by Kevin Hung, Director of Field Application Engineers NEXT Biometrics.
Digital identity has become foundational to services, including financial services, healthcare and social benefit programs. As these systems rely on sensitive personal data, governed by stringent data protection laws, maintaining trust in biometric verification is paramount.
Biometric liveness detection plays a critical role in distinguishing between genuine users and spoofing attempts – global adoption is accelerating, with the face liveness detection market alone projected to exceed $250 million by 2027.
The risk of biometric spoofing
Biometric authentication solutions have evolved beyond simply matching a biometric sample to an image template. As attacks become more sophisticated, systems must determine whether a biometric sample originates from a genuine human presence.
These presentation attacks vary in complexity and scale, from small-scale attempts using easily produced replicas, to advanced injection-style approaches designed to trigger false positives.
Countermeasures analyze skin temperature, moisture, texture, and electrical properties to distinguish live inputs from artificial ones.
As digital identity becomes embedded in payments, public services and cross-border systems, the risks of exploitation increase. For example, the EU’s Biometric Entry / Exit System (EES) implemented in October 2025, requires non-EU citizens’ scanned fingerprints and facial images to be taken at border checkpoints. In this context, any exploited weakness in biometric systems can have systemic repercussions.
Starting point – standards and definitions
Biometric systems are governed by standardized testing and certifications. Anti-spoofing biometric sensors must comply with ISO / IEC 30107, defining the international framework for Presentation Attack Detection (PAD). This framework categorizes and assesses spoofing attempts, enabling systems to be designed and evaluated against known attack vectors.
However, compliance to standards such as ISO/IEC 30107 alone does not guarantee resilience, with this deliberately avoiding prescribing detection techniques, encouraging innovation whilst requiring vendors and deployers to implement robust, multi-layered defenses.
Where does liveness detection fit in the attack chain?
Spoof fingerprint data can be collected in several ways. From removing latent prints from the sensor itself, to lifting the print from surfaces like glass.
Biometric spoofing occurs when a fraudulent biometric trait is presented to deceive the system. Liveness detection extends PAD by analyzing whether the fingerprint originates from a living human rather than a synthetic or manipulated replica.
A range of materials can be used to create these replicas, including:
- Silicone
- Play-Doh
- Gelatine
- White glue
- Latex
Without effective liveness detection, even high-quality sensors can be bypassed if the spoof is sufficiently realistic, allowing matching algorithms to produce false positives.
Hardware + software = strong liveness detection
Leading biometric authentication technologies combine advanced sensors with sophisticated algorithms to strengthen liveness protection and attack resistance.
Sensors measure physical characteristics that are difficult to replicate, such as thermal response and electrical conductivity at contact, critically improving verification.
By analyzing fingerprint ridges and heat transfer, sensors can detect live human fingerprints more accurately. This combination raises the barrier for attackers, as most synthetic materials cannot replicate the heat transfer properties of a real human finger, eliminating simple spoofs such as rubber replicas. Latent prints are analyzed through template matching, with the most recent template stored in non-volatile memory. Plausibility checks then prevent replay or injection-style attacks.
Combined with anti-spoofing software and sophisticated algorithms, sensors deliver an effective solution against spoofing techniques.
A layered approach to biometric verification
Biometric authentication is now embedded in everyday consumer services and critical national infrastructure. As spoofing capabilities advance, robust liveness detection is essential, and organizations must treat liveness detection as a core design requirement.
By combining physical heat sensing techniques with PAD algorithms and software-based liveness detection, system providers can deliver resilient, future-proof authentication solutions, maintaining security, trust, and scalability over time.
A layered approach to biometric verification
Biometric authentication is embedded in consumer services and critical national infrastructure. As spoofing capabilities advance, robust liveness detection is essential, and organizations must treat liveness detection as a core requirement to maintain security and trust.
About the author:
Kevin Hung, Director of Field Application Engineers NEXT Biometrics – has over 11 years experience in semiconductor product and testing across Teradyne and ChipMOS. His expertise spans mobile device technology, semiconductor development and product analysis, with global experience across the US, Europe and Asia.
