Cognito Broadcast

Presentation Attack Detection

How does presentation attack detection impact identity verification?

A presentation attack occurs when a bad actor uses someone else's biometric data. Known as "spoofing," fraudsters then use this data to impersonate someone else.

This can take a few different forms, known as presentation attack instruments. A fake fingerprint or trying to bypass liveness detection by using a printed photo are common. The threat of spoofing has increased as more users sign up for new accounts online, rather than in person.

Fraudsters may use this data to commit all kinds of theft. They may sign up for a mobile banking app or a line of credit online, for example, in an attempt to steal money from either the platform or an individual.

How does Cognito mitigate the risk of presentation attacks?

Cognito Flow offers robust protection against presentation attacks. In Cognito Flow, verification flows can include three different types of identity information from a user. Those are data source, documentary, and liveness. By using all three verification methods in concert, you can be sure that new users know their identity data, possess their physical identity documents, and are alive.

Crucially, in addition to verifying the authenticity of someone's identity documents, Cognito Flow uses facial mapping technology to verify that the person's ID document photo matches the face they present during their liveness verification.

Further, Cognito Flow uses advanced image processing and machine learning to combat fraud. Our solution is able to detect pixel changes, deep fakes, masks, and more.

How does Cognito compare to other ID verification providers when handling presentation attacks?

Cognito Flow starts with data source verification, which:

  • Matches user-entered details, like their address and government ID number, against authoritative sources.
  • Uniquely, Cognito Flow also uses some of this data to confirm an online footprint, like email accounts and social media accounts.

Then takes a photo of a government-issued ID document, like a passport or driver's license, and:

  • Confirms the authenticity of the document using advanced machine learning to ensure it isn't a printout.
  • Uses sophisticated OCR to ensure information on the document matches what the user entered in the data source verification step.

And, finally, requests a liveness check in the form of very short videos, like a GIF, for face presentation attack detection. This:

  • Uses complex machine learning algorithms to ensure that the person is real. Not, for example, a person holding up someone else's photo to their face.
  • Uses face-matching to ensure the person matches the photo on their government-issued ID document.

Unlike other ID verification providers, Cognito goes one step further. Flow prevents presentation attacks by asking users to record short videos, rather than simply uploading a photo. Users with slow or unreliable internet connections will fallback to a photo. Still, Cognito Flow applies the same advanced algorithm to ensure the photos represent a real live person, by looking at lighting, pixel changes, depth, and more.

It's worth noting here that identity verification is only one area where the threat of presentation attacks exists. Biometric authentication equipment, like building access controls, fingerprint recognition or iris employee time clocks, and other devices are at risk for presentation attacks. That said, they have very different requirements, and as a result the solution may be different.

Ultimately, Cognito Flow uses best-in-class fraud presentation attack detection methods, combined with a conversion-optimized funnel, to both reduce risk and improve new user sign-up rates relative to other solutions.

Active vs. passive presentation attack detection

Balancing security with user convenience requires some trade-offs, but Cognito Flow is optimized for a secure, convenient online identity verification process.

Active presentation attack detection

Active PAD requires users to perform a series of actions to confirm their liveness, identity and authenticity.

Cognito Flow, for example, requires users to take several very short actions - like looking left or smiling at their phone camera - to prevent a presentation attack.

This method works well, because new users can complete their identity verification entirely online, from their homes, in just a few minutes.

Passive presentation attack detection

Passive PAD relies on specialized equipment, rather than a series of actions, to confirm someone's identity and liveness. A specialized 3d camera, for example, may look at lighting, depth-sensing, infrared, and other characteristics to confirm someone's authentic identity.

Passive PAD is most useful in situations where absolute speed is critical, like building access. But because it requires specialized hardware far beyond a standard phone or laptop camera, a passive PAD system is often not a good solution to online identity verifications.

What are the risks of a presentation attack? How easy are presentation attacks to perpetrate?

The threat of a presentation attack can range in severity, usually based on both the ease of committing fraud and the value of the target. But apps using ID verification solutions also need to balance the need for fraud protection against the need for usability among their customers.

Cognito designed Flow to balance those needs, in part by relying on artificial intelligence to handle presentation attack detection behind the scenes. It's absolutely critical that applications connected to user's bank or credit card accounts have fraud protection, especially when it does not add any burden to the new user sign-up funnel.


The risk of sophisticated presentation attacks has been growing as more people complete identity verifications online from their mobile devices. Because mobile cameras aren't sophisticated enough to handle passive presentation attack detection natively, and requiring in-person identity verification is too onerous, sophisticated active presentation attack detection is the best option for accurately verifying identities online.

Coupled with documentary and data source verifications - where people must also possess their physical ID documents, with a face that matches their liveness verification - Cognito Flow provides robust protection against presentation attacks, all without sacrificing user experience.

Ready to get started?

More Stories