Identity Document, Biometric Face Match and Liveness

Identity Document Verification

Identity document verification is done by scanning and validating the integrity of a government-issued identity document. Verify support Passports, Driving Licences, or National ID Cards.

The document verification process uses image analysis techniques, Physical tamper checks, and electronic chip-based verification to confirm the integrity of the provided ID document.

1. Visual & Data Integrity Checks (Optical)

The system relies on Optical Character Recognition (OCR) and template matching using the camera's high-resolution image.

• MRZ Checksum Validation: For passports and ID cards with a Machine-Readable Zone (the code at the bottom), the software calculates the check digits (mathematical checksums) to ensure the data lines are valid and have not been generated by a random number generator.

• VIZ vs. MRZ Consistency: It extracts data from the Visual Inspection Zone (VIZ), the normal text fields like Name and Date of Birth using OCR and compares it against the data in the MRZ. Any mismatch (e.g., a name spelled differently or a date altered in one place but not the other) triggers a failure.

• Template Matching (Pattern Recognition): The image is compared against our providers global library of document templates. The software verifies the precise location of logos, the font type and size, and the background "guilloche" patterns (fine wavy lines) to ensure they match the issuing authority's standards.

2. Physical Security & Tamper Detection

To detect forgeries or "presentation attacks" (spoofing), the system analyses the physical properties of the document image.

• Photo Tampering Detection: The algorithms analyse the pixel density and edges around the photo area to detect "paste-over" attacks (where a fraudster glues a new photo over a stolen ID) or digital manipulation.

• Material Presence (Liveness): The system checks for artifacts that suggest the document is not real plastic or paper. This includes detecting screen refresh rates (moire patterns) if someone is holding a phone up to the camera, or lack of depth if they are presenting a printed paper photocopy of an ID.

3. Electronic Verification (NFC for Passports)

When a passport or e-ID is available and the phone is NFC-enabled, the system performs the "Gold Standard" cryptographic checks. This is the most reliable way to verify integrity because the data is cryptographically signed by the issuing government.

• Chip Access (BAC/PACE): The app reads the MRZ to generate a key (Basic Access Control or PACE) to unlock the RFID chip. If the chip cannot be unlocked using the printed MRZ data, it suggests the physical page does not belong to the chip (a cloned or altered page).

• Passive Authentication (Data Integrity): The software validates the Document Signer Certificate (DSC) against the Country Signing Certificate Authority (CSCA). This confirms that the data on the chip was signed by the government and has not been altered by a single byte since issuance.

• Active Authentication (Cloning Detection): The chip is sent a random "challenge" which it must sign with its private key. A cloned chip will not have the private key and will fail this test, proving the physical document is the original.

Biometric Face Match

Biometric technology is critical to reliable identity verification. During the user journey, clients are required to capture a ‘selfie’.

The This process involves Biometric Feature Extraction, where the software maps the geometry of the face from both the selfie and the ID photo. It typically analyses 68 specific nodal points, measuring the distance between the eyes, the width of the nose, the depth of the eye sockets, and the shape of the jawline. The algorithm creates a mathematical template for each image

The result of this comparison is a Similarity Score (or Confidence Score). The system generates a probability percentage (0–100) indicating how likely it is that the two images depict the same individual. This score is compared against a pre-defined Acceptance Threshold.

Beyond the standard geometric match, the process performs Deepfake & Injection Attack Detection. While liveness detects physical masks, this specific check ensures the camera feed itself hasn't been hijacked. It analyses the video stream for pixel inconsistencies, unnatural lighting boundaries, or metadata anomalies that suggest the image was generated by AI or injected via a virtual camera driver rather than captured directly by the phone’s hardware lens. This ensures the "person presenting" is physically holding the phone, not digitally simulating the camera input. This is why we only use native mobile apps to capture images and not web-based capture or allow image uploads. By using native apps we can prevent hijacking of the video stream.

If an e-passport is used, the chip photo will be extracted using NFC (Near Field Communication) technology. This provides a gold standard of verification as the chip photo, portrait photo and selfie photo are all cross-validated as part of the check.

Passive Liveness Test

Liveness detection is designed to ensure that the biometric data provided during an identity verification process comes from a real, live person rather than a spoof or static image. Unlike methods that rely on real-time challenges, passive liveness runs silently in the background without requiring any physical interaction from the user.

The system analyses natural visual cues, such as skin texture, light reflections, and micro-movements, to distinguish a live human face from a photograph, mask, or video. By doing so, passive liveness adds an extra layer of security against spoofing attacks while keeping the verification process seamless and frictionless for the user.

The advanced passive liveness technology is certified as meeting the highest international standard of ISO 30107-3 iBeta Accreditation Level 2 PAD.

Certification to this standard requires to the following to have been achieved:

• ISO 30107-3: This international standard is the foundational framework for testing and evaluating how effectively a liveness detection solution can detect and defend against presentation attacks (spoofing attempts like photos, videos, or masks).

• iBeta Accreditation: iBeta is an independent testing lab accredited to perform testing against the ISO 30107-3 standard.

  • Level 1 PAD: Confirms basic attack detection capabilities.

  • Level 2 PAD: A higher, more robust level of certification that involves more sophisticated attack scenarios and is considered the gold standard for enterprise-grade solutions.

Personal Details Match

The personal information is taken using OCR (optical character recognition) from the identity document. For e-passports, NFC is also used to extract personal information. The details are then checked against the personal details provided by the customer. Ensuring that it is the same person and the cross-referencing with the invite details sent from the portal.