| Risk | Security Functionality |
|---|---|
Definitions - imagine User A is already enrolled
False Acceptance Rate (FAR) - this is the probability that a given user B can pretend to be User A
This is the value that matters for authentication (getting into an existing account)
False Rejection Rate (FRR) - this is the probability that User A will be rejected when trying to authenticate again
This is the value that matters for uniqueness (preventing an existing user from falsely creating a duplicate / new account)
Accuracy:
FAR: 1 / 125,000,000 chance (Apple’s touch ID is 1/50K, and FaceID is 1/1M)
FRR: < 3 / 100,000
Works with beards, transparent glasses (not sunglasses), and makeup
3-Dimensional modeling based on facial features results in skin-tone agnostic accuracy
2D Images, Print Outs
3D FaceScan detects points in three-dimensions, meaning 2D images and prints are quickly dismissed
3D Masks, Ultra-realistic wax sculptures
A) 3D Liveness detection checks for liveness context throughout user’s face over time, meaning static or partially static faces (partially altered with wax/mask) will be detected
B) Active movement ensures user liveness; additionally, multiple user distances from camera generates high-fidelity liveness data
Video injection & DeepFakes
Technology detects when camera feed is being altered or user is trying to inject video
Additionally, technology detects deepfake videos & images
FaceScan alteration
FaceScans are encrypted to prevent alteration on the client side
Client-side device risk
A) SDK checking for risk signals on the device that would indicate likely fraud
B) Use obfuscation and checksums to ensure code base is not tampered with
