The Identity Verification and Binding Working Group is a less well known area of work that the FIDO Alliance undertakes alongside advocating for passwordless authentication.
The Alliance has broadened its scope of encouraging other forms of stronger identity verification and since 2022 has looked to develop a range of certification programs addressing criteria for document authentication, namely the remote Document Authenticity (DocAuth) Certification Program.
There is a counter tool in using document liveness to beat spoofing which companies like ID R&D have recently promoted. This certification process by the FIDO Alliance allows vendors to certify their mobile document authentication solutions to be certain that the authenticity of genuine documents can be easily recognised or differentiated from clear signs of fraud.
The introduction of a certification process was expected in early 2023 to continue FIDO’s value proposition to bolster strong authentication.
ID R&D, an innovator in voice biometric and facial liveness detection software, published a blog written by their Chief Scientific Officer, Konstantin Simonchik, which explains how and why document liveness is on their agenda to meet FIDO requirements.
Eventually, FIDO has indicated that anti-spoofing criteria will be incorporated into the comprehensive framework of the Fast IDentity Online (FIDO). Troubling dilemmas face authorities who are trying to curb illegal migration, such as duplicated and doctored ID documents and identity theft.
FIDO’s fundamental concept of replacing traditional password-based security for two factor authentication, which may include biometrics, also must apply to requiring two pieces of evidence to verify the document holder’s identity: by validating the features on documents and using facial mapping technology and biometric comparison to their physical characteristics. Facial mapping can mitigate the risks of presentation attacks occurring by matching their document photograph with their face liveness verification.
Government-issued identity documents are crucial in the onboarding process but are often subject to presentation attacks by fraud perpetrators, which a study by ID R&D concluded happened on a 90% basis.
These attacks are currently omitted from the FIDO requirement with the role of AI evolution.
They are:
- Screen replays
- Printed copies
- Printed cutouts (both laminated and non-laminated)
- Replications on plastic
In conclusion, Konstantin writes: “the concept of “liveness” offers a new frontier for combating document forgery, extending the principles and techniques outlined in the FIDO standard. By understanding the intricacies of liveness-based attacks and harnessing the power of AI, we can enhance the integrity of our document verification processes, bolstering our defenses against an ever-evolving threat landscape”.
