PingOne Verify and face verification

Face verification in PingOne Verify uses face matching, liveness detection, and injection attack detection to prevent fraud and ensure that the user presenting an ID is who they say they are.

What is face matching and how is it used in face verification?

PingOne Verify uses machine learning (ML) to detect the presence of a face in a government-issued document and compares it against a live selfie captured by the user. The system returns a confidence score indicating the likelihood that the faces match.

Face verification consists of two primary machine learning applications:

Face detection: Determines if a face is present in an image, identifying its location, scale, and orientation.
Face comparison: Evaluates whether two faces match, accounting for variations in expression, facial hair, and age.

PingOne Verify uses both face detection and face comparison to generate a reliable confidence score in face matching between the live selfie captured and the portrait of the ID document.

Presentation attacks and liveness detection

Presentation attacks are when fraudsters attempt to bypass verification and physically present an artificial face to the camera by using printed images, digital screens, video replays, or masks. The types of presentation attacks are:

Printed photo attack: A fraudster presents a high-quality printed image of the victim’s face.
Screen replay attack: A digital screen displays an image or video of the victim’s face.
3D mask attack: A realistic 3D mask of the victim’s face is worn.

Liveness detection prevents presentation attacks. Presentation Attack Detection (PAD) determines whether the face being presented is a real, live person rather than a fake representation.

Liveness detection methods are categorized into:

Active liveness: Requires user interaction, such as blinking, smiling, or turning the head. While effective, it introduces friction and can be bypassed with deepfake technology, a type of artificial intelligence (AI) that creates realistic-looking videos and images.
Passive liveness: Requires no user interaction and detects fraud in a single image using AI-based analysis.

PingOne Verify uses single-frame passive liveness detection, eliminating friction while maintaining security. While PAD is effective against physical fraud, it doesn’t protect against digital manipulation attacks, such as deepfakes, that don’t rely on a physical medium.

Single-frame liveness

Presentation attacks are prevented by liveness detection. Single-frame liveness leverages computer vision to detect features in an image that are invisible to the human eye.

AI models analyze factors such as:

Lighting inconsistencies
Pixel distortions
Image artifacts from screen displays or printed documents

A deep neural network, trained on real and fraudulent images, assigns a liveness confidence score based on these subtle characteristics.

Deepfakes and injection attack detection

In injection attacks, fraudsters bypass the camera entirely and inject synthetic or manipulated biometric data, such as a deepfake, directly into the system.

These attacks are more sophisticated and harder to detect because the fraudulent image isn’t captured by the camera itself. Instead, it’s digitally inserted into the verification process. The types of deepfakes and injection attacks are:

Virtual camera attack: A software-based camera injects pre-recorded images, deepfake videos, or synthetic faces instead of real-time captures.
External camera manipulation: Fraudsters use hardware-based techniques to feed a fake video or image into the system.
JavaScript code injection: Fraudsters modify browser code or install plugins to intercept and replace biometric data before it reaches the verification system.
Deepfake injection: AI-generated deepfake faces are directly fed into the biometric system instead of real faces.

How are injection attacks prevented?

Injection attack detection works by analyzing and securing the channel through which biometric data is captured, rather than relying on confidence scores that assess the authenticity of an image or video.

Injection attack detection focuses on how the image reaches the system. This is done by monitoring signals that verify whether the camera input is coming from a real device camera or if it was manipulated through software, such as virtual cameras or code injections. These checks include analyzing hardware properties, device-level security features, and integrity signals to detect tampering.

For example, if a virtual camera or an external application attempts to simulate a camera feed, PingOne Verify will recognize this and reject the transaction.

Because these signals provide binary yes or no verification rather than confidence scores, they offer a highly reliable, non-bypassable method of detecting and blocking deepfake and synthetic identity fraud at the source. By ensuring that only genuine, real-time camera captures are accepted, injection attack detection strengthens biometric security without introducing unnecessary friction for legitimate users.