“We launched Liveness.com last year to explain how proving a real human is present during biometric data collection was the key to stamping out identity theft while retaining privacy and preventing biometric data reuse, and now we believe that to achieve total transparency in the marketplace, every Liveness vendor needs to stand-up their own public Level 1-5 spoof bounty programs and prove that their technology is secure.” – Kevin Alan Tussy, CEO, FaceTec
FaceTec has upped the ante for its spoof bounty program, increasing the total amount of payouts available to $100,000 across five categories.
The spoof bounty program pertains to FaceTec’s 3D Face Authentication solution, which allows end users to confirm their identity with a brief video selfie. The system uses sophisticated liveness detection technology to spot potential presentation attacks, with FaceTec having been third-party lab certified to both Level 1 and 2 of the ISO 30107 presentation attack detection (PAD) standard.
Not content to rest on its laurels, FaceTec launched its multi-tier spoof bounty program last autumn, initially offering a total of $30,000 to hackers who are able to fool its biometric system. Level 1 paid out $15,000 to anyone who could spoof the system using a hi-res photo or video. Level 2 offered $10,000 for presentation attacks using materials like latex and silicone masks, while Level 3 would give $5,000 for attacks based on highly realistic 3D sculptures.
Now, the payout for Level 2 has been bumped up to $15,000, while the reward for Level 3 has been increased to $20,000; and two additional levels have been added.
A Level 4 attack would involve the successful decryption and editing of a pre-existing 3D FaceMap. In other words, the hacker would be able to fool the system by editing the biometric template against which it matches a legitimate user – a feat entailing a $30,000 reward.
Level 5 requires the hacker to successfully take over the end user device’s camera feed and insert previously captured frames in order to fool the system. That would net a payout of $20,000.
In a statement announcing the spoof bounty program, FaceTec CEO Kevin Alan Tussy raised concern over the emergence of “unscrupulous liveness vendors” that have been exaggerating the sophistication of their technologies. “With the world in the midst of a pandemic, this is not the time to be gaming testing, hyping phony PAD credentials, and selling inferior Liveness Detection that will endanger the digital security of companies, governments, and end-users,” he said, adding later, “we believe that to achieve total transparency in the marketplace, every Liveness vendor needs to stand-up their own public Level 1-5 spoof bounty programs and prove that their technology is secure.”
FaceTec says that so far there have been more than 35,000 spoof attempts against its solution through its bounty program, and that its technology currently has an accuracy rate greater than 99.997 percent.
August 5, 2020 – by Alex Perala