Frictionless Security For Real Users
ZoOm makes Liveness Checks and 3D Face Authentication fast, easy and incredibly secure for everyone, regardless of their device. The same intuitive ZoOm UI provides Liveness Checks, Onboarding and Ongoing user Authentication. Simply center your face in the oval and move the camera a bit closer. That video-selfie verifies Liveness, matches the 3D FaceMap and provides instant access.
Brick Wall for Bad Actors
ZoOm provides access security for any app or webpage, unlocking everything from your car door to your bank account. During onboarding, a 3D FaceMap is created anchoring the chain of trust for ongoing password-free user authentication from any smartphone, tablet, PC or Laptop. ZoOm offers more security, flexibility, portability and convenience than any other biometric.
Can a Selfie Really Provide Security?
Obviously, selfies are easy to take. But the real question is whether or not they can provide effective access security. Typically they don’t, but ZoOm’s patented process isn’t just a selfie, it’s a quick face scan that results in both a 3D FaceMap and Liveness Data. ZoOm detects the difference between “likeness” and “liveness” to prevent masks, dolls, videos or photos from fooling the system. The Liveness Detection algorithms must observe so many concurrent human traits that no spoof could recreate them all at once. ZoOm’s 3D Face Matching then compares the user to their previously-enrolled 3D FaceMap, and if the two FaceMaps match highly (4.2M+ FAR) the verified user is granted access.
No Stored Liveness Data = No Honeypot Risk
There are two types of data required for every secure face authentication, Face Matching Data and Liveness Data. Each acts as a part of the same key, and both must be present to gain access. With ZoOm only the 3D FaceMap is ever stored, the ZoOm Server SDK automatically deletes the Liveness Data immediately after each session.
ZoOm’s Encrypted 3D FaceMaps:
- Can’t Be Phished From Users
- Aren’t a Biometric Honeypot
- Stop Credential Sharing
- Stop Botnet Attacks
- Match 1:1 & 1:N Better
CERTIFIED LIVENESS DETECTION
Over the last five years, we dove more deeply into anti-spoofing than anyone else – ever. We have performed tens-of-millions of spoof attempts with every conceivable type of media and learned how to stop them. Learn more: www.Liveness.com
Presentation Attack Detection tests include:
- 2D paper photos & digital images
- High resolution videos
- Image swap-in after liveness check
- Paper masks with eye & mouth cutouts
- Hollywood masks, wax figures & lifelike dolls
- Photos or video frames animated into avatars
- Video projections on 3D heads
- Sleeping users with closed eyes
- Impostors, lookalikes & identical twins
BIOMETRIC BEST PRACTICES
- Choose Certified 3D Liveness Detection technology. Without it, you can’t trust unsupervised authentications and you will be at risk for security and PR problems.
- Don’t make users buy a specific device just for your biometric. It must run on devices they already own.
- Delete Liveness Data and only store Matching Data, this prevents a biometric honeypot. See www.Liveness.com
- Server-side matching is the only biometric model that can truly replace passwords, enable cross-platform logins, simplify device upgrades and allow multiple devices/user. On-device matching isn’t future-proof.
- Choose a diverse algorithm. Don’t be accused of having a “biased” biometric just because the training sets used to create it were too homogeneous. ZoOm trained with users from over 170 countries.
- Get the Forrester Report: The State Of Facial Recognition For Authentication And Verification
2D VS. 3D
Legacy 2D Face Recognition has never provided large scale 1:1 security for consumers. Modern AI has made it better, but 2D will never work well with large data sets. There’s just too much variability in capture distances and not enough differentiation in human faces when they are flattened into 2D. Apple’s 3D Face ID is a special hardware sensor that unlocks one specific phone, which like fingerprint readers are “On-device” biometrics which only bind a user to a specific device. No one seems to realize that to actually replace passwords users’ biometrics must be linked to their accounts, so their identities can be proven to a 3rd party.