“FaceTec emphasized the threat of deepfake technology in particular, citing recent reports from Pennsylvania State, Zhejiang University, Shandong University, and the European Union Agency for Cybersecurity in calling it the number one threat to remote identity proofing systems.”
FaceTec is doubling down on its pioneering spoof bounty program, raising the total potential payout from $100,000 to $200,000.
The program was first launched in October of 2019, when FaceTec announced a three-level spoof bounty program would pay up to $30,000 to enterprising hackers who were able to trick its face-based authentication system into a false positive. In 2020, the company upped the ante significantly, raising the total potential payout to $100,000, with various sums offered across five categories of presentation attack, having added a fourth level testing against biometric template tampering, and a fifth level in which hackers would attempt to bypass a device’s camera to fool the system.
In announcing its latest increase to the spoof bounty payout, FaceTec emphasized the threat of deepfake technology in particular, citing recent reports from Pennsylvania State, Zhejiang University, Shandong University, and the European Union Agency for Cybersecurity in calling it the number one threat to remote identity proofing systems. FaceTec CEO Kevin Alan Tussy, who has previously spoken with FindBiometrics in detail about the spoof bounty program, suggested that independent testing authorities have struggled to keep pace with hackers.
The persistent threat of ‘spoofing’ or ‘presentation attacks’ has given rise to growing concerns in recent years about biometric systems’ capabilities of detecting the use of techniques that are designed to mimic legitimate biometric credentials for fraudulent purposes. These concerns have led a growing number of vendors to put their solutions through third-party testing programs, which evaluate solutions based on their compliance with the three levels of the ISO 30107 presentation attack detection standards. In maintaining an active bounty program, FaceTec is effectively undergoing an ongoing, public evaluation that remains subject to the constantly evolving spoof-threat landscape.
“We hoped PAD testing labs would evolve with threats, but they haven’t kept up, allowing unscrupulous liveness vendors to dramatically exaggerate their security levels,” he said. “Organizations choose FaceTec because security is paramount to them. Breaches can now cost billions, and more people are being hurt by identity theft than ever before. FaceTec’s mission is to stop fraud, not just check a regulatory box.”
FaceTec’s doubling down on its spoof bounty program is remarkable not only as a sign of the company’s confidence in its biometric authentication technology, but also a signal of its ongoing commitment to transparent industry leadership after FaceTec’s allegation at the start of this year that a rival vendor had exploited the spoof bounty program to steal trade secrets.
April 18, 2022 – by Alex Perala