Biometric Liveness explanatory graphic

Posted in Good Practice on

An open laptop on a desk with the screen displaying the Biometrics Institute logo and title for the resource, "Vulnerabilities Explanatory Graphic: Biometric Liveness: Protection from Presentation and Injection Attacks". The background image on the screen shows a digital blue matrix of binary code with the word "ATTACK" prominently highlighted in a pixelated block font, symbolising a digital security threat.

What is it?

The Biometrics Institute’s explanatory graphic, Biometric Liveness: Protection from Presentation and Injection Attacks, is designed to make the complex topic of biometric vulnerabilities easy to understand for both technical and non-technical audiences. It illustrates, in one clear flow, how a biometric transaction moves from acquisition to liveness checks and biometric comparison. And where attacks may occur.

The biometric liveness graphic explains a critical question: Is the biometric sample coming from a real, live person, or from an artefact/attack?

It distinguishes between:

  1. A live (bona fide) user presenting genuine biometric data.
  2. An attacker using a physical artefact (e.g., a mask or fake finger) used in a presentation attack.
  3. An attacker using a digital artefact (e.g., replayed media or deepfake content) used in an injection attack.

The visual also highlights possible outcomes and risks:

  • Genuine users may be incorrectly rejected
  • Attackers may be incorrectly accepted

How do members benefit?

Liveness is central to managing biometric vulnerabilities in digital identity. As attack techniques evolve, teams need a practical way to map the biometric vulnerabilities and explain threats and controls across business, policy, procurement, and engineering teams.

The value is immediate and practical and you can use the graphic to:

  • Brief executives and boards on biometric risk using plain language
  • Support discussions around liveness, Presentation Attack Detection (PAD) and deepfake injection controls
  • Align cross-functional teams on where vulnerabilities arise and how mitigations fit into the transaction flow
  • Educate customers and partners on the difference between real-user validation and attack detection

The graphic also aligns with the Biometrics Institute’s Three Laws of Biometrics, specifically the Third Law: “Know your algorithm.” Understanding algorithm capability includes knowing how systems distinguish live users from spoofing attempts and how error trade-offs affect both security and user experience.

        Who updates it?

        The Institute’s Technology and Innovation Group (TIG) will review the biometric liveness graphic as required to ensure it keeps pace with the evolving threat landscape.

        How to access the document

        Members: Click here.
        Non-members: Find out about becoming a member here.

        Lead the debate with us on the
        responsible use of Biometrics

        Learn About Our Memberships