What are presentation attacks?
Presentation attacks (also known as spoofing attacks) are attempts to deceive biometric or document capture systems during identity verification by presenting fake, altered, or manipulated input—such as a photo, mask, or digital replay—rather than a genuine, live person or authentic document. Financial institutions are heavily reliant on biometric and document verification systems to verify identities securely, but advancements in AI-generated deepfakes and other methods of sophisticated forgery mean these attacks have become an even more significant threat to these institutions’ fraud prevention systems.
Presentation attacks are often used by fraudsters in an attempt to bypass traditional Know Your Customer (KYC) checks and take over customer accounts. Mitek, a leader in solutions for identity verification, has developed advanced tools for counteracting presentation attacks, encompassing AI-powered liveness detection, deepfake analysis, and document authentication — offered as separate solutions.
Types of presentation attacks in identity verification
There are several types of presentation attacks in identity verification. To stop them, you first need to know what you are up against. Let’s break down the most common types.
2D Spoofing attacks
In a 2D spoofing attack, two-dimensional methods are used to attempt to bypass biometric identification systems. This can include the use of printed photos, digital images, or video replays. They are among the simplest types of attacks to execute and can allow fraudsters to bypass facial recognition systems that do not have robust methods of liveness detection.
Document-based presentation attacks
Document-based attacks often utilize forged or manipulated identity documents – like drivers’ licenses or passports. Without proper mechanisms to check for document liveness, as well as checking for tampering or the presence of security elements, it’s possible for these documents to pass verification checks, which can lead to the creation of accounts used for financial fraud.
Screen replay attacks
Also considered a two-dimensional (2D) attack, this kind of presentation attack is when a fraudster uses an image displayed on another screen to try and pass a biometric check.
3D Spoofing attacks
These attacks use three-dimensional, physical means of impersonating an individual. This can include masks, prosthetic disguises, mannequins, and fingerprints replicated in cyanoacrylate (“super glue”). The wide availability of inexpensive 3D printing devices has made the creation of physical disguises easier. Realistic 3D disguises have been known to trip up certain biometric security systems, particularly those without robust liveness detection.
Real-world examples of presentation attacks
2D attacks may sound simple, but they are known to work under the right conditions. A case in Europe highlighted risks in biometric ATMs, when criminals were able to bypass an ATM’s facial recognition by using high-resolution printed photos of account holders. Similarly, Brazilian police arrested a thief who taped photos of faces onto a mannequin to access accounts using the “face ID” option and even apply for loans.
Document fraud is also common, especially with passports and drivers’ licenses. FinCEN has accumulated extensive reports of the use of high-quality fake identification documents - either modifying real photos or creating synthetic faces and identities – to open fraudulent accounts used for everything from money laundering to collecting proceeds from online scams. Here are some real-world examples of Document presentation attacks:
-
Someone presents a photo of an ID, not the actual ID itself, and the ID is fake or real, but stolen.
-
Someone presents a printed or a scanned copy of a real or altered document
-
Someone presents a screen or image of a stolen or synthetic document, rather than a physical document
These attacks encompass a wide range of physical and digital techniques and levels of sophistication. Learn more about document fraud here.
Staying ahead of presentation attacks
The future of identity verification will rely upon continuous technological innovation to stay ahead of fraudsters’ ability to execute even more advanced techniques. Integrating tools like face and voice biometrics; as well as advanced fraud detections like injection attack detection and deepfake detection, into multi-layered defenses is essential to stay ahead of emerging threats.
Financial institutions must adopt cutting-edge solutions capable of counteracting sophisticated presentation attacks and other forms of fraud. Mitek remains at the forefront of advancements in identity verification, providing organizations with the suite of tools they need to secure their verification and authentication systems against all forms of presentation attacks.
By implementing a multi-layered security approach, adopting AI-powered solutions, and maintaining an approach that continuously adapts to emerging threats, businesses can effectively prevent presentation attacks and fraud while maintaining a seamless customer experience.
About Sean Meagher - Sr. Product Marketing Manager at Mitek
Sean Meagher is a Sr. Product Marketing Manager at Mitek