August’s launch of the iPhone 8 from Apple could be a turning point in the adoption of facial verification systems and their widespread acceptance. The new device includes a verification system which authenticates the phone’s owner using their facial features in a very short space of time (estimated at around a few hundred milliseconds). This new facial verification system will replace Apple’s Touch ID for unlocking the phone and for authenticating payments made through Apple Pay or iTunes.
Andrew Bud is the CEO of iProov, an organisation whose patented facial verification technology assures institutions, enterprises, websites and online service providers that a returning user is genuine and guards users against fraudulent attempts to gain access to personal data or use a stolen identity. Commenting on the inclusion of facial verification in the iPhone 8 he says:
“The announcement from Apple marks the dawning of mass-market adoption of face verification as the chosen method of user authentication. It’s a significant development for two reasons; firstly, it is significant that Apple has chosen face over other biometric options such as iris or voice. For an organisation with such strong user experience credentials to come out so strongly in favour of the face as its chosen method of authentication sends a clear message about how user-friendly and secure it is over other biometric options.
“Secondly, the particular type of facial verification technology Apple is using is a clear assertion of the importance of taking a robust anti-spoofing approach to facial authentication. With lower-grade facial recognition techniques, fraudsters have a good chance of being able to dupe a system into thinking it is the real user simply by using a stolen image of their target. However, we’re pleased to see that Apple has invested heavily in anti-spoofing technology to stop that happening.”
The Apple system works by a using ‘controlled illumination’ to create a sequence of reflections which produce information about the 3D shape of the face. Together with advanced face matching technology, the system then use this reflection information to establish that he/she really is whom they look like and not a spoof.
Bud continues: “Apple’s facial verification technology is great for what it does, but there are limits on its application. This is mainly because it is purely device-based, rather than also making use of the cloud. Systems which combine device and cloud have two clear benefits: firstly, they enable authentication on any device, whether that’s an Apple or Android mobile phone, or any tablet or computer. For organisations looking for the right strong authentication solution, this cross-platform capability is fundamental. Secondly, when everything is done on the device, there is no supporting system to detect and defend against attacks. Successful attacks are invisible until either the user realises they have been defrauded or the attacker chooses to publish their success on the internet.
“Even so, it’s fantastic to see Apple choosing face over other biometric mechanisms such as iris or voice and taking such a robust approach to anti-spoofing. Advances in machine learning in the last three years have transformed the performance of facial verification systems so that they are now much faster, more accurate and more tolerant to changes in pattern, lighting and pose. There are already organisations, such as banks and public-sector departments, beginning to roll out face verification for on-boarding, logon and authentication purposes and today’s announcement from Apple will only help spur further adoption.”