How Fraudsters Bypass Facial Verification

Fraudsters attempt to bypass facial verification using printed photos, pre-recorded videos, or deepfake technology to spoof the camera. Some also use 3D masks to mimic real faces. However, modern liveness detection systems are designed to detect and block these attempts in real time.

There are several common tactics fraudsters use to bypass facial verification. They include: deep fake technology, 3D printed masks and prosthetics, imaging spoofing, and replay attacks.

1. Deep Fake Technology

Fraudsters or malicious individuals can use AI to create hyper-realistic videos or images of an individual's face, which can mimic expressions and movements in real time. These fakes can easily fool some facial recognition systems if not properly equipped with sophisticated detection mechanisms.

DeepFakes are more common than we think and notice. On October 15, 2024, First Post, a leading news station that reports viral and breaking news, reported the arrest of 27 deepfake romance scammers in Hong Kong who stole $46 million from men in India, China, and Singapore. It was a ring that set up operations in a 4000-square-foot industrial unit in Hong Kong.

Deepfakes are also an emerging threat to crypto exchanges, according to Coin Market. Criminals generate fake identity documents and images with AI and then create deepfake videos to pass face recognition systems. They then use the deepfake images and documents to create a verified account on the exchange.

There is an emerging tool called Pro KYC that enables them to do this, an advanced AI tool specifically designed to target platforms that use government-issued ID verification and facial recognition security. This tool generates realistic deepfake videos and images, mimicking real people by manipulating faces, voices, and other visual elements.

In the past, criminals typically relied on the dark web to buy fake IDs, usually stolen or forged document scans. However, these outdated methods often fail when it comes to modern security checks, which now use high-quality facial matching and verification technology.

For an annual subscription of $629, ProKYC offers powerful deepfake capabilities, which makes it a serious threat to existing security systems. The package includes a camera emulator, software that can animate facial expressions, and tools for generating photo verification documents. This kit allows fraudsters to create convincing fake videos and verification documents to bypass security and set up new accounts easily.

INTERESTING READ: What is Identity Authentication: Process and Best Practices

2. 3D Printed Masks and Prosthetics

Lifelike 3D masks that replicate the features of a target can bypass basic systems that rely solely on facial mapping without the use of additional layers of security like liveness detection. This can often be used for payment fraud.

In the fall of 2014, Spanish and Bulgarian authorities successfully infiltrated an organized crime ring involved in credit card fraud. The group was producing equipment to create fake plastic card slot bezels, which they installed on ATMs and point-of-sale terminals as "ATM skimmers." The criminal network operated across Italy, France, Spain, and Germany. As a result of the operation, authorities arrested 31 individuals and seized over 1,000 skimming devices.

3. Image Spoofing

Fraudsters use static images or previously captured videos of a real individual to impersonate them, bypassing systems that don’t require dynamic checks like head movements or blinking. Our article here helps you to identify identity spoofing.

4. Replay Attacks

These attacks involve the use of a pre-recorded video or facial data during the verification process to convince the system that the person is present in real-time to bypass liveness detection.

Facial verification was introduced as a much-needed means to combat identity fraud, a type of fraud where people may pass passport images, government IDs, or passports and names as theirs for malicious or fraudulent purposes on digital platforms or during digital/virtual onboarding sessions. A ploy they often got away with before the emergence of facial verification. However, in typical human fashion, criminals also found a way to bypass face verification and developed even more sophisticated or tricky ways to bypass selfie verification systems.

As all typical security measures must adapt using a facial recognition system, measures to detect the bypass of facial verification emerged to counteract these new ways of bypassing facial verification.

Moreover, all businesses need to know how fraudsters bypass facial verification and ultimately the use of facial recognition systems and other advanced software such as liveness detection solutions to counter facial or identity fraud.

This article thus discusses everything you need to know about how fraudsters bypass facial verification. You would also know how to overcome the challenge of identity fraud during your customer onboarding session

What is Facial Verification?

Facial verification confirms a person's identity by matching a live facial image with a trusted ID photo using biometric authentication. It plays a critical role in modern digital onboarding, fraud prevention, and compliance workflows.

To fully understand facial verification, it helps to first explore how facial recognition works and what facial recognition is. This is a broader biometric technology that maps facial features and compares them against a large database of faces to identify an unknown person. It performs a one-to-many match, typically used in surveillance or law enforcement to answer, “Who is this person?”

In contrast, facial verification is a one-to-one process. It does not identify a person from a crowd. Instead, it answers a more precise question: “Does this face match the identity on file?” For example, when a user uploads a selfie during account registration, the system verifies that the face matches the one on their submitted ID document without needing to search through a database.

This process helps verify that the person attempting to access a system or service is who they claim to be, a process called identity verification.

How To Detect Deep Fakes And Other Fraud

For most of the article, it has been established that malicious humans are constantly developing ways to bypass facial verification, in hordes as rings, using replay attacks, and many other sophisticated ways. The most likely way forward is to develop or adopt even more advanced tools that are adapted to present threats. Some ways to combat deepfakes and other sophisticated means fraudsters use to bypass facial verification include.

Get to know how fraudsters use deepfakes here.

1. Using Liveness Detection

Liveness detection technology makes sure that the user is physically present and not using an image or video. It detects even subtle signs of life, such as blinking, breathing, or changes in light reflection on the skin. This way, fraudsters cannot bypass the system using fake photos or videos, as the technology can differentiate between real human presence and artificial media.

2. Using AI-Based DeepFake Detection

Advanced AI algorithms are able to analyze and detect the slightest inconsistencies in fake images or videos, such as unnatural facial movements or distorted features that may not even be immediately visible to the human eye.

3. Implementing Multi-Factor Authentication (MFA)

Combining facial verification with other methods, such as password entry, fingerprint scanning, or one-time passwords (OTP), strengthens the customer identity verification process. Following this guide from Microsoft will help you in implementing MFA.

4. Using ID Data Matching and ID Document Verification

ID data matching and ID document verification are useful tools to verify the identity of a customer in real time. Youverify’s ID Data matching collects government ID and verifies it against its 300 million+ global government-backed database and document verification services.

How to Choose the Most Reliable Anti-Fraud Solution for Facial Verification

Not all anti-fraud solutions are built the same. As fraudsters become more sophisticated, choosing the right solution is just as important as having one in the first place. Here is what to look for:

1. Liveness Detection Capability:

Any solution worth considering must have active or passive liveness detection built in. This is your first line of defense against photo spoofing, replay attacks, and deepfake attempts. Confirm whether the solution uses passive liveness (no user action required) or active liveness (blink, turn head), as passive detection tends to offer a smoother user experience without compromising security.

2. AI-Powered Deepfake Detection:

Given the rise of tools like ProKYC, your chosen solution must be equipped with AI algorithms capable of detecting unnatural facial movements, inconsistencies in skin texture, and manipulated features that the human eye would miss.

3. ID Document Verification Integration:

A strong solution should go beyond just matching faces. It should also verify the authenticity of the identity document itself — checking holograms, MRZ codes, and cross-referencing details against a government-backed database in real time.

4. Multi-Factor Authentication Support:

The best solutions combine facial verification with additional security layers such as OTP, fingerprint scanning, or password authentication. Relying on a single verification method leaves gaps that fraudsters can exploit.

5. Regulatory Compliance:

Ensure the solution meets KYC and AML compliance standards relevant to your industry and region. This is especially critical for financial institutions, crypto exchanges, and fintechs operating across multiple markets.

6. Scalability and API Flexibility:

Choose a solution that can scale with your business and integrates easily into your existing onboarding or verification workflow through a reliable API.

FAQs on Facial Verification Bypass

1. Can facial verification be fooled by a photo?

Yes, basic face recognition systems can be fooled by a photo, but modern systems are specifically built to prevent this. Here's the simple breakdown:

Older or basic systems that only do a static face match can sometimes be tricked by holding up a printed photo or a photo on a phone screen in front of the camera.

Modern systems however use liveness detection, which is designed specifically to counter this. It checks that the person in front of the camera is a real, live human and not a flat image. This is done by asking the user to blink, turn their head, smile, or by detecting natural depth and movement that a photo cannot replicate.

This is why serious identity verification platforms , especially in banking and KYC processes combine face matching with liveness detection. A photo alone won't pass those checks.

2. How do fraudsters bypass facial recognition?

3. How Does Face Recognition Work, Step-by-Step?

Face recognition works in four basic steps: first, the camera detects and captures your face. Second, the system maps your facial features such as the distance between your eyes and the shape of your jawline. Third, it converts those features into a unique digital code. Finally, it compares that code against an existing record to confirm your identity.

4. What confuses facial recognition?

Facial recognition can be confused by poor lighting, extreme camera angles, heavy makeup, face coverings, significant weight changes, aging, or identical twins. Low image quality can also reduce accuracy.

5. How does liveness detection work in face recognition?

Liveness detection works by confirming that the person in front of the camera is real and present, not a photo or video. It does this by prompting the user to blink, smile, or turn their head, while also analyzing natural depth, movement, and skin texture that a flat image cannot replicate.

6. What is the difference between facial recognition and verification?

Facial recognition identifies who you are by searching your face against a database of many people. Facial verification simply confirms that you are who you claim to be by comparing your face to a single stored image, such as your ID photo.

7. How can I remove facial recognition?

This depends on the platform. Most apps allow you to disable facial recognition in the security or privacy settings and switch to an alternative login method like a PIN or password. For government or financial systems, facial data is typically retained as part of your identity record and cannot be removed by the user directly.

Using Youverify To Detect Fraud

Youverify offers a host of cutting-edge artificial intelligence-backed compliance technology that is powerful and sophisticated enough to detect and combat attempts to bypass facial verification from multi-factor authentication tools, including biometric verification, address verification, bank account verification, and liveness detection.

We are your go-to AML compliance and fraud detection software provider. Our solutions provide effective yet seamless AML compliance software for businesses of all sizes, including fintechs, brokerages, lenders, and crypto exchanges.

See how 1,000+ global companies use Youverify's fraud prevention and compliance solutions for real-time risk detection against deep fakes. To get started, book a demo today.

Youverify is a 2023 RegTech100 Company