How Liveness Check Works
A liveness check runs as part of a biometric verification flow, typically sitting between document capture and facial match. The system analyses a camera feed — from a smartphone or webcam — to determine whether it is processing a real human face or an artefact designed to fool the sensor. The result is a confidence score; if that score falls below a configured threshold, the verification is rejected or escalated for manual review.
User captures a selfie or video frame
The user points their device camera at their face. Depending on the implementation, the system may request a short video clip or analyse a single high-resolution frame alongside sequential motion data captured over 1–3 seconds.
Frame pre-processing and quality check
The liveness engine checks image quality — lighting, resolution, occlusion, and face angle — before running analysis. Poor-quality inputs are rejected early, prompting a retake rather than wasting compute on an unusable frame that would inflate false rejection rates.
Anti-spoofing analysis
The core model examines texture gradients, depth cues, specular reflection patterns, and temporal motion consistency. For biometric-authentication systems using infrared sensors, the model also checks heat signatures that are absent in printed photos and screen replays.
Challenge-response (active flows only)
In active liveness checks, the system issues a randomised prompt — blink, smile, turn left — and verifies the user's response matches the instruction in real time. Randomisation is critical: it prevents replay attacks that use pre-recorded video clips captured in advance.
Liveness score generation
The engine outputs a confidence score, typically on a 0–100 scale. A score above the configured threshold passes; a score below triggers a retry or routes the session to manual review. Risk-based implementations adjust thresholds dynamically based on transaction value, geolocation, or device risk signals.
Result passed to identity match layer
On a successful liveness pass, the verified selfie is forwarded to a facial match algorithm that compares the live face against the photo on the submitted identity document. The combined liveness-plus-match result feeds the overall KYC decision engine and determines whether the account is approved.
Why Liveness Check Matters
Identity fraud is no longer limited to stolen passwords or compromised card numbers — attackers increasingly target biometric onboarding flows using synthetic and physical spoofing tools. Without liveness detection, any system relying on a selfie can be bypassed in seconds with a printed photograph from a social media profile. The scale of this problem has grown sharply as generative AI has lowered the technical barrier for creating convincing synthetic faces.
According to iProov's 2024 Biometric Threat Intelligence Report, face swap deepfake attacks targeting digital identity verification systems surged 704% in H2 2023 compared to H1 2023. Jumio's 2023 Online Identity Study found that 67% of businesses experienced identity fraud in the prior year, with document and biometric spoofing cited among the most prevalent attack vectors. The FTC recorded $10.3 billion in total consumer fraud losses in 2023, a significant portion of which originated at account-opening and identity-verification touchpoints — the exact moment a liveness check would intervene.
For payment providers operating under know-your-customer obligations, a compromised onboarding flow is not merely a fraud loss — it is a compliance failure that can attract regulatory sanction, fines, and reputational damage. Liveness detection has become a baseline control in FATF-aligned digital identity programmes worldwide.
Regulatory context
eIDAS 2.0 and the EU's forthcoming Anti-Money Laundering Regulation (AMLR) both signal that remote biometric identity verification must include certified anti-spoofing controls. iBeta ISO 30107-3 Level 1 and Level 2 certification is increasingly the benchmark regulators and enterprise buyers use to evaluate vendor claims.
Liveness Check vs. Static Photo Verification
Static photo verification — matching a submitted selfie against a document photo using facial recognition alone — was the first generation of remote identity checks. It remains widely used in low-risk flows but offers essentially no spoofing resistance. Liveness detection is the critical upgrade that closes the gap between convenience and security. The table below compares both approaches across the dimensions that matter most to payment operators.
| Dimension | Static Photo Verification | Liveness Check |
|---|---|---|
| Spoofing resistance | Low — defeated by a printed photo | High — detects photos, videos, masks, deepfakes |
| User friction | Minimal (single selfie) | Low (passive) to moderate (active) |
| Deepfake detection | None | Partial to strong, model-dependent |
| Compliance suitability | Insufficient for regulated KYC | Meets FATF / eIDAS 2.0 anti-spoofing expectations |
| Implementation cost | Low | Moderate — vendor SDK or API required |
| False rejection rate | Very low | 0.5–3% depending on vendor and threshold |
| Suitable use case | Low-risk, low-value flows | Regulated onboarding, high-value accounts |
Types of Liveness Check
Not all liveness checks work the same way. Vendors implement different underlying technologies, each with distinct trade-offs in accuracy, user experience, and resistance to emerging attack vectors. Choosing the right type depends on your regulatory environment, the device capabilities of your user base, and your acceptable friction levels.
Active liveness requires the user to respond to a real-time, randomised prompt — blink, nod, smile, or turn their head. The unpredictability of the challenge makes replay attacks impractical. Active checks deliver strong spoof resistance but add 5–15 seconds of interaction time, which measurably impacts completion rates in high-volume consumer flows.
Passive liveness performs the entire analysis invisibly in the background. The user simply looks at the camera; the AI model detects micro-textures, 3D depth cues, and natural micro-expressions to confirm presence. Passive liveness is preferred in consumer payment onboarding where conversion is a top-line metric alongside fraud prevention.
Challenge-response with 3D depth sensing uses device-side hardware — Face ID infrared projectors, structured light cameras — to build a depth map of the face. This is the most robust technique against physical presentation attacks but requires compatible hardware, limiting coverage on lower-end Android devices.
Video injection detection is an emerging specialisation that targets deepfake-fraud at the software layer, where a virtual camera pipes a synthetic face directly into the app rather than presenting a physical spoof to the real camera. Modern liveness vendors now include injection detection as a parallel layer alongside traditional presentation attack detection (PAD).
ISO 30107-3 certification
ISO 30107-3 is the international standard for biometric presentation attack detection. iBeta-certified Level 1 testing covers basic spoofing artefacts; Level 2 covers sophisticated attacks including silicone masks and injection methods. Buyers should request the specific iBeta report, not just a general claim of compliance.
Best Practices
Deploying liveness checks effectively requires coordination across business, product, and engineering teams. Poorly tuned systems either miss fraud or frustrate legitimate users — both outcomes carry real and measurable cost in a payment context.
For Merchants
Choose a vendor with current iBeta ISO 30107-3 certification so you have objective evidence of spoof resistance rather than marketing claims. Use passive liveness as your default and escalate to active challenges only when fraud-detection risk scoring flags elevated signals — this protects conversion for the majority of genuine customers. Align your liveness confidence threshold to the risk profile of the onboarded customer: a business account opening justifies higher friction than a low-value consumer wallet registration.
Review liveness analytics monthly to track false rejection rates and spoof attempt volumes. Spikes in either metric signal that attackers are actively probing your implementation or that environmental issues are degrading model performance. Maintain a manual review queue for near-threshold sessions rather than auto-rejecting them — this recovers legitimate users who fail due to poor lighting or device quality, without exposing you to obvious fraud.
For Developers
Implement liveness via a vendor SDK or API rather than building from scratch. The attack surface is large, models require continuous retraining, and the liability for a breach falls on you if you have built an unproven custom solution. Ensure your integration passes raw frames or video directly to the liveness SDK without pre-processing steps that strip the texture or motion artefacts the model depends on for its analysis.
Handle account-takeover re-authentication flows as a distinct use case from initial onboarding. The risk profile differs — a returning user on a known device warrants a different threshold than a first-time onboarding on an anonymous device. Version-pin your SDK integrations and monitor vendor changelogs closely; liveness models ship updates frequently as new attack patterns emerge, and falling behind by even one major version can leave your implementation exposed.
Common Mistakes
Even well-resourced teams make predictable errors when deploying liveness checks. These five mistakes account for the majority of bypassed controls and unnecessary user friction seen in live payment environments.
Calling facial similarity matching a liveness check. Some older or lower-cost KYC vendors perform only a facial recognition match without any anti-spoofing layer. Always request an iBeta report or ask specifically which PAD technology is implemented. Matching a selfie to a document photo is a useful control, but it is not a liveness check and offers no resistance to a spoofing attack.
Setting a single global confidence threshold for all risk tiers. A 90% confidence threshold appropriate for high-value business account opening will over-reject legitimate users in a consumer low-value context. Risk-based threshold management — tied to transaction value, customer segment, device trust, and geolocation — is essential for balancing security and conversion.
Ignoring video injection attacks. Most teams focus exclusively on physical presentation attacks and neglect software-layer injections where a virtual camera pipes a deepfake directly into the application. Ensure your liveness vendor explicitly covers injection detection, and supplement with device integrity signals from the Play Integrity API or Apple DeviceCheck.
Failing to update liveness models regularly. Threat actors actively probe liveness systems and iterate their techniques rapidly. A model that passed iBeta certification two years ago may be defeated by today's generative AI tooling. Contractually require your vendor to deliver model updates on at least a semi-annual basis and re-test after each major update.
Treating liveness as a standalone fraud signal. Liveness detection answers one narrow question: is this a live face? It does not confirm the face matches the document, that the document is genuine, or that the session originates from a trusted device. Liveness must be one layer within a defence-in-depth stack that also includes document authentication, device fingerprinting, and behavioural analytics.
Liveness Check and Tagada
Tagada orchestrates payments across multiple PSPs and acquirers, but the identity layer — including liveness checks — lives upstream in the onboarding and KYC stack that feeds Tagada with verified customer and merchant records. The quality of that verification directly determines the fraud and chargeback exposure that flows through Tagada's payment orchestration layer. Synthetic identities and spoofed onboarding that bypass liveness detection upstream become costly fraud incidents downstream.
If you are building a payment flow on Tagada and onboarding merchants or end users programmatically, configure your KYC provider to enforce liveness detection before passing a verified customer status to Tagada. Blocking synthetic identity fraud at the onboarding gate is significantly cheaper than remediating it after transactions have been processed — chargebacks, AML investigations, and account closures all carry costs that liveness detection at entry prevents.