Biometric Authentication – How Do Fraudsters Try to Bypass These Checks?

  • Richard Marley
  • January 11, 2021
  • 6 minutes read
  • 5776

Biometric authentication is one of the ideal ways of dealing with fraudsters. Unfortunately, criminals have become sophisticated over time and now, they are figuring out better ways to bypass these checks. We are fortunate to have AI-powered solutions that cannot be dodged easily. However, taking necessary precautionary measures always helps. Since conventional methods for verifying customers is long gone, the trend for AI-based biometric authentication is what every industry needs. Identity theft fraud is the main reason behind the rising use of biometric authentication. Also known as liveness detection, biometric verification is a great way of combating identity theft fraud. 

Did you know in 2019, a US company lost 10 million dollars reportedly due to an audio deepfake of the CEO that requested money transfers? The rising numbers and methods of identity theft demands a robust solution for combating fraud and biometric authentication is one of the best ways. Read this blog and find out the two ways fraudsters use as a bypass attempt and why they are not successful. 

The Two Methods for Dodging Biometric Authentication

Wearing face masks is the oldest trick in the book for fooling biometric authentication checks. Nowadays, fraudsters use technology for deceiving the checks. Editing videos and audio files with content as per their needs is the latest trend. Also known as deepfakes, fraudsters use deep learning techniques to make people believe the false. 

  • Spoofing

Apart from using glasses and face masks for spoofing, there are plenty of other complex methods that fraudsters use for spoofing. In the modern world, it is not a problem for acquiring someone’s picture and using it for illegal activities. With the help of technology, they edit photos and use it during biometric authentication.

2D and 3D Face Masks 

By performing a facial artefact, imposters use advanced automated printing to create a 2D mask or buy a 3D mask for a few euros. In more advanced spoof attacks, imposters use face masks of real people to verify the image on the ID document during biometric verification. Asking the end-user to move their face, eyes, and smile are some of the techniques used to identify spoof attacks. 

Read our Whitepaper for more information on Biometrics: Banking on Biometrics: The Future of Customer Authentication



Apart from 2D and 3D face masks, deepfakes are an emerging threat for businesses too. Imposters edit videos and audio files according to their needs. For instance, a video can be edited to change background or statements so that they seem authentic while demanding any information or money. Why do fraudsters use deepfakes? Well, they are well-aware of the fact that companies have developed strong authentication measures for securing their emails. They need a better method for deceiving companies and deepfakes is one of the ways cybercriminals are using these days. 

In 2019, cybercriminals mimicked the voice of a CEO of a large energy firm and demanded £220,000 from the employees. Similarly, Obama’s video was also edited in which he used certain names for Donald Trump. In reality, it was a deepfake and the event occurred in 2018. Another example of deepfake is the US House Speaker Nancy Pelosi’s video. In that video, her statements were slowed down by 25% which made it look like she was drunkenly stumbling over her words.    

  • Bypassing

In this case, fraudsters try to hack the biometric authentication system rather than using any impersonation techniques. Their target is the weaknesses in the biometric authentication system and the idea is to alter biometric authentication system’s data. For instance, imposters can inject a pre-recorded video in the biometric system. However, advanced biometric authentication checks do not allow fraudsters to bypass. With the help of liveness detection checks, it gets easier to identify bypass attacks in no time. 

Read more: Biometric Authentication Technology – Everything you Need to Know

How Does Biometric Authentication Prevent Spoofing and Bypassing?

Biometric authentication checks for live presence of the customer. In case of stolen identities, the image in the government-issued ID document is verified through a selfie that the user has to submit during verification. Moreover, 3D mapping, skin texture analysis, 3D sensing, and various other techniques help in identifying spoof attacks within seconds. Users are asked to blink, nod, smile, and talk to the verification expert to prevent spoof attacks. 

In 2021, we are expecting deepfakes to increase in number, while 2D and 3D masks are not expected to decrease at all. Artificial Intelligence has made it easier for fraudsters to develop better spoofing measures. However, biometric authentication checks have become sophisticated too. A simple skin color change in a photo will not help criminals to fool authentication checks. Skin texture analysis and self-trained AI models in biometric authentication can detect any facial spoof attacks. Moreover, liveness detection is performed to ensure higher levels of accuracy in the biometric verification checks. 

It All Narrows Down To…

Biometric authentication is one of the best ways to combat identity theft, especially 2D and 3D masks, and deepfakes. Skin texture analysis, 3D mapping, depth sensing, liveness detection, and other techniques have enhanced the accuracy of biometric authentication. There are two methods that fraudsters use for surpassing biometric authentication checks – spoofing and bypassing. Both these methods use advanced technology and criminals can achieve their illegal goals. However, facial biometric authentication backed with Artificial Intelligence can easily prevent spoof attacks. 

Shufti Pro’s enhanced biometric authentication checks deploy thousands of AI models to authenticate an identity and verify the live presence of the customer. With 98.67% accuracy, our solutions ensure that your company stays safe from facial spoof attacks.