“We put our AI to the test so that users of the FaceTec software can be shown — and not just told — just how secure FaceTec’s 3D Liveness Detection.” – Kevin Alan Tussy, CEO, FaceTec
FaceTec has tripled the total potential payout of its Spoof Bounty Program, raising the prize for successful spoof and camera-bypass attacks to $600,000.
First launched in the fall of 2019, the Spoof Bounty Program invites enterprising hackers to try to fool FaceTec’s face-based authentication system, which features sophisticated liveness and presentation attack detection capabilities. Initially, the program offered a prize of up to $30,000, which was then raised to a payout of $100,000 in 2020, and doubled to $200,000 last spring.
For FaceTec, the bounty program offers two key benefits. It incentivizes white-hat security researchers to really try to hack its flagship biometric technology, enabling FaceTec to quickly become apprised of any security flaws that might need to be addressed. And in so doing, it demonstrates the quality and effectiveness of FaceTec’s solution, especially now that it offers such a sizeable payout to successful spoofers – no biometrics company would make such an offer without being confident that payouts will be rare, if they occur at all.
In other words, it’s a way for FaceTec to put its money where its mouth is.
“We put our AI to the test so that users of the FaceTec software can be shown — and not just told — just how secure FaceTec’s 3D Liveness Detection is,” explained FaceTec CEO Kevin Alan Tussy. “FaceTec backs its 3D Liveness software in a way that no 2D Liveness vendor will ever be able to replicate. After rebuffing more than 130,000 bounty program attacks over the last three years, we’ve learned a tremendous amount about potential threat vectors and how to stay ahead of them.”
FaceTec’s Spoof Bounty is offered in increments across five different levels of success in spoofing. Level 1, for example, involves the use of digital photos, challenge-response videos, and paper masks, while Level 3 entails the use of 3D masks or wax head sculptures, and Level 5 challenges the hacker to take over the camera feed and inject previously captured video frames.
The upped ante comes after an important development on the legal front, concerning a class action lawsuit filed against the company earlier this year under Illinois’s Biometric Information Privacy Act (BIPA). FaceTec has since responded to the complaint, providing proof that its data practices preclude it from BIPA’s jurisdiction. The plaintiff’s counsel reviewed the new information and dismissed the case. The result echoes a recent high-profile BIPA outcome involving Apple. The consumer tech giant won a BIPA case concerning the biometric tech on its iPhones, which are private and opt-in by design – Apple, like FaceTec, does not collect or store user biometric data.
“FaceTec never receives or processes any PII or biometric data from its customer’s users,” a FaceTec representative told FindBiometrics. “BIPA does not apply to FaceTec.”
January 31, 2023 – by Alex Perala and Peter Counter