Facial recognition and anti-spoofing

woman with facial recognition matching ID.

Last updated on December 4th, 2023 at 04:02 pm

Facial recognition technology is leading the charge in improving cybersecurity measures. The ability to verify a person’s identity from an image or video creates opportunities for businesses to use software and apps like never before.

This is especially useful as businesses turn away from in-person transactions and rely more on e-commerce and mobile banking.

Like all new technologies, facial recognition is not without its vulnerabilities, so it is essential for businesses utilizing the technology to take all possible precautions in order to protect their business. One of the most common attacks on face recognition technology, also referred to as biometric face recognition, is spoofing.

IDScan.net’s facial recognition solutions are all equipped with an anti-spoofing engine, which can help prevent attacks and reduce face recognition spoofing from fraudulent sources. We offer this face anti-spoofing technology as a part of our facial recognition solutions or as an SDK.

What is facial recognition?

Facial recognition, simply put, is technology that can recognize a human face. Facial recognition systems capture an individual’s face from a photo or video and compare the data received to a database of known faces. The facial recognition comparison works by analyzing a person’s unique facial shape and features. Sophisticated algorithms are used to map out a person’s facial signature.

Man holding a photo up to the camera

This technology is becoming increasingly widespread, as more industries see its usefulness. The world’s largest airport, the Hartsfield-Jackson airport in Atlanta, Georgia, was the first to launch a biometric terminal, using facial recognition for boarding in its Delta terminals. Due to the success of the pilot program, with 70% of flyers finding the experience appealing and a less than 2% opt-out rate, Delta implemented the same system at Minneapolis-Saint Paul International Airport and Salt Lake City International airport.

Many implementations of facial recognition technology have become so commonplace that consumers often don’t realize the sophisticated software at play. Facebook uses facial recognition when a user uploads a photo in order to suggest tagging other people featured in the photo. Apple uses the technology so that users, in lieu of a password, can use their face to unlock their iPhone.

How face recognition applications work

Software systems will have slight variations depending on how they are built and their end goals but generally follow the same basic functions.

  1. Detect
    The process begins as a camera searches for and finds faces. This can be done for either a single face or a crowd of people. The technology tends to work best when the subject is looking directly at the camera. Once a face is found, an image is captured.
  2. Analyze
    The image is used to analyze the face’s unique features, including the distance between the eyes, the shape of cheekbones, and the distance from the forehead to the chin. This creates an individual’s facial signature.
  3. Match
    The facial signature is then used to identify the person. Facial signatures can be matched to a database of faces or to an image, such as one on a Driver’s License.

Facial recognition technology is still evolving, which means that methods of attacking these softwares are evolving as well. That is why it is important to not only implement anti-spoofing measures but to ensure you are staying up-to-date with the latest systems and techniques.

How to prevent spoofing

Cybercriminals have a few primary methods of attempting to trick facial recognition applications. Any attacks on your facial recognition solutions could pose a risk to your business’ privacy and security, making it crucial to include face anti-spoofing technology to your facial recognition system.

A common way fraudsters try to spoof facial recognition technology is with photographs or videos. Attackers will use a photo or short video of the person they are attempting to imitate in an attempt to trick the software into verifying their identity.

woman holding a video up to the camera

A newer method of attack is using 3D masks. This type of attack is rather sophisticated, and it is becoming increasingly common. The usage of 3D masks can deceive facial recognition system depth sensors in ways a photo or video could not.

To combat attacks, your business can use the techniques listed below. The most reliable anti-spoofing results will be generated through a combination of multiple solutions.


Challenge-Response is a relatively easy way to combat most common methods of spoofing. A user is required to take a specific action, such as smiling or turning their head left or right. These actions can be combined to make the anti-spoofing techniques more thorough.

Local binary pattern (LBP)

The local binary pattern technique is a texture image analysis, which is helpful primarily when used in conjunction with other methods of anti-spoofing. The process takes place by splitting up the greyscaled images into smaller sections with detailed pixels. A histogram is created for each section to describe the texture of that specific patch. From here, the histograms are combined and can be fed into another algorithm to determine the authenticity of the image.

Blink detection

The blink detection method is used to highlight a key difference between real and fake faces and is especially useful against photo-based spoofing attacks. This method looks for a human’s natural blinking, which is on average 15-30 times per minute, lasting about 250 milliseconds each in order to determine if the face is real.

3D cameras

One of the most reliable methods to combat spoofing is the use of 3D cameras. These cameras offer extreme accuracy against precision attacks due to their ability to generate fine pixel depth data. While other types of techniques may be unable to differentiate a face between a flat shape, 3D cameras can. Additionally, you can access 3D cameras with web cameras and even your smartphone, which allows more and more companies to rely on this method for anti-spoofing.

IDScan.net’s anti-ppoofing facial recognition technology

We know that implementing and staying up-to-date with your facial recognition technology can be overwhelming. Fortunately, IDScan.net offers facial recognition anti-spoofing technology that is already included with all of our facial recognition solutions or can be purchased separately as an SDK or API. With our anti-spoofing solution in place at your business, you can prevent photo or video attacks, as well as 3D mask attacks.

IDScan.net has developed cutting-edge facial recognition technology that allows our customers to detect, identify, and verify people in photos or live video streams. Our technology can be used in a variety of ways but has two primary implementations. The first is using facial recognition in live video streams for visitor management. This allows your business to welcome frequent guests upon arrival and recognize previously banned persons to alert security before they gain access to the premises.

The second common application of IDScan.net’s facial recognition is in our document verification service (DIVE API). This service requires users to take three images – the front of their ID, the back of their ID, and a selfie. The barcode fields from the back are compared with the recognized fields from the front and the ID’s face image is compared with the anti-spoof checked selfie image.

At IDScan.net, we offer free demos of our facial recognition anti-spoofing technology. This can better help your business adapt to the solutions or to determine if they are a good fit for your business’ security and privacy needs.