Presentation Attack Detection (Liveness / PAD)
Techniques and tests that detect spoofed biometric samples (e.g., masks, replays, synthetics) to ensure the sample is from a live, consenting subject.
Overview
Presentation Attack Detection (PAD) protects biometric systems from spoofs such as printed photos, silicone fingerprints, recorded voices, or AI-generated samples. It’s a cross-cutting layer used with face, voice, fingerprint, iris and other modalities.
How it works
- Capture: Sensor or camera acquires the sample.
- Signal analysis: Algorithms look for cues inconsistent with live traits (e.g., texture, reflectance, micro-motions, audio artifacts).
- Decision & score: The PAD subsystem outputs a score or decision (bona fide vs attack).
- Policy: Systems combine PAD with biometric matching and business rules to accept/deny or request step-up verification.
Common use cases
- Remote onboarding / selfie match
- Contactless border checks
- KYC and high-risk transactions
- Access control and workforce auth
Strengths and limitations
Strengths: Mitigates common spoofs; complements matching; standard metrics for evaluation.
Limitations: Attack diversity; new synthetic media; environment variability; false rejections at strict thresholds.
Key terms
- APCER/BPCER: Core PAD error metrics from ISO/IEC 30107-3.
- PAI (Presentation Attack Instrument): The artifact used to attack.
- Attack potential: Effort/resources required to mount an attack.
References
Vendors using Presentation Attack Detection (Liveness / PAD)
Latest Data Cards
Data Card Aware announces third-party testing results across PAD, bias testing, DHS RIVR, and passkey readiness
2026-02-17CC-BY-4.0padpasskeys-webauthnfacial-recognitionawareAware released external validation results across ISO/IEC 30107-3 Level 2 presentation attack detection, ISO/IEC 19795-10 bias testing, DHS Rapid Identity Verification Rally participation, and FIDO2 passkey readiness.
- Aware achieved ISO/IEC 30107-3 Level 2 PAD certification, covering advanced presentation attack scenarios.
- The company also demonstrated ISO/IEC 19795-10 bias testing compliance and FIDO2 passkey readiness.
- DHS RIVR participation builds on Aware's top performance in prior DHS security testing announced in June 2025.
Data Card iBeta liveness certifications point to market shift as Level 2 becomes the norm
2026-02-12CC-BY-4.0padAn analysis of iBeta's 2025 certification activity—55 confirmation letters covering 40 companies—finds a near-even split between Level 1 and Level 2 presentation attack detection certifications, indicating that Level 2 is transitioning from a premium feature to a baseline procurement requirement, particularly in financial services and identity verification.
- Passive liveness approaches accounted for the majority of certifications in 2025, meaning systems that require no explicit user action.
- Identity verification providers represent over half of certified companies, reflecting certification's role as a standard procurement prerequisite.
- iBeta introduced Level 3 testing in mid-2025 targeting advanced attacks such as hyper-realistic masks, expected to shape market conversations in 2026.
Data Card India mandates biometric liveness checks and geo-tracking for crypto KYC
2026-01-22CC-BY-4.0padIndia issued requirements for cryptocurrency KYC that include biometric liveness detection and geo-tracking during onboarding.
- KYC procedures must include biometric liveness checks.
- Geo-tracking is required as part of the onboarding process.