Incognia introduces new Location-based Liveness Spoofing Detection Solution

Detecting the use of Deepfake videos with a zero friction experience

Today we announced a new Incognia identity fraud detection module to address biometric liveness spoofing through the use of deepfakes. 

Most of the latest generation Onboarding solutions employ biometrics as part of identity verification. Typically a user is required to perform a selfie and pass a “liveness detection” test before being able to open up a new account.

Identity fraud using deepfake 

One of the new fraud schemes to emerge is fraudsters using fake identities and deepfakes to spoof biometric liveness tests  and create new accounts for nefarious reasons including:

  • Take advantage of sign-up bonuses.  Several Crypto Exchanges offer the equivalent of $5 to $50 in cryptocurrency to customers opening new accounts1. Fraudsters are exploiting these offers and pocketing thousands of dollars daily in sign-up bonuses.
  • Open “Money Mule Accounts” for money laundering purposes. Illegally earned money is laundered by transferring funds multiple times across a sequence of different accounts to elude traceability by authorities and regulators2.

According to analysts, the  costs associated with deepfake scams may have exceeded $250 million in 20203

From a recent poll4 in the US and UK, it looks like 

  • 85% of consumers agree that deepfakes will make it harder to trust what they see online
  • 75% of consumers would use an online service that could prevent deepfakes.

There are two ways that deepfakes are being used by fraudsters to spoof liveness

  • Injection Attacks: the deepfake video is injected into the onboarding app using an emulator, a rooted or jailbroken device
  • Presentation Attacks: the deepfake video is played using another device and then is presented in front of the device with the onboarding app.

Protection against deepfakes and liveness spoofing

Incognia Location-based Liveness Spoofing Detection is an important overlay to biometric face recognition to enable the immediate recognition of biometric liveness spoofing attempts. Untrusted devices can be blocked based on the Incognia Location-based Liveness Spoofing Detection:

  • Deepfake Injection Attack: Incognia detects liveness spoofing at the origin, and detects if the device has been rooted, jailbroken or if an emulator is in use.
  • Deepfake Presentation Attack: Incognia checks association between devices, device location, re-installations, and accounts, to assess suspicious device behavior. 
  • Device Watchlist Check: Incognia creates Watchlists for fraudulent devices that have been reported as high risk and locations that have been associated with liveness spoofing and fraud. Incognia checks to see if the device is present on a Device or Location Watchlist.

The Incognia experience is totally frictionless for the user: the Incognia solution acts in the background, so there is no additional friction for legitimate users while they are taking the biometric liveness test.

Incognia Location-based Liveness Spoofing Detection is enabled via the same mobile SDK and APIs used by the other Incognia fraud detection modules and works on both iOS and Android devices. Data collected by the SDK is anonymized with hash and encryption techniques and Incognia adheres to privacy by design guidelines.

To learn more about Location-based Liveness Spoofing Detection please read the Solution Brief and view our online resources library.

1. https://www.thewaystowealth.com/make-money/crypto-signup-bonuses/
2. https://www.revelock.com/en/blog/how-criminals-use-mule-accounts-to-launder-their-money
3. https://www.forrester.com/blogs/predictions-2020-cybersecurity/
4. https://www.iproov.com/wp-content/uploads/2021/05/iProov-Deepfakes-Report.pdf

Most recent

The Rise of the Super App and the Role of Location

In location-based apps, such as food delivery, all users opting in for sharing now have the opportunity for an added security bonus.

Geolocation [An updated definition for identity, authentication, and fraud prevention]

The definition of what geolocation is, and what it can do should be revisited. Geolocation is not limited to GPS and IP Addresses.

Swipe Left for Location Spoofing

Study of 24 leading dating Apps shows 37% can be location spoofed, threatening trust and safety for users.