification using Mobile Verify, we’ve been able to advance our id document analysis by incorporating ID R&D’s Document Liveness algorithms that use deep neural networks to provide further image analysis of photographic angles, lighting, pixels, and thousands of additional variants; scoring each one to come up with a cumulative result that ultimately determines if the image of the document being presented is authentic or not. The speed, accuracy, and efficacy of using machine learning to determine document liveness is far better than even the most expertly trained document analyst.
Ask the expert: Why is document liveness detection critical for businesses?
Expert Answer: Stolen digital images, altered digital images, and fake digital images of documents all have trace evidence that indicates it is not authentic. Document liveness detection identifies that trace evidence in fractions of a second. Catching more fraud, such as spoof attacks, early in the onboarding cycle and during liveness verification reduces what we call “false approvals” (fraud that slips through current systems). That in turn reduces costs associated with manual review processes and speeds up the onboarding process for good users, which improves overall authenticity accuracy. With liveness detection technology in-place, detecting and blocking presentation and screen replay attacks at the top of the identity verification funnel can save a business from brand and reputational damage caused by fraudsters slipping through onboarding and creating havoc on platforms.
Ask the expert: Which documents should be scanned for document liveness detection?
Expert Answer: Any document being used to verify the identity of a customer should be scanned for authenticity and layering that with document liveness detection greatly increases your chances of stopping fraudsters. We know that when a user is asked to take a picture of their passport or driver’s license, fraudsters often hold a device, with an image of a document, up to the screen and use that image to onboard onto the platform. We see this type of fraud quite often. In many instances, these transactions get flagged for manual review, which can cost businesses time and money. In these situations, document liveness technology can accurately identify the fraudster immediately versus moving them to a manual review queue. It performs even better than human reviewers because it can identify things that are invisible to the human eye.
For businesses using Mobile Verify, as of August 2022, all documents are scanned for liveness detection unless a customer has requested otherwise.
Ask the expert: What attack vectors does document liveness detection solve for?
Expert Answer: Document liveness detection solves digital spoof threat vectors which happen when a digital image of a document is presented rather than a live image of a document that is present and in the possession of the person trying to onboard. Proper document liveness detection can help mitigate risks associated with many types of fraud including new account fraud, stolen identity, and synthetic identity fraud just to name a few.
– Mike Hudson
Mitek utilizes server-side passive liveness detection which is a strong anti-spoofing solution. Passive liveness check methods are generally more immune to spoofing attacks because the fraudster doesn’t know the liveness test is even being performed, which means they can’t try to reverse engineer something to trick the system.
Deep Neural Networks and proprietary algorithms are used to analyze the document image to determine its “liveness”. Each of the neural networks examines a different element of the image to detect artifacts that help distinguish between a live document and a presentation attack. Knowing what the neural networks should examine and how to combine the neural networks is proprietary information only available through Mitek’s wholly owned subsidiary ID R&D.
1. Shirley, Inscoe, “U.S. Identity Theft: The Stark Reality” Aite-Novarica Group, March 2021
About Mike Hudson - Mitek
Mike is the Director of Product Management for Identity at Mitek