US
IN
Introduction:
In our rapidly evolving digital landscape, the advent of online transactions and services has irrevocably transformed how we engage in business and interact with organizations. Nevertheless, with the increasing reliance on digital platforms for identity verification and liveness checks, concerns regarding cyber threats have grown proportionately. The discourse surrounding online customer identity verification has never been more relevant, as the risks associated with it, including identity theft and fraud, have reached alarming levels.
It is now imperative for developers to construct identity verification platforms that provide precise liveness verification, effectively counter these threats, and establish a secure and robust online environment.
Understanding Liveness Verification:
Liveness verification entails a system’s capacity to discern whether it is interacting with an actual, physically present human or an impersonator, such as a spam bot, deep fake, or an injected image, utilizing a digital device like a computer or mobile tablet. While liveness verification may involve thwarting physical artifacts from impersonating a human, such as print-out attacks, display devices, or 3D masks, it also extends to detecting and preventing digital assaults like deep fakes, injected images, and Man-in-the-Middle (MITM) attacks.
Banks and other financial institutions have now started onboarding customers using identity verification apps or liveness verification apps. With cyber-crimes on the rise and a whopping 33% of Americans experiencing identity theft once in their lifetime, it is imperative to use identity verification solutions that are built using secure technology.
What is an SDK and API?
To develop a robust identity verification platform, developers commonly opt for an Application Program Interface (API) or Software Development Kit (SDK) to augment their software’s capabilities. Before we explore which is better for a secure image liveness platform, let’s gain insight into the functionalities of each.
SDK (Software Development Kit): An SDK is a comprehensive set of software-building tools encompassing compilers, runtime environments, code libraries, debuggers, and platform-specific documentation. In many instances, SDKs also encompass APIs. SDKs equip developers with everything necessary to create applications tailored to a specific platform.
API (Application Program Interface): On the other hand, an API serves as a software-to-software interface facilitating secure communication between different applications. APIs define the manner in which applications interact, functioning as the bridge between them.
SaaS companies typically offer both SDKs and APIs for integration. Although both SDKs and APIs share the goal of expediting the development lifecycle, significant disparities exist in the capabilities they offer.
| Attribute | Single image passive liveness | Video based passive liveness | Active liveness |
|---|---|---|---|
| End user effort | Zero effort as the image captured for face recognition is used to detect liveness. | Minimal effort as the user has to hold the camera for a period of time while the video is captured. | High effort as the user has to respond to challenges in order to prove their live presence. |
| Drop-off rates | <1% drop-off is observed, as it’s a simple selfie capture. | 3 to 10% drop-off has been observed in typical industry solutions, as users have to hold the camera still for 5-15 seconds. | As high as 50% drop-off rates have been reported by companies using active liveness. lack of comprehension and cognitive load on users lead to high abandonment. |
| User journey time | No latency is added to user journey as same selfie captured for face recognition is used. | ~30 seconds of latency is added, including time to capture the video, and backend processing of the video. | Highly subjective dependent on the gesture/action used. Typically in the range of of 20 seconds to 1 minute. |
In the pursuit of crafting a secure platform, the choice of technology is paramount. Let’s help you understand the differences between API and SDK for liveness verification.
Over numerous use cases we have observed that SDK’s are better suited to solve your problems as compared to APIs.
SDK-Based Liveness Verification for Secure Onboarding
Various forms of identity fraud pervade the digital realm. An SDK-based identity verification solution, such as Hyperverge, stands as a secure and well-equipped shield against such fraudulent activities. Let’s delve into what kind of frauds exist and explore how an SDK-based solution serves as a safeguard.
Image Injection Attacks: Image injection is a ploy employed by fraudsters to illicitly access services using stolen identities or customer photos. The attacker intercepts and manipulates the image displayed on a user’s screen just before it is captured. Typically, the image is substituted with one of another person or a distorted version.
For instance, envision a fraudster attempting to register for a financial account using a digital identity verification system. Instead of submitting a legitimate selfie for facial recognition, they upload a digitally manipulated image of Rohith. The system, lacking rigorous checks, accepts the fraudulent image as valid, leading to the creation of a deceptive account and potential misuse of financial services of Rohit.
SDK-based solutions possess the capability to detect and flag injected images through advanced techniques like anomaly protection and image steganography. For instance, platforms such as the Hyperverge SDK incorporate multi-layer security checks to identify attempts at image injection, capture, and various injection algorithms. In practice, it is exceedingly challenging for attackers to execute image injection without the user’s knowledge, or at least such instances have been exceedingly rare.
Man-in-the-Middle Attacks (MiTM): MiTM attacks are a form of eavesdropping cyberattack where an attacker intercepts and relays messages between two parties without their knowledge, leading them to believe they are interacting directly. MiTM attacks pose a grave security threat, providing the attacker access to personal and sensitive information.
For instance, consider Deepak, who takes pride in his company’s new biometric system incorporating liveness detection via an API for enhanced security. While logging in remotely, the system captures a real-time selfie to verify the user’s presence. Unbeknownst to Deepak, a hacker named Suresh orchestrates a Man-in-the-Middle attack. As Deepak captures his selfie, Suresh intercepts the liveness data, using it to dupe the biometric system into granting access later.
API-based platforms are highly susceptible to such attacks, whereas SDK-based solutions possess the functionality to calculate and cross-verify the signature of the request-response, ensuring that the image or response remains untampered.
Deepfake Attacks: In the wrong hands, any technology can unleash havoc. Deep Fakes represent AI-generated fabricated images, videos, and even audio recordings. These deepfake attacks serve as a prevalent method for perpetrating financial fraud and identity theft. In addition to AI-generated deepfakes, online scammers employ face-swapping techniques, where an individual’s image is substituted with that of another person.
SDK-based liveness verification platforms, such as Hyperverge’s SDK solution, excel in detecting deep fakes by capturing and identifying subtle pixel discrepancies and textural disparities. Advanced platforms excel at discerning the most minute details, including unnatural facial expressions, unconventional hair, distorted facial and bodily contours, irregular face positioning, poor lip syncing, and more.
Shortcomings of APIs in Terms of Security
APIs often lack inherent security measures and cannot address issues like MITM and image injection, rendering them more vulnerable. As per a May 2023 report, over half a billion records were exposed via vulnerable APIs, providing fertile ground for cybercriminals.
Conclusion
In the realm of modern software development, both APIs and SDKs have emerged as indispensable tools. However, when tasked with creating a robust identity verification platform that demands a highly secure and accurate environment, SDKs emerge as the unequivocal victor.
A robust platform like Hyperverge not only furnishes advanced security features but also integrates user-friendly interfaces and workflows, culminating in an exceptional user experience. This makes SDKs the preferred choice for identity verification use cases.
