3DiVi sets four-layer defence for face authentication

3DiVi has outlined a four-layer defence approach for organisations using face biometrics in two-factor and multi-factor authentication, as spoofing attempts against remote identity checks increase.

Face-based sign-in has expanded beyond consumer device unlock to include logins and transactions in banking, fintech, government services, and healthcare. That broader adoption has intensified focus on attacks that try to fool systems with photos, masks, replayed video or synthetic media.

3DiVi, a computer vision software developer, groups countermeasures into Presentation Attack Detection (PAD), environmental controls, organisational controls and process management. Together, these layers increase the cost and complexity of fraud.

Presentation Attack Detection (PAD)

The first layer focuses on Presentation Attack Detection (PAD). PAD systems use machine learning to distinguish a live user from an imitation presented to a camera.

3DiVi highlighted liveness detection as a core technique, checking for cues associated with a live person rather than a static image or replayed video.

One method is active checks, in which the system prompts a user to move their head or place an object in front of their face. This can disrupt attacks that rely on pre-recorded content.

Eye-movement tracking adds another test, particularly against recordings where motion does not match a live gaze pattern. 3DiVi also emphasised the use of multiple signals: texture analysis can flag masked materials, while facial-motion analysis can detect unnatural movement.

It also pointed to hybrid approaches that combine automated checks with human review, which are useful in unusual cases such as coercion, where a user may be under pressure. Regular dataset updates and ongoing monitoring of algorithm performance are also needed as attack methods change.

Environmental controls

The second layer shifts attention from the face itself to the conditions around a verification session. Image and video quality is central: low-resolution media can hide artefacts that might indicate an attack.

3DiVi recommends bandwidth checks and minimum quality standards to ensure clearer inputs for decisions. It also proposes using a dedicated authentication app that can verify device integrity and reduce the risk of video injection, in which attackers feed pre-made media into the verification process.

Supporting signals, such as data from a phone accelerometer, can provide context by flagging unusual movement or manipulation during a session.

Metadata analysis rounds out this layer. IP addresses, geolocation, timestamps, and VPN usage can be monitored for patterns that indicate repeated or automated fraud attempts.

Organisational controls

The third layer covers standards, people and oversight. 3DiVi pointed to ISO/IEC 30107, which addresses Presentation Attack Detection, and ISO/IEC 27001 for information security management.

Operator practices are another component. 3DiVi says staff should have the authority to suspend verifications when fraud is suspected. It also suggests randomly assigning verification tasks to reduce predictability, alongside training on fraud tactics and social engineering.

Monitoring operator activity and securing workstations are also part of this layer. 3DiVi also advocates incentives for staff who identify fraud, reflecting the role of human judgment in processes that blend automation with review.

Risk-based planning can help rank threats and adapt controls. 3DiVi also referenced external testing regimes, such as work by the US National Institute of Standards and Technology on 2D facial recognition. It argues the industry lacks a standardised way to evaluate liveness detection against real-world attacks such as photo and video injection.

Process management

The fourth layer addresses the day-to-day operation of remote identity verification. 3DiVi describes a security-by-design approach that treats fraud scenarios as expected events and builds monitoring and testing into operations.

One recommendation is a structured fallback path when facial evidence is insufficient, using alternative documents such as utility bills or bank statements to resolve uncertainty.

The framework also calls for clear responsibilities across users, operators and service providers. It includes real-time interaction, with some checks performed live and others run in the background depending on transaction or onboarding risk.

3DiVi also proposes behavioural checks for signs of coercion or misunderstanding. Session recording can capture video, audio, images and metadata, with storage and handling aligned with GDPR and other privacy requirements.

User-participation measures include requiring applicants to speak or complete actions during verification. Randomised prompts, such as head turns, can make scripted or pre-recorded attacks harder and should be updated as tactics evolve.

It also advocates breakthrough tests, which simulate real attack scenarios to identify weaknesses in both technology and human handling. Such exercises can reveal gaps in operator guidance, escalation paths and technical controls.

3DiVi linked the approach to its product positioning in a statement on where security controls should sit in an authentication system.

Its 3DiVi BAF platform combines face recognition, liveness, and deepfake detection with real-time session monitoring. 3DiVi positioned the four-layer model as a template that organisations can apply and update as face-based authentication expands across regulated and high-risk services.