Language

16 Feb 2024in ID verification & biometrics

Passive Authentication With Liveness Detection: What Is It & How Does It Work?

Andrey Terekhin

Head of Product, Regula

More companies are adopting biometric verification to onboard users remotely. Facial recognition is one of the popular options currently used by 56% of businesses that participated in a Regula survey

From a technology standpoint, there are two ways to authenticate customers this way: passive or active. 

In this blog post, we'll break down the passive authentication process, describe its benefits and limitations, and show you some commonly used scenarios for this technology. 

What is passive authentication?

Passive authentication involves verifying a characteristic of a person or thing—an authentication factor—without any explicit activities from the user’s side. Depending on the case, the authentication factor may be a user’s face, iris, voice, etc. In this article, we will focus on the process involving a selfie.  

When it comes to verifying individuals online, it's crucial to confirm that the person on the other end is real. In an authentication flow based on facial recognition, liveness checks are employed to perform this task. The way these checks are done determines whether it’s a passive or active flow. It’s also worth noting the difference between “passive liveness” and “active liveness” checks.

Liveness detection: A deep dive

Liveness detection is a technique to accurately determine whether a biometric sample originates from a real human being or a fake representation. In this process, which is also called a liveness check, the user submits a selfie as a biometric sample, and an algorithm is designed to detect any presentation attacks such as masks, deepfake photos, or videos that may be used to deceive it. By distinguishing a live person from these fraudulent attempts, liveness detection ensures the authenticity of the biometric sample, and safeguards against identity fraud.

 

Passive Authentication vs. Active Authentication: What’s the difference?

Say a customer wants to sign in to a mobile banking app secured with either active or passive liveness detection technology. 

During active authentication, the user is asked to perform some actions which are generated randomly for the session. They must turn their head right and left, and then adjust their face into the highlighted area on the screen. After a while, the user is verified.

Active authentication with liveness detection

During passive authentication, the user is simply asked to take a selfie. No explicit actions on their part are required. The system delivers the verification result in seconds.

Passive authentication with liveness detection

Historically, active authentication technology for liveness detection came first. As the example above shows, active authentication prompts users to perform a series of random actions. Users typically dislike when you make them jump through hoops, but companies had a legitimate reason to incorporate this procedure. At that time, it was challenging for most users to shoot a high-quality selfie that would work for a credible liveness check. 

As mobile cameras have become better, passive authentication for liveness checks has gained wider adoption. Snapping a photo is much faster than repeating randomly generated actions. Being more hassle-free and convenient for users, this identity verification method is also secure and reliable.

Is passive authentication effective for facial biometric verification?

It seems counterintuitive that just one shot can be as secure as a whole sequence of actions. However, the computer vision technologies under the hood of passive authentication solutions perform quite well. 

In passive authentication with liveness detection, neural networks are used to check for a user's liveness. To excel in this task, they are trained on a large dataset, including thousands of photo samples depicting people of multiple ages, genders, and nationalities. These samples also have various backgrounds—a plain white wall, a spring landscape, office furniture, etc. 

Each neural network type is aimed at performing a specific task: data detection, classification, segmentation, etc. As a result, after "graduating," the trained neural networks have gained some specialization.

Read also How to Train AI to Perform Liveness Checks in Identity Verification

A variety of neural networks are used in conjunction to perform a liveness check. That means each gets its own particular job done: while one detects whether a male or a female is in a selfie, another estimates the person's age. Therefore, the final verification result is the sum of many checks independently provided by many neural networks.

Detection of fakes and fraudulent tricks in the photo follows the same principle. If the algorithm recognizes electronic device features—frames, glares, moiré noise, or reflections, the system alerts that the selfie is being presented on a screen. Printed photos and deepfakes are detected by the presence of unnatural skin texture. 

However, you need a high-quality user selfie to make all this magic work. Blurry photos hide many essential facial features, such as chin shape. For this reason, the identity verification solution you use to authenticate customers this way must perform image quality assessment. Having an advanced image capture module that determines glares, shadows, head position, and face size, and picks the best available picture, is also helpful. It keeps the selfie retake rate at a minimum.

Why companies are switching to passive authentication

Improved user experience. Passive authentication is frictionless compared to scenarios where active user participation is required. What’s more, some clients, especially senior customers, may face difficulties with the active flow. Therefore, you may improve customer satisfaction by implementing this technology.

Increased conversion rates. Passive authentication streamlines the verification process, making it more seamless and less intrusive for users. It leads to higher conversion rates during customer onboarding, and further activities in the online service. For instance, users don't have to repeatedly enter their credentials since their selfie is enough to verify a transaction. This can speed up the checkout process and reduce cart abandonment rates in e-commerce.

Accessibility compliance. Passive authentication is also a great way to go when there are seniors and individuals with different kinds of disabilities among your customers. According to the W3C Web Accessibility Initiative (WAI) guidelines, one way to make authentication more accessible is by using facial recognition through a user’s mobile device instead of requiring a login and password. Typically, this means a user can simply glance at their front camera to authenticate themselves.

When is passive authentication with liveness detection a good fit?

A facial recognition component is broadly used by different industries, including Banking, Aviation, and Telecoms. 

Passive authentication with liveness detection can be the key technology behind this process. Let’s see which use cases it applies to most:

1. Onboarding new customers

Passive authentication employing facial recognition can be a part of a smooth onboarding process involving uploading identity documents. For instance, car-sharing services typically include submitting a driver’s selfie as an additional step in their verification flow. 

Identity verification solutions like Regula Document Reader SDK paired with Regula Face SDK then conduct an express check to match the selfie and the photo in the driver’s license and validate the new user. Additionally, a passive liveness detection test is conducted to ensure that both the ID and the selfie are authentic, not spoofed.

2. Checking attendance

Passive authentication is at the core of many employee attendance applications. Typically, they capture user location along with their selfie and current time for foolproof verification of work-from-home staff, part-time helpers, drivers, etc. 

Passive authentication can also be part of an on-site attendance control system. The mechanism is used in attendance kiosks at manufacturing and logistics companies, hospitals, schools, security organizations, and construction sites.

3. Fulfilling regulations in e-commerce

Passive authentication may be helpful in age-verification scenarios when you need to ensure that your age-restricted goods and services aren’t available to minors. This requirement applies to a broad pool of online businesses, including gambling websites, purpose-specific cosmetics merchants, and fireworks shops. 

Many e-commerce websites use the easiest age verification method: tick boxes to ask purchasers to confirm they are over the minimum age. However, regulators consider this among the checks that are unlikely to satisfy customer due diligence. 

Age verification software implemented into the purchase flow seems a more reasonable precaution. Here is where passive authentication comes into play, as it allows for verifying both user age and identity.  

4. Building a passwordless log-in process

Facial recognition-based authentication has become increasingly prevalent for performing various online tasks. What’s more, the technology has a high adoption rate among customers. The number of global users who utilize a facial recognition module will continue increasing in the following years—from 671 million in 2020 to 1.4 billion by 2025. 

Passive authentication is an excellent choice for a sign-in process that doesn't require users to input passwords or answer security questions. This method can be combined with a single sign-on verification system, allowing your employees or customers to utilize the same form of identification to access all of your company's applications and services.

5. Enhancing the security perimeter

Introducing IDV automation in your business provides a more frictionless user experience. In addition, it contributes to your system protection by adding more security layers.

Passive biometric authentication may be a part of a multi-factor authentication system (MFA) combined with one-time passwords, SMS codes, and even other biometrics like fingerprints. Since more than one factor is included in this flow, all technologies complement each other, canceling out their limitations when used separately.

Regula solutions to enhance your verification process

When deciding on the type of authentication to add to your verification flow, you should also take into consideration the balance between UX and security. While active authentication seems to be more secure, a passive liveness check is always a more frictionless and convenient option for customers. Specifically, the dilemma is between higher conversions vs. higher security.  

As an experienced developer of identity verification solutions, Regula can offer you well-balanced authentication scenarios that take into account both business and security risks. 

Regula Face SDK helps prevent biometric fraud by detecting different presentation attacks, such as the use of electronic devices, printed photos, or realistic masks instead of a real person. Additionally, the solution delivers an easy way to verify users. 

See the product in action or book a call to talk business.

Regula Face SDK

Make face verification fast and secure

FAQ

What is passive authentication?

Passive authentication is a step in the biometric identity verification process during which the user is verified through a liveness check by taking a selfie. It only requires the selfie, and no other actions on the user’s part. As a result, the technology streamlines the identity verification flow, making it more convenient and user-friendly.

What is the difference between active and passive authentication?

Both technologies are used by companies that rely on facial recognition for remote identity verification. What makes them different is their implementation. While active authentication implies additional work from users such as head rotations during liveness checks, the passive flow includes just one step—taking a selfie.

What is an example of passive authentication?

Passive authentication based on facial recognition is one of the most commonly used examples. In this flow, a user just needs to take a selfie, which is then checked by the system immediately.

What is passive biometrics?

To verify a person's identity, behavioral biometrics such as keystroke dynamics, gait style, or voice may be used. They are also called passive since they work passively in the background while the user goes through authentication.

On our website, we use cookies to collect technical information. In particular, we process the IP address of your location to personalize the content of the site

Cookie Policy rules