Face Liveness Detection: What It Is and Why It Matters
A face verification system that can be fooled by a photograph is not a real security control. Liveness detection closes that gap.
What is a Liveness Attack?
A liveness attack — also called a presentation attack — is when someone tries to fool a face recognition system using a photo, video, or 3D mask of the target person instead of their live face.
Without liveness detection, a basic face verification system can be defeated by simply holding up a printed photo or playing a video on a phone screen.
How Liveness Detection Works
Modern liveness systems use a combination of techniques:
- Active challenges — Ask the user to blink, turn their head, or smile. A static image cannot comply.
- Passive analysis — Analyse texture, depth cues, and light reflection patterns that differ between a live face and a flat image.
- 3D depth sensing — On supported hardware, use depth maps to confirm a real face is present.
FaceTrust's Approach
FaceTrust implements liveness via a session-based flow:
- Your server calls the session API to create a liveness check.
- The API returns a token used to load a webview or iframe on the client device.
- The client-side component guides the user through the detection flow.
- The result is sent to your server via webhook — pass or fail, with a confidence score.
This architecture keeps the detection logic up to date without requiring app updates on the client side.