Biometric Verification
Facial recognition, liveness detection, and age estimation to prevent fraud and ensure the person is real and matches their ID document.
Biometric Verification
Use facial biometrics to verify that the person presenting the ID is the same person in the document photo, and that they're a real person (not a photo, video, or deepfake).
Why Biometrics?
Security Benefits:
- Prevent identity theft (stolen documents)
- Detect photo/video spoofing
- Ensure person is physically present
- Match selfie to document photo
- Age verification
Industry Standard
Biometric verification is now the industry standard for identity verification, required by many regulators for remote onboarding in financial services and crypto exchanges.
3 Credits Per biometric check
Verification Methods
1. Face Match
Compare selfie photo to document photo.
How It Works:
- Extract face from ID document
- Capture selfie from user
- Compare using facial recognition AI
- Return match score (0-100%)
Face Match Example:
const faceMatch = await fetch('/api/v3/verifications/:id/face-match', {
method: 'POST',
body: JSON.stringify({
selfieImage: base64Image
})
});Result:
{
"matchScore": 94,
"result": "match",
"confidence": "high",
"recommendation": "approve"
}Match Thresholds:
| Score | Result | Action |
|---|---|---|
| 90-100% | Strong Match | Auto-approve |
| 75-89% | Match | Approve |
| 60-74% | Weak Match | Manual review |
| 0-59% | No Match | Reject |
Factors Affecting Score:
- Photo quality (both selfie and document)
- Lighting conditions
- Face angle
- Aging (document photo taken years ago)
- Glasses, facial hair changes
- Expression (smiling vs. neutral)
2. Liveness Detection
Verify the user is a real person, not a photo or video.
Passive Liveness (Recommended):
- Single selfie capture
- AI analyses image for spoofing
- No user action required
- Fast and user-friendly
Active Liveness (Higher Security):
- User performs actions (blink, smile, turn head)
- Multiple frames captured
- Harder to spoof with photo/video
- Takes longer (~10 seconds)
Liveness Check Example:
const liveness = await fetch('/api/v3/verifications/:id/liveness', {
method: 'POST',
body: JSON.stringify({
type: 'passive', // or 'active'
images: [base64Image] // single image for passive, multiple for active
})
});Result:
{
"result": "live",
"confidence": 96,
"spoofingDetected": false,
"spoofingType": null // or "photo", "video", "mask", "screen"
}Spoofing Detection:
- Photo printouts
- Phone/tablet screen playback
- Pre-recorded video
- Masks (silicone, paper)
- Deepfakes (AI-generated faces)
Combine with Deepfake Detection
For high-risk scenarios, combine liveness detection with deepfake scanning for maximum security against AI-generated spoofing attempts.
3. Age Estimation
Estimate age from selfie without requiring date of birth document.
Use Cases:
- Age-gated content (18+, 21+)
- Age verification for gaming/gambling
- Quick age checks without full KYC
Age Estimation Example:
const ageCheck = await fetch('/api/v3/age-verification', {
method: 'POST',
body: JSON.stringify({
image: base64Image,
minimumAge: 18
})
});Result:
{
"estimatedAge": 24,
"ageRange": "18-25",
"meetsMinimum": true,
"confidence": 88
}Accuracy:
- ±3 years for ages 18-60
- ±5 years for ages 60+
- Less accurate for ages under 18
3 Credits Per age estimation
Biometric Workflow Options
Express Workflow
Steps: Document upload only Cost: 1 Credit Use Case: Low-risk, fast onboarding
No biometric checks - just document authenticity.
Standard Workflow
Steps: Document + Selfie + Face Match Cost: 1 Credit Use Case: General KYC compliance
Recommended for most use cases.
const verification = await fetch('/api/v3/verifications', {
method: 'POST',
body: JSON.stringify({
applicantId: 'app_abc123',
workflowType: 'standard'
})
});
// User uploads document
// User takes selfie
// System performs face match automaticallyEnhanced Workflow
Steps: Document + Selfie + Liveness + Face Match Cost: 2 Credits Use Case: High-risk, regulated industries
Maximum security with liveness detection.
const verification = await fetch('/api/v3/verifications', {
method: 'POST',
body: JSON.stringify({
applicantId: 'app_abc123',
workflowType: 'enhanced',
livenessType: 'active' // or 'passive'
})
});Image Requirements
Selfie Quality
| Requirement | Specification |
|---|---|
| Format | JPG, PNG |
| Min Resolution | 640x480 pixels |
| Face Size | At least 200x200 pixels |
| Lighting | Evenly lit face, no shadows |
| Background | Plain, contrasting with face |
| Face Position | Centered, facing forward |
| Expression | Neutral (for face match) |
Common Quality Issues
❌ Rejected Selfies:
- Face too small in frame
- Heavy shadows on face
- Wearing sunglasses
- Face partially obscured
- Extreme angles (profile view)
- Multiple people in frame
- Low resolution/blurry
✅ Good Selfies:
- Face fills most of frame
- Even lighting
- Clear facial features
- Forward-facing
- Single person
- Plain background
- High resolution
Security Features
Anti-Spoofing
Photo Attack Detection:
- Flat surface detection
- Reflection analysis
- Paper texture detection
- Screen moiré pattern detection
Video Attack Detection:
- Replay detection
- Frame consistency analysis
- Audio-visual sync check
- Screen border detection
3D Mask Detection:
- Depth analysis
- Facial movement patterns
- Material texture analysis
- Eye tracking
Deepfake Detection
Combine biometric checks with deepfake scanning:
const verification = await fetch('/api/v3/verifications', {
method: 'POST',
body: JSON.stringify({
applicantId: 'app_abc123',
workflowType: 'enhanced',
enableDeepfakeCheck: true // +2 credits
})
});See Deepfake Detection for details.
Accuracy and Performance
Face Match Accuracy
- True Accept Rate (TAR): 98.5% at 0.1% FAR
- False Accept Rate (FAR): 0.01% (1 in 10,000)
- False Reject Rate (FRR): 1.5%
Factors Affecting Accuracy:
- Image quality (both photos)
- Aging between document and selfie
- Expression changes
- Glasses, facial hair, makeup
- Lighting differences
Liveness Detection Accuracy
Passive Liveness:
- Attack Detection Rate: 95%
- False Rejection Rate: 2%
- Processing Time: 1-2 seconds
Active Liveness:
- Attack Detection Rate: 99.5%
- False Rejection Rate: 0.5%
- Processing Time: 8-12 seconds
Compliance
GDPR (EU)
Biometric data is "special category" data requiring:
- Explicit consent
- Clear purpose limitation
- Minimal retention period
- Encryption at rest and in transit
- User access rights
VeriPlus Compliance:
- Consent collected before capture
- Biometric templates deleted after verification (optional)
- Face images encrypted
- User can delete data via dashboard
BIPA (US - Illinois)
Biometric Information Privacy Act requirements:
- Written policy for retention/destruction
- User consent before collection
- Cannot sell biometric data
CCPA (California)
Biometric data is personal information:
- Privacy notice required
- User can request deletion
- Opt-out of sale (not applicable to verification)
Best Practices
- Use Standard workflow by default - Good balance of security and UX
- Enable liveness for high-value - Transactions over $1,000, account openings
- Set appropriate thresholds - Lower threshold = more manual reviews
- Provide clear instructions - Users often fail first selfie due to poor lighting
- Allow retries - Let users retake selfie if rejected for quality
- Consider aging - Lower threshold if document photo is 5+ years old
- Combine with deepfake - For high-risk industries (crypto, finance)
User Experience
Selfie Capture Flow
-
Instruction Screen:
- "Take a selfie to verify your identity"
- Show example of good selfie
- Tips: "Remove glasses, ensure good lighting"
-
Camera Permissions:
- Request camera access
- Fallback to file upload if denied
-
Live Camera View:
- Face detection overlay
- Real-time feedback ("Move closer", "Face the camera")
- Capture button appears when face detected
-
Review:
- Show captured image
- "Retake" or "Looks good" options
-
Processing:
- "Analyzing your selfie..." (1-2 seconds)
- Progress indicator
-
Result:
- Success: "Identity verified ✓"
- Fail: "Please retake your selfie" (with reason)
Mobile Optimization
- Native camera integration (better quality than web)
- Automatic orientation handling
- Front camera default
- Flash control for low light
API Reference
Upload Selfie
POST /api/v3/verifications/:id/selfie
const formData = new FormData();
formData.append('image', selfieImage);
await fetch(`/api/v3/verifications/${verificationId}/selfie`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${apiKey}`
},
body: formData
});Trigger Face Match
POST /api/v3/verifications/:id/face-match
await fetch(`/api/v3/verifications/${verificationId}/face-match`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${apiKey}`
}
});
// Returns match score and resultTrigger Liveness Check
POST /api/v3/verifications/:id/liveness
{
"type": "passive" // or "active"
}Troubleshooting
Low Face Match Score (False Negative)
Common Causes:
- Different lighting between document and selfie
- Significant aging (10+ years)
- Glasses in one photo but not the other
- Facial hair changes
Solutions:
- Lower threshold to 70% for older documents
- Manual review if score 60-75%
- Request new ID document if photo very old
High False Rejection (Liveness)
Common Causes:
- Very bright backlighting (window behind user)
- Poor camera quality
- User wearing glasses (reflection)
Solutions:
- Provide better instructions
- Allow file upload fallback
- Use passive liveness (more forgiving)
Next Steps
Ready to get started?
Start with our free plan. No credit card required.