liveness – Page 2 – Bredemarket

“Somewhat You Why,” and Whether Deepfakes are Evil or Good or Both

I debated whether or not I should publish this because it touches upon two controversial topics: U.S. politics, and my proposed sixth factor of authentication.

I eventually decided to share it on the Bredemarket blog but NOT link to it or quote it on my socials.

Although I could change my mind later.

Are deepfakes bad?

When I first discussed deepfakes in June 2023, I detailed two deepfake applications.

One deepfake was an audio-video creation purportedly showing Richard Nixon paying homage to the Apollo 11 astronauts who were stranded on the surface of the moon.

Of course, no Apollo 11 astronauts were ever stranded on the surface of the moon; Neil Armstrong and Buzz Aldrin returned to Earth safely.
So Nixon never had to pay homage to them, although William Safire wrote a speech as a contingency.
This deepfake is not in itself bad, unless it is taught in a history course as true history about “the failure of the U.S. moon program.” (The Apollo program had a fatal catastrophe, but not involving Apollo 11.)

The other deepfake was more sinister.

In early 2020, a branch manager of a Japanese company in Hong Kong received a call from a man whose voice he recognized—the director of his parent business. The director had good news: the company was about to make an acquisition, so he needed to authorize some transfers to the tune of $35 million….The manager, believing everything appeared legitimate, began making the transfers.

Except that the director wasn’t the director, and the company had just been swindled to the tune of $35 million.

I think everyone knows now that deepfakes can be used for bad things. So we establish standards to determine “content provenance and authenticity,” which is a fancy way to say whether content is real or a deepfake.

In addition to establishing standards, we do a lot of research to counter deepfakes, because they are bad.

Or are they?

What the National Science Foundation won’t do

Multiple sources, including both Nextgov and Biometric Update, are reporting on the cancellation of approximately 430 grants from the National Science Foundation. Among these grants are ones for deepfake research.

Around 430 federally-funded research grants covering topics like deepfake detection, artificial intelligence advancement and the empowerment of marginalized groups in scientific fields were among several projects terminated in recent days following a major realignment in research priorities at the National Science Foundation.

As you can probably guess, the cancellation of these grants is driven by the Trump Administration and the so-called Department of Government Efficiency (DOGE).

Why?

Because freedom:

Per the Presidential Action announced January 20, 2025, NSF will not prioritize research proposals that engage in or facilitate any conduct that would unconstitutionally abridge the free speech of any American citizen. NSF will not support research with the goal of combating “misinformation,” “disinformation,” and “malinformation” that could be used to infringe on the constitutionally protected speech rights of American citizens across the United States in a manner that advances a preferred narrative about significant matters of public debate.

The NSF argues that a person’s First Amendment rights permit them, I mean permit him, to share content without having the government prevent its dissemination by tagging it as misinformation, disinformation, or malinformation.

And it’s not the responsibility of the U.S. Government to research creation of so-called misinformation content. Hence the end of funding for deepfake research.

So deepfakes are good because they’re protected by the First Amendment.

But wait a minute…

Just because the U.S. Government doesn’t like it when patriotic citizens are censored from distributing deepfake videos for political purposes, that doesn’t necessarily mean that the U.S. Government objects to ALL deepfakes.

For example, let’s say that a Palm Beach, Florida golf course receives a video message from Tiger Woods reserving a tee time and paying a lot of money to reserve the tee time. The golf course doesn’t allow anyone to book a tee time and waits for Tiger’s wire transfer to clear. After the fact, the golf course discovers that (a) the money was wired from a non-existent account, and (b) the person making the video call was not Tiger Woods, but a faked version of him.

I don’t think anyone in the U.S. Government or DOGE thinks that ripping off a Palm Beach, Florida golf course is a legitimate use of First Amendment free speech rights.

So deepfakes are bad because they lead to banking fraud and other forms of fraud.

This is not unique to deepfakes, but is also true of many other technologies. Nuclear technology can provide energy to homes, or it can kill people. Facial recognition (of real people) can find missing and abducted persons, or it can send Chinese Muslims to re-education camps.

Let’s go back to factors of authentication and liveness detection

Now let’s say that Tiger Woods’ face shows up on YOUR screen. You can use liveness detection and other technologies to determine whether it is truly Tiger Woods, and take action accordingly.

If the interaction with Woods is trivial, you may NOT want to spend time and resources to perform a robust authentication.
If the interaction with Woods is critical, you WILL want to perform a robust authentication.

It all boils down to something that I’ve previously called “somewhat you why.”

Why is Tiger Woods speaking?

If Tiger Woods is performing First Amendment-protected activity such as political talk, then “somewhat you why” asserts that whether this is REALLY Woods or not doesn’t matter.
If Tiger Woods is making a financial transaction with a Palm Beach, Florida golf course, then “somewhat you why” asserts that you MUST determine if this is really Woods.

It’s simple…right?

What about your deepfake solution?

Regardless of federal funding, companies are still going to offer deepfake detection products. Perhaps yours is one of them.

How will you market that product?

Do you have the resources to market your product, or are your resources already stretched thin?

If you need help with your facial recognition product marketing, Bredemarket has an opening for a facial recognition client. I can offer

compelling content creation
winning proposal development
actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

(Lincoln’s laptop from Imagen 3)

Wanted Dead or Live

The 2nd Amendment Zone in Upland, California offers livescan fingerprinting services, presumably for both federal and state purposes.

Although I don’t know if their machines work after you have been fatally shot. There’s a reason why they call it liveness detection.

Jobseekers and Know Your (Fill in the Blank)

I’ve noticed that my LinkedIn posts on jobseeking perform much better than my LinkedIn posts on the technical intricacies of multifactor identity verification.

But maybe I can achieve both mass appeal and niche engagement.

Private Equity Talent Hunt and Emma Emily

A year ago I reposted something on LinkedIn about a firm called Private Equity Talent Hunt (among other names). As Shelly Jones originally explained, their business model is to approach a jobseeker about an opportunity, ask for a copy of the jobseeker’s resume, and then spring the bad news that the resume is not “ATS friendly” but can be fixed…for a fee.

The repost has garnered over 20,000 impressions and over 200 comments—high numbers for me.

It looks like a lot of people are encountering Jennifer Cona, Elizabeth Vardaman, Sarah Williams, Jessica Raymond, Emily Newman, Emma Emily (really), and who knows how many other recruiters…

…who say they work at Private Equity Talent Hunt, Private Equity Recruiting Firm, Private Equity Talent Seek, and who knows how many other firms.

If only there were a way to know if you’re communicating with a real person, at a real business.

Actually, there is.

Know Your Customer and Business

As financial institutions and other businesses have known for years, there are services such as “Know Your Customer” and “Know Your Business” that organizations can use.

KYC and KYB let companies make sure they’re dealing with real people, and that the business is legitimate and not a front for another company—or for a drug cartel or terrorist organization.

So if a company is approached by Emma Emily at Private Equity Talent Hunt, what do they need to do?

The first step is to determine whether Emma Emily is a real person and not a synthetic identity. You can use a captured facial image, analyzed by liveness detection, coupled with a valid government ID, and possibly supported by home ownership information, utility bills, and other documentation.

If there is no Emma Emily, you can stop there.

But if Emma Emily is a real person, you can check her credentials. Where is she employed today? Where was she employed before? What are her post secondary degrees? What does her LinkedIn profile say? If her previous job was as a jewelry designer and her Oxford degree was in nuclear engineering, Emma Emily sounds risky.

And you can also check the business itself, such as Private Equity Talent Hunt. Check their website, business license, LinkedIn profile, and everything else about the firm.

But I’m not a business!

OK, I admit there’s an issue here.

There are over 100 businesses that provide identity verification services, and many of them provide KYC and KYB.

To other businesses.

Very few people purchase KYC and KYB per se for personal use.

So you have to improvise.

Ask Emma Emily some tough questions.

Ask her about the track record of her employer.

And if Emma Emily claims to be a recruiter for a well-known company like Amazon, ask for her corporate email address.

(Image from Microsoft Copilot)

How Much Does Synthetic Identity Fraud Cost?

Synthetic identity making an online purchase.

Identity firms really hope that prospects understand the threat posed by synthetic identity fraud, or SIF.

I’m here to help.

(Synthetic identity AI image from Imagen 3.)

Estimated SIF costs in 2020

In an early synthetic identity fraud post in 2020, I referenced a Thomson Reuters (not Thomas Reuters) article from that year which quoted synthetic identity fraud figures all over the map.

My own post referenced the Auriemma Group estimate of a $6 billion cost to U.S. lenders.
McKinsey preferred to use a percentage estimate of “10–15% of charge offs in a typical unsecured lending portfolio.” However, this may not be restricted to synthetic identity fraud, but may include other types of fraud.
Thomson Reuters quoted Socure’s Johnny Ayers, who estimated that “20% of credit losses stem from synthetic identity fraud.”

Oh, and a later post that I wrote quoted a $20 billion figure for synthetic identity fraud losses in 2020. Plus this is where I learned the cool acronym “SIF” to refer to synthetic identity fraud. As far as I know, there is no government agency with the acronym SIF, which would of course cause confusion. (There was a Social Innovation Fund, but that may no longer exist in 2025.)

Never Search Alone, not National Security Agency. AI image from Imagen 3.

Back to synthetic identity fraud, which reportedly resulted in between $6 billion and $20 billion in losses in 2020.

Estimated SIF costs in 2025

But that was 2020.

What about now? Let’s visit Socure again:

The financial toll of AI-driven fraud is staggering, with projected global losses reaching $40 billion by 2027 up from US12.3 billion in 2023 (CAGR 32%)., driven by sophisticated fraud techniques and automation, such as synthetic identities created with AI tools.

Again this includes non-synthetic fraud, but it’s a good number for the high end. While my FTC fraud post didn’t break out synthetic identity fraud figures, Plaid cited a 2023 $1.8 billion figure for the auto industry alone, and Mastercard cited a $5 billion figure.

But everyone agrees on a figure of billions and billions.

The real Carl Sagan.

The deepfake Carl Sagan.

(I had to stop writing this post for a minute because I received a phone call from “JP Morgan Chase,” but the person didn’t know who they were talking to, merely asking for the owner of the phone number. Back to fraud.)

Reducing SIF in 2025

In a 2023 post, I cataloged four ways to fight synthetic identity fraud:

Private databases.
Government documents.
Government databases.
A “who you are” test with facial recognition and liveness detection (presentation attack detection).

Ideally an identity verification solution should use multiple methods, and not just one. It doesn’t do you any good to forge a driver’s license if AAMVA doesn’t know about the license in any state or provincial database.

And if you need an identity content marketing expert to communicate how your firm fights synthetic identities, Bredemarket can help with its content-proposal-analysis services.

Find out more about Bredemarket’s “CPA” services.

More on Injection Attack Detection

(Injection attack syringe image from Imagen 3)

Not too long after I shared my February 7 post on injection attack detection, Biometric Update shared a post of its own, “Veridas introduces new injection attack detection feature for fraud prevention.”

I haven’t mentioned VeriDas much in the Bredemarket blog, but it is one of the 40+ identity firms that are blogging. In Veridas’ case, in English and Spanish.

And of course I referenced VeriDas in my February 7 post when it defined the difference between presentation attack detection and injection attack detection.

Biometric Update played up this difference:

To stay ahead of the curve, Spanish biometrics company Veridas has introduced an advanced injection attack detection capability into its system, to combat the growing threat of synthetic identities and deepfakes….

Veridas says that standard fraud detection only focuses on what it sees or hears – for example, face or voice biometrics. So-called Presentation Attack Detection (PAD) looks for fake images, videos and voices. Deepfake detection searches for the telltale artifacts that give away the work of generative AI.

Neither are monitoring where the feed comes from or whether the device is compromised.

I can revisit the arguments about whether you should get PAD and…IAD?…from the same vendor, or whether you should get best in-class solutions to address each issue separately.

But they need to be addressed.

Age By Gesture?

(Churchill image public domain)

And I thought tongue identification was weird.

Biometric Update reported that the Australian government is evaluating a solution that estimates age by gestures.

At first thought I didn’t get it. Holding two fingers up in the air could be a 1960s peace hand gesture or a 1940s victory hand gesture.

Obviously I needed to give this a second thought. So I went to Needemand’s page for BorderAge. This is what I found.

« L’internaute doit simplement effectuer 3 mouvements de la main et l’avant-bras devant la caméra de son écran (ordinateur, tablette, smartphone). En quelques secondes, il/elle vérifie son âge sans dévoiler son identité. »

Help me, Google Translate; you’re my only hope.

“The Internet user simply has to make 3 movements of the hand and forearm in front of the camera on their screen (computer, tablet, smartphone). In a few seconds, he/she verifies his/her age without revealing his/her identity.”

The method is derived from a 1994 scientific paper entitled “Rapid aimed limb movements: Age differences and practice effects in component submovements.” The abstract of the paper reads as follows:

“Two experiments are reported in which younger and older adults practiced rapid aimed limb movements toward a visible target region. Ss were instructed to make the movements as rapidly and as accurately as possible. Kinematic details of the movements were examined to assess the differences in component submovements between the 2 groups and to identify changes in the movements due to practice. The results revealed that older Ss produced initial ballistic submovements that had the same duration but traveled less far than those of younger Ss. Additionally, older Ss produced corrective secondary submovements that were longer in both duration and distance than those of the younger subjects. With practice, younger Ss modified their submovements, but older Ss did not modify theirs even after extensive practice on the task. The results show that the mechanisms underlying movements of older adults are qualitatively different from those in younger adults.”

So what does this mean? Needemand has a separate BorderAge website—thankfully in English—that illustrates the first part of the user instructions.

I don’t know what happens after that, but the process definitely has an “active liveness” vibe, except instead of proving you’re real, you’re proving you’re old, or old enough.

Now I’m not sure if the original 1994 study results were ever confirmed across worldwide populations. But it wouldn’t be the first scheme that is unproven. Do we KNOW that fingerprints are unique?

Another question I have regards the granularity of the age estimation solution. Depending upon your use case and jurisdiction, you may have to show that your age is 13, 16, 18, 21, or 25. Not sure if BorderAge gets this granular.

But if you want a way to estimate age and preserve anonymity (the solution blocks faces and has too low of a resolution to capture friction ridges), BorderAge may fit the bill.

Injection Attack Detection

(Injection attack syringe image from Imagen 3)

Having realized that I have never discussed injection attacks on the Bredemarket blog, I decided I should rectify this.

Types of attacks

When considering falsifying identity verification or authentication, it’s helpful to see how VeriDas defines two different types of falsification:

Presentation Attacks: These involve an attacker presenting falsified evidence directly to the capture device’s camera. Examples include using photocopies, screenshots, or other forms of impersonation to deceive the system.

Injection Attacks: These are more sophisticated, where the attacker introduces false evidence directly into the system without using the camera. This often involves manipulating the data capture or communication channels.

To be honest, most of my personal experience involves presentation attacks, in which the identity verification/authentication system remains secure but the information, um, presented to it is altered in some way. See my posts on Vision Transformer (ViT) Models and NIST IR 8491.

By JamesHarrison – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=4873863.

Injection attacks and the havoc they wreak

In an injection attack, the identity verification/authentication system itself is compromised. For example, instead of taking its data from the camera, data from some other source is, um, injected so that it look like it came from the camera.

Incidentally, I should tangentially note that injection attacks greatly differ from scraping attacks, in which content from legitimate blogs is stolen and injected into scummy blogs that merely rip off content from their original writers. Speaking for myself, it is clear that this repurpose is not an honorable practice.

Note that injection attacks don’t only affect identity systems, but can affect ANY computer system. SentinelOne digs into the different types of injection attacks, including manipulation of SQL queries, cross-site scripting (XSS), and other types. Here’s an example from the health world that is pertinent to Bredemarket readers:

In May 2024, Advocate Aurora Health, a healthcare system in Wisconsin and Illinois, reported a data breach exposing the personal information of 3 million patients. The breach was attributed to improper use of Meta Pixel on the websites of the provider. After the breach, Advocate Health was faced with hefty fines and legal battles resulting from the exposure of Protected Health Information(PHI).

Returning to the identity sphere, Mitek Systems highlights a common injection.

Deepfakes utilize AI and machine learning to create lifelike videos of real people saying or doing things they never actually did. By injecting such videos into a system’s feed, fraudsters can mimic the appearance of a legitimate user, thus bypassing facial recognition security measures.

Again, this differs from someone with a mask getting in front of the system’s camera. Injections bypass the system’s camera.

Fight back, even when David Horowitz isn’t helping you

Do how do you detect that you aren’t getting data from the camera or capture device that is supposed to be providing it? Many vendors offer tactics to attack the attackers; here’s what ID R&D (part of Mitek Systems) proposes.

These steps include creating a comprehensive attack tree, implementing detectors that cover all the attack vectors, evaluating potential security loopholes, and setting up a continuous improvement process for the attack tree and associated mitigation measures.

And as long as I’m on a Mitek kick, here’s Chris Briggs telling Adam Bacia about how injection attacks relate to everything else.

From https://www.youtube.com/watch?v=ZXBHlzqtbdE.

As you can see, the tactics to fight injection attacks are far removed from the more forensic “liveness” procedures such as detecting whether a presented finger is from a living breathing human.

Presentation attack detection can only go so far.

Injection attack detection is also necessary.

So if you’re a company guarding against spoofing, you need someone who can create content, proposals, and analysis that can address both biometric and non-biometric factors.

Learn how Bredemarket can help.

CPA

Not that I’m David Horowitz, but I do what I can. As did David Horowitz’s producer when he was threatened with a gun. (A fake gun.)

From https://www.youtube.com/watch?v=ZXP43jlbH_o.

(February 2026: Independent testing of the capability to withstand injection attacks)

Reasonable Minds Vehemently Disagree On Three Biometric Implementation Choices

(Part of the biometric product marketing expert series)

There are a LOT of biometric companies out there.

The Prism Project’s home page at https://www.the-prism-project.com/, illustrating the Biometric Digital Identity Prism as of March 2024. From Acuity Market Intelligence and FindBiometrics.

With over 100 firms in the biometric industry, their offerings are going to naturally differ—even if all the firms are TRYING to copy each other and offer “me too” solutions.

Will Ferrell and Chad Smith, or maybe vice versa. Fair use. From https://www.billboard.com/music/music-news/will-ferrell-chad-smith-red-hot-benefit-chili-peppers-6898348/, originally from NBC.

I’ve worked for over a dozen biometric firms as an employee or independent contractor, and I’ve analyzed over 80 biometric firms in competitive intelligence exercises, so I’m well aware of the vast implementation differences between the biometric offerings.

Some of the implementation differences provoke vehement disagreements between biometric firms regarding which choice is correct. Yes, we FIGHT.

MMA stands for Messy Multibiometric Authentication. Public Domain, https://commons.wikimedia.org/w/index.php?curid=607428

Let’s look at three (out of many) of these implementation differences and see how they affect YOUR company’s content marketing efforts—whether you’re engaging in identity blog post writing, or some other content marketing activity.

The three biometric implementation choices

Firms that develop biometric solutions make (or should make) the following choices when implementing their solutions.

Presentation attack detection. Assuming the solution incorporates presentation attack detection (liveness detection), or a way of detecting whether the presented biometric is real or a spoof, the firm must decide whether to use active or passive liveness detection.
Age assurance. When choosing age assurance solutions that determine whether a person is old enough to access a product or service, the firm must decide whether or not age estimation is acceptable.
Biometric modality. Finally, the firm must choose which biometric modalities to support. While there are a number of modality wars involving all the biometric modalities, this post is going to limit itself to the question of whether or not voice biometrics are acceptable.

I will address each of these questions in turn, highlighting the pros and cons of each implementation choice. After that, we’ll see how this affects your firm’s content marketing.

Choice 1: Active or passive liveness detection?

From https://www.nist.gov/news-events/news/2023/09/whats-wrong-picture-nist-face-analysis-program-helps-find-answers

Back in June 2023 I defined what a “presentation attack” is.

(I)nstead of capturing a true biometric from a person, the biometric sensor is fooled into capturing a fake biometric: an artificial finger, a face with a mask on it, or a face on a video screen (rather than a face of a live person).

This tomfoolery is called a “presentation attack” (becuase you’re attacking security with a fake presentation).

Then I talked about standards and testing.

From https://www.iso.org/standard/79520.html.

But the standards folks have developed ISO/IEC 30107-3:2023, Information technology — Biometric presentation attack detection — Part 3: Testing and reporting.

And an organization called iBeta is one of the testing facilities authorized to test in accordance with the standard and to determine whether a biometric reader can detect the “liveness” of a biometric sample.

(Friends, I’m not going to get into passive liveness and active liveness. That’s best saved for another day.)

Well…that day is today.

By Rawpixel.com – https://pxhere.com/en/photo/1456377, CC0, https://commons.wikimedia.org/w/index.php?curid=79549317

A balanced assessment

Now I could cite a firm using active liveness detection to say why it’s great, or I could cite a firm using passive liveness detection to say why it’s great. But perhaps the most balanced assessment comes from facia, which offers both types of liveness detection. How does facia define the two types of liveness detection?

Active liveness detection, as the name suggests, requires some sort of activity from the user. If a system is unable to detect liveness, it will ask the user to perform some specific actions such as nodding, blinking or any other facial movement. This allows the system to detect natural movements and separate it from a system trying to mimic a human being….

Passive liveness detection operates discreetly in the background, requiring no explicit action from the user. The system’s artificial intelligence continuously analyses facial movements, depth, texture, and other biometric indicators to detect an individual’s liveness.

Pros and cons

Briefly, the pros and cons of the two methods are as follows:

While active liveness detection offers robust protection, requires clear consent, and acts as a deterrent, it is hard to use, complex, and slow.
Passive liveness detection offers an enhanced user experience via ease of use and speed and is easier to integrate with other solutions, but it incorporates privacy concerns (passive liveness detection can be implemented without the user’s knowledge) and may not be used in high-risk situations.

So in truth the choice is up to each firm. I’ve worked with firms that used both liveness detection methods, and while I’ve spent most of my time with passive implementations, the active ones can work also.

A perfect wishy-washy statement that will get BOTH sides angry at me. (Except perhaps for companies like facia that use both.)

Choice 2: Age estimation, or no age estimation?

There are a lot of applications for age assurance, or knowing how old a person is. These include smoking tobacco or marijuana, buying firearms, driving a car, drinking alcohol, gambling, viewing adult content, using social media, or buying garden implements.

If you need to know a person’s age, you can ask them. Because people never lie.

Well, maybe they do. There are two better age assurance methods:

Age verification, where you obtain a person’s government-issued identity document with a confirmed birthdate, confirm that the identity document truly belongs to the person, and then simply check the date of birth on the identity document and determine whether the person is old enough to access the product or service.
Age estimation, where you don’t use a government-issued identity document and instead examine the face and estimate the person’s age.

I changed my mind on age estimation

I’ve gone back and forth on this. As I previously mentioned, my employment history includes time with a firm produces driver’s licenses for the majority of U.S. states. And back when that firm was providing my paycheck, I was financially incentivized to champion age verification based upon the driver’s licenses that my company (or occasionally some inferior company) produced.

But as age assurance applications moved into other areas such as social media use, a problem occurred since 13 year olds usually don’t have government IDs. A few of them may have passports or other government IDs, but none of them have driver’s licenses.

By Adrian Pingstone – Transferred from en.wikipedia, Public Domain, https://commons.wikimedia.org/w/index.php?curid=112727.

Pros and cons

But does age estimation work? I’m not sure if ANYONE has posted a non-biased view, so I’ll try to do so myself.

The pros of age estimation include its applicability to all ages including young people, its protection of privacy since it requires no information about the individual identity, and its ease of use since you don’t have to dig for your physical driver’s license or your mobile driver’s license—your face is already there.
The huge con of age estimation is that it is by definition an estimate. If I show a bartender my driver’s license before buying a beer, they will know whether I am 20 years and 364 days old and ineligible to purchase alcohol, or whether I am 21 years and 0 days old and eligible. Estimates aren’t that precise.

How precise is age estimation? We’ll find out soon, once NIST releases the results of its Face Analysis Technology Evaluation (FATE) Age Estimation & Verification test. The release of results is expected in early May.

Choice 3: Is voice an acceptable biometric modality?

From Sandeep Kumar, A. Sony, Rahul Hooda, Yashpal Singh, in Journal of Advances and Scholarly Researches in Allied Education | Multidisciplinary Academic Research, “*Multimodal Biometric Authentication System for Automatic Certificate Generation*.”

Fingerprints, palm prints, faces, irises, and everything up to gait. (And behavioral biometrics.) There are a lot of biometric modalities out there, and one that has been around for years is the voice biometric.

I’ve discussed this topic before, and the partial title of the post (“We’ll Survive Voice Spoofing”) gives away how I feel about the matter, but I’ll present both sides of the issue.

White House photo by Kimberlee Hewitt – whitehouse.gov, President George W. Bush and comedian Steve Bridges, Public Domain, https://commons.wikimedia.org/w/index.php?curid=3052515

No one can deny that voice spoofing exists and is effective, but many of the examples cited by the popular press are cases in which a HUMAN (rather than an ALGORITHM) was fooled by a deepfake voice. But voice recognition software can also be fooled.

(Incidentally, there is a difference between voice recognition and speech recognition. Voice recognition attempts to determine who a person is. Speech recognition attempts to determine what a person says.)

Finally facing my Waterloo

Take a study from the University of Waterloo, summarized here, that proclaims: “Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries.”

If you re-read that sentence, you will notice that it includes the words “up to.” Those words are significant if you actually read the article.

In a recent test against Amazon Connect’s voice authentication system, they achieved a 10 per cent success rate in one four-second attack, with this rate rising to over 40 per cent in less than thirty seconds. With some of the less sophisticated voice authentication systems they targeted, they achieved a 99 per cent success rate after six attempts.

Other voice spoofing studies

Similar to Gender Shades, the University of Waterloo study does not appear to have tested hundreds of voice recognition algorithms. But there are other studies.

The 2021 NIST Speaker Recognition Evaluation (PDF here) tested results from 15 teams, but this test was not specific to spoofing.
A test that was specific to spoofing was the ASVspoof 2021 test with 54 team participants, but the ASVspoof 2021 results are only accessible in abstract form, with no detailed results.
Another test, this one with results, is the SASV2022 challenge, with 23 valid submissions. Here are the top 10 performers and their error rates.

From https://sasv-challenge.github.io/challenge_results/.

You’ll note that the top performers don’t have error rates anywhere near the University of Waterloo’s 99 percent.

So some firms will argue that voice recognition can be spoofed and thus cannot be trusted, while other firms will argue that the best voice recognition algorithms are rarely fooled.

What does this mean for your company?

Obviously, different firms are going to respond to the three questions above in different ways.

For example, a firm that offers face biometrics but not voice biometrics will convey how voice is not a secure modality due to the ease of spoofing. “Do you want to lose tens of millions of dollars?”
A firm that offers voice biometrics but not face biometrics will emphasize its spoof detection capabilities (and cast shade on face spoofing). “We tested our algorithm against that voice fake that was in the news, and we detected the voice as a deepfake!”

There is no universal truth here, and the message your firm conveys depends upon your firm’s unique characteristics.

And those characteristics can change.

Once when I was working for a client, this firm had made a particular choice with one of these three questions. Therefore, when I was writing for the client, I wrote in a way that argued the client’s position.
After I stopped working for this particular client, the client’s position changed and the firm adopted the opposite view of the question.
Therefore I had to message the client and say, “Hey, remember that piece I wrote for you that said this? Well, you’d better edit it, now that you’ve changed your mind on the question…”

Bear this in mind as you create your blog, white paper, case study, or other identity/biometric content, or have someone like the biometric content marketing expert Bredemarket work with you to create your content. There are people who sincerely hold the opposite belief of your firm…but your firm needs to argue that those people are, um, misinformed.

Drive content results with Bredemarket Identity Firm Services.

And as a postscript I’ll provide two videos that feature voices. The first is for those who detected my reference to the ABBA song “Waterloo.”

From https://www.youtube.com/watch?v=4XJBNJ2wq0Y.

The second features the late Steve Bridges as President George W. Bush at the White House Correspondents Dinner.

From https://www.youtube.com/watch?v=u5DpKjlgoP4.

Does Your Gardening Implement Company Require Age Assurance?

Age assurance shows that a customer meets the minimum age for buying a product or service.

I thought I knew every possible use case for age assurance—smoking tobacco or marijuana, buying firearms, driving a car, drinking alcohol, gambling, viewing adult content, or using social media.

But after investigating a product featured in Cultivated Cool, I realized that I had missed one use case. Turns out that there’s another type of company that needs age assurance…and a way to explain the age assurance method the company adopts.

Off on a tangent: what is Cultivated Cool?

Psst…don’t tell anyone what you’re about to read.

The so-called experts say that a piece of content should only have one topic and one call to action. Well, it’s Sunday so hopefully the so-called experts are taking a break and will never see the paragraphs below.

This is my endorsement for Cultivated Cool. Its URL is https://cultivated.cool/, which I hope you can remember.

Cultivated Cool self-identifies as “(y)our weekly guide to the newest, coolest products you didn’t know you needed.” Concentrating on the direct-to-consumer (DTC or D2C) space, Cultivated Cool works with companies to “transform (their) email marketing from a chore into a revenue generator.” And to prove the effectiveness of email, it offers its own weekly email that highlights various eye-catching products. But not trendy ones:

Trends come and go but cool never goes out of style.
From https://cultivated.cool/.

Bredemarket isn’t a prospect for Cultivated Cool’s first service—my written content creation is not continuously cool. (Although it’s definitely not trendy either). But I am a consumer of Cultivated Cool’s weekly emails, and you should subscribe to its weekly emails also. Enter your email and click the “Subscribe” button on Cultivated Cool’s webpage.

And Cultivated Cool’s weekly emails lead me to the point of this post.

The day that Stella sculpted air

Today’s weekly newsletter issue from Cultivated Cool is entitled “Dig It.” But this has nothing to do with the Beatles or with Abba. Instead it has to do with gardening, and the issue tells the story of Stella, in five parts. The first part is entitled “Snip it in the Bud,” and begins as follows.

Stella felt a shiver go down her spine the first time the pruner blades closed. She wasn’t just cutting branches; she was sculpting air.
From https://cultivated.cool/dig-it/.

The pruner blades featured in Cultivated Cool are sold by Niwaki, an English company that offers Japanese-inspired products. As I type this, Niwaki offers 18 different types of secateurs (pruning shears), including large hand, small hand, right-handed, and left-handed varieties. You won’t get these at your dollar store; prices (excluding VAT) range from US$45.50 to US$280.50 (Tobisho Hiryu Secateurs).

From https://www.niwaki.com/tobisho-hiryu-secateurs/#P00313-1.

Stella, how old are you?

But regardless of price, all the secateurs sold by Niwaki have one thing in common: an age restriction on purchases. Not that Niwaki truly enforces this restriction.

Please note: By law, we are not permitted to sell a knife or blade to any person under the age of 18. By placing an order for one of these items you are declaring that you are 18 years of age or over. These items must be used responsibly and appropriately.
From https://www.ni w aki.com/tobisho-hiryu-secateurs/#P00313-1.

That’s the functional equivalent of the so-called age verification scheme used on some alcohol websites.

I hope you’re sitting down as I reveal this to you: underage people can bypass the age assurance scheme on alcohol websites by inputting any year of birth that they wish. Just like anyone, even a small child, can make any declaration of age that they want, as long as their credit card is valid.

Now I have no idea whether Ofcom’s UK Online Safety Act consultations will eventually govern Niwaki’s sales of adult-controlled physical products. But if Niwaki finds itself under the UK Online Safety Act, or some other act in the United Kingdom or any country where Niwaki conducts business, then a simple assurance that the purchaser is old enough to buy “a knife or blade” will not be sufficient.

Niwaki’s website would then need to adopt some form of age assurance for purchasers, either by using a government-issued identification document (age verification) or examining the face to algorithmically surmise the customer’s age (age estimation).

Age verification. For example, the purchaser would need to provide their government-issued identity document so that the seller can verify the purchaser’s age. Ideally, this would be coupled with live face capture so that the seller can compare the live face to the face on the ID, ensuring that a kid didn’t steal mommy’s or daddy’s driver’s license (licence) or passport.
Age estimation. For example, the purchaser would need to provide their live face so that the seller can estimate the purchaser’s age. In this case (and in the age verification case if a live face is captured), the seller would need to use liveness dectection to ensure that the face is truly a live face and is not a presentation attack or other deepfake.

And then the seller would need to explain why it was doing all of this.

How can a company explain its age assurance solution in a way that its prospects will understand…and how can the company reassure its prospects that its age assurance method protects their privacy?

Companies other than identity companies must explain their identity solutions

Which brings me to the TRUE call to action in this post. (Sorry Mark and Lindsey. You’re still cool.)

I’ve stated ad nauseum that identity companies need to explain their identity solutions: why they developed them, how they work, what they do, and several other things.

In the same way, firms that incorporate solutions from identity companies got some splainin’ to do.

From https://tenor.com/view/i-love-lucy-lucy-ricardo-some-explaining-to-do-gif-14297186.

This applies to a financial institution that requires customers to use an identity verification solution before opening an account, just like it applies to an online gardening implement website that uses an age assurance method to check the age of pruning shear purchasers.

So how can such companies explain their identity and biometrics features in a way their end customers can understand?

Bredemarket can help.

Why Knowledge-Based Authentication Fails at Authentication

In a recent project for a Bredemarket client, I researched how a particular group of organizations identified their online customers. Their authentication methods fell into two categories. One of these methods was much better than the other.

Multifactor authentication

Some of the organizations employed robust authentication procedures that included more than one of the five authentication factors—something you know, something you have, something you are, something you do, and/or somewhere you are.

From Krishamurty Pammi, https://krishnamurtypammi-technology.blogspot.com/p/security-management-two.html.

For example, an organization may require you to authenticate with biometric data, a government-issued identification document, and sometimes some additional textual or location data.

From IDmission, https://www.idmission.com/identity-solutions/identity-verification.

Knowledge-based authentication

Other organizations employed only one of the factors, something you know.

Not something as easy to crack as a password.
Instead they used the supposedly robust authentication method of “knowledge-based authentication,” or KBA.

The theory behind KBA is that if you ask multiple questions of a person based upon data from various authoritative databases, the chance of a fraudster knowing ALL of this data is minimal.

From Alloy, “Why knowledge-based authentication (KBA) is not effective,” https://www.alloy.com/blog/answering-my-own-authentication-questions-prove-that-theyre-useless.

Steve Craig found out the hard way that KBA is not infallible.

The hotel loyalty hack

Steve Craig is the Founder and CEO of PEAK IDV, a company dedicated to educating individuals on identity verification and fraud prevention.

From PEAK IDV, https://www.peakidv.com/.

Sadly, Craig himself was recently a victim of fraud, and it took him several hours to resolve the issue.

I’m not going to repeat all of Craig’s story, which you can read in his LinkedIn post. But I do want to highlight one detail.

When the fraudster took over Craig’s travel-related account, the hotel used KBA to confirm that the fraudster truly was Steve Craig, specifically asking “when and where was your last hotel stay?”
Only one problem: the “last hotel stay” was one from the fraudster, NOT from Craig. The scammer fraudulently associated their hotel stay with Craig’s account.
This spurious “last hotel stay” allowed the fraudster to not only answer the “last hotel stay” question correctly, but also to take over Craig’s entire account, including all of Craig’s loyalty points.

And with that one piece of knowledge, Craig’s account was breached.

The “knowledge” used by knowledge based authentication

Craig isn’t the only one who can confirm that KBA by itself doesn’t work. I’ve already shared an image from an Alloy article demonstrating the failures of KBA, and there are many similar articles out there.

The biggest drawback of KBA is the assumption that ONLY the person can answer all the knowledge corrections correctly is false. All you have to do is participate in one of those never-ending Facebook memes that tell you something based on your birthday, or your favorite pet. Don’t do it.

Why do organizations use KBA?

So why do organizations continue to use KBA as their preferred authentication method? Fraud.com lists several attractive, um, factors:

Ease of implementation. It’s easier to implement KBA than it is to implement biometric authentication and/or ID card-based authentication.
Ease of use. It’s easier to click on answers to multiple choice questions than it is to capture an ID card, fingerprint, or face. (Especially if active liveness detection is used.)
Ease of remembrance. As many of us can testify, it’s hard to remember which password is associated with a particular website. With KBA, you merely have to answer a multiple choice quiz, using information that you already know (at least in theory).

Let me add one more:

Presumed protection of personally identifiable information (PII). Uploading your face, fingerprint, or driver’s license to a mysterious system seems scary. It APPEARS to be a lot safer to just answer some questions.

But in my view, the risks that someone else can get all this information (or create spurious information) and use it to access your account outweigh the benefits listed above. Even Fraud.com, which lists the advantages of KBA, warns about the risks and recommend coupling KBA with some other authentication method.

But KBA isn’t the only risky authentication factor out there

We already know that passwords can be hacked. And by now we should realize that KBA could be hacked.

But frankly, ANY single authentication can be hacked.

After Steve Craig resolved his fraud issue, he asked the hotel how it would prevent fraud in the future. The hotel responded that it would use caller ID on phone calls made to the hotel. Wrong answer.
While the biometric vendors are improving their algorithms to detect deepfakes, no one can offer 100% assurance that even the best biometric algorithms can prevent all deepfake attempts. And people don’t even bother to use biometric algorithms if the people on the Zoom call LOOK real.
While the ID card analysis vendors (and the ID card manufacturers themselves) are constantly improving their ability to detect fraudulent documents, no one can offer 100% assurance that a presented driver’s license is truly a driver’s license.
Geolocation has been touted as a solution by some. But geolocation can be hacked also.

In my view, the best way to minimize (not eliminate) fraudulent authentication is to employ multiple factors. While someone could create a fake face, or a fake driver’s license, or a fake location, the chances of someone faking ALL these factors are much lower than the chances of someone faking a single factor.

You knew the pitch was coming, didn’t you?

If your company has a story to tell about how your authentication processes beat all others, I can help.