Imagine opening a bank account from your phone, signing a digital contract with the government, or claiming an online benefit. In all these processes, someone — or something — needs to confirm that you are really you. But there’s a problem: in a world where your photo can be pulled from Instagram in seconds and a deepfake video can be generated in minutes, how do we know that the person in front of the camera is not an impostor holding up a printed picture or playing a prerecorded video?
The answer is called liveness detection, and it is one of the most interesting (and silent) technologies redefining digital identity verification.
The problem nobody saw ten years ago
Facial recognition has existed for decades, but on its own it is naïve: if a system only compares two faces, it can be fooled simply by holding a photo in front of the camera. The same applies to a video played on a tablet, a realistic silicone mask, or more recently, an AI-generated deepfake.
As more services became digital, impersonation attacks steadily increased. Major identity verification industry reports — including Sumsub, Onfido, Veriff, and others — agree that deepfake fraud has evolved from a technical curiosity into one of the fastest-growing threats, especially after the widespread adoption of generative AI models. For banks, fintech companies, and government institutions, this translates into real financial losses and regulatory exposure.
Liveness detection was created to answer one key question: does the face I’m seeing belong to a real, live person who is present right now, or is it only a representation?
How it works: passive vs. active
There are two main approaches, and understanding the difference helps in choosing the right solution.
Active liveness asks the user to do something: blink, smile, turn their head to the left, or read numbers displayed on the screen out loud. It is intuitive and gives users confidence, but it has two disadvantages: it adds friction to the process, and with enough samples, a technically skilled attacker can simulate those gestures using manipulated video.
Passive liveness works without requiring the user to do anything other than look at the camera. Under the surface, AI algorithms analyze skin microtextures, eye reflections, lighting patterns, implicit image depth, and artifacts typical of screens or printed photos. For the user, it feels almost magical: take a selfie and that’s it. For attackers, it is much harder to bypass because they do not know exactly which signals are being measured.
In practice, many modern systems combine both approaches: passive liveness as the foundation and active liveness as a backup for high-risk scenarios.
The technologies behind the curtain
Behind a seemingly simple button (“take your selfie”) lies a sophisticated technology stack:
- Convolutional Neural Networks (CNNs) are trained with millions of examples of real faces and spoofing attacks (photos, screens, masks) to detect patterns invisible to the human eye. The latest models also incorporate vision transformers to capture more complex spatial relationships.
- 3D biometrics use depth cameras or reconstruct facial geometry from multiple frames to verify the existence of real volume. A photo is flat; a human head is not.
- Micro-signal analysis detects subtle indicators such as heart rate through tiny skin color variations (remote photoplethysmography), involuntary micro-movements, or natural camera focus behavior.
- Deepfake detection is a separate and rapidly evolving discipline. It looks for inconsistencies in lip synchronization, unnatural blinking, compression artifacts typical of generative models, or anomalies in eye reflections.
Where it is being used today?
The most visible use case is banking KYC (“Know Your Customer”). When a fintech allows you to open an account in five minutes from your phone, a liveness detection process is running in the background, comparing your face with your identity document and verifying that you are truly present. Without this layer, fully digital banking would not be viable.
In government services, an increasing number of procedures — license renewals, document signing, access to citizen portals — use liveness detection to prevent identity impersonation. Countries such as Estonia, Singapore, Mexico, Colombia, and Argentina already include it in their digital identity ecosystems.
In insurance and healthcare, the technology is used to authorize claims, telemedicine services, and policy signatures. In human resources, it validates identity during remote hiring. In education, it verifies the identity of students taking online exams.
What comes next
Three trends will shape the coming years.
First, the race between deepfake generators and detectors will intensify: every advancement in generative AI requires a more sophisticated countermeasure.
Second, regulatory standards — such as ISO/IEC 30107 for Presentation Attack Detection — will become mandatory in regulated industries.
Third, the user experience will become increasingly invisible: the goal is for users to simply look at the camera while everything else happens within milliseconds.
Liveness detection is one of those technologies that, when it works well, nobody notices. Yet it is what allows the digital economy to function with trust: enabling loans without physical branches, procedures without lines, and electronic signatures that truly identify the signer.
At Arkkosoft, we believe that secure digital identity is not a technical luxury — it is the foundation upon which any trustworthy online service must be built. And verifying that there is a real person on the other side of the screen — not a photo, not a video, not a deepfake — is where that trust begins.
