How can businesses know I'm a live person and not a deepfake on video?
How modern liveness detection and injection attack defenses detect deepfake live video and block synthetic presentation attacks during identity verification.
When a verification flow asks you to look at a camera and then concludes, in under a second, that you are a living human rather than a synthetic puppet, it is running a set of checks that have nothing to do with what your face looks like. The question of how businesses can detect deepfake live video has moved from a niche research problem to a board-level security concern, because the same generative models that produce convincing marketing avatars can now animate a stolen photograph into a real-time video stream that mimics a person who never sat in front of the lens. For CISO teams and identity platform providers, the practical issue is not whether deepfakes exist but whether the verification pipeline can tell the difference between a real biometric capture and an attacker's rendered output.
Identity verification provider Entrust recorded one deepfake digital identity attack every five minutes globally during 2024, and reported that deepfakes accounted for roughly 40 percent of all video biometric fraud attempts that year (Entrust, 2024, via Infosecurity Magazine).
What it takes to detect deepfake live video
To detect deepfake live video reliably, a system has to answer two separate questions that are often conflated. The first is whether the face in front of the camera belongs to a real, present human being. The second is whether the video reaching the verification server actually came from that camera, or was substituted somewhere along the way. These map to two distinct defensive disciplines: presentation attack detection (PAD) and injection attack detection (IAD).
Presentation attacks involve showing something fake to a genuine sensor. A printed photo, a phone screen replaying a video, a silicone mask, or a deepfake played on a tablet held up to the camera all fall into this category. The international standard ISO/IEC 30107-3 defines how these attacks are categorized and how detection systems are tested against them, and accredited laboratories such as iBeta run conformance testing at escalating difficulty levels. In 2025, iBeta introduced Level 3 PAD testing built around far more realistic artifacts, including custom hyper-realistic masks and variable lighting designed to simulate sophisticated attacks.
Injection attacks skip the physical camera entirely. Instead of presenting a deepfake to a lens, an attacker uses a virtual camera, an emulator, or a compromised mobile application to feed a synthetic video stream directly into the verification software. Because no sensor ever sees a fake object, classic liveness checks that look for screen reflections or print texture can be blind to the attack. iProov's threat intelligence found that digital injection attacks against face verification rose 741 percent year over year, with a 1,151 percent surge on iOS specifically, signaling how quickly attackers have industrialized this technique.
Passive signals that are hard to fake
Passive liveness detection is the approach most resistant to scaled deepfake fraud because it analyzes involuntary, physical signals rather than asking the user to perform an action. One of the more promising signals is remote photoplethysmography, or rPPG, which measures the tiny color changes in facial skin caused by blood flow with each heartbeat. A rendered deepfake has no circulatory system, so the periodic pulse signal that a passive system extracts from genuine skin is absent or inconsistent in synthetic footage. Combined with micro-texture analysis, sub-surface light scattering, and consistency checks across frames, these passive cues give a verification engine grounds to distinguish a live capture from a generated one without ever asking the subject to blink or turn their head.
How detection methods compare
The defenses available today differ sharply in how much they burden the user, how well they generalize to new deepfake models, and which attack class they actually stop. The table below summarizes the trade-offs that security teams weigh when assembling a layered defense.
| Method | What it checks | Deepfake resistance | User friction | Primary attack class covered |
|---|---|---|---|---|
| Active liveness (blink, turn, smile) | Scripted user response | Moderate, can be replayed or animated | High | Presentation |
| Passive liveness (texture, depth) | Involuntary physical cues | High | None | Presentation |
| rPPG pulse detection | Blood-flow color signal | High against rendered media | None | Presentation |
| Injection attack detection | Camera feed integrity, emulator and virtual-camera signals | High against injected streams | None | Injection |
| Metadata and device attestation | Hardware and software provenance | Moderate | None | Injection |
No single row is sufficient on its own. The most resilient architectures combine passive liveness for the presentation layer with injection attack detection for the pipeline layer, because an attacker who is blocked at the sensor will simply move to feeding a stream, and vice versa.
Key reasons layered detection has become standard practice:
- Generative models improve continuously, so any detector trained only on yesterday's deepfakes degrades over time.
- Injection attacks bypass sensor-based checks entirely, requiring separate feed-integrity monitoring.
- Human reviewers cannot scale to the volume, and studies place human detection of high-quality video deepfakes around 24 percent.
- Regulators increasingly expect demonstrable PAD conformance, not self-asserted claims.
Industry applications
Financial services and eKYC
Banks and fintech platforms run remote identity proofing at the moment of account opening, which is precisely where synthetic identity fraud concentrates. In November 2024 the U.S. Financial Crimes Enforcement Network issued an alert (FIN-2024-Alert004) flagging a rise in suspicious activity reports tied to deepfake media used to evade identity verification. Passive liveness paired with injection detection lets these institutions keep onboarding frictionless while raising the cost of a successful synthetic attack.
Government ID verification
Agencies issuing or validating credentials operate under standards such as NIST Special Publication 800-63A for remote identity proofing. For government ID verification technology, the priority is high assurance across a demographically diverse population, which favors passive methods that do not depend on a user understanding or correctly performing an action prompt.
Identity platform providers
Vendors embedding verification into their own products need PAD that travels well across the mobile SDKs and browsers their customers use. Because injection attacks surged most sharply on mobile, platform providers increasingly treat feed-integrity and device attestation as first-class requirements rather than optional add-ons.
Current research and evidence
The empirical picture from 2024 and 2025 is consistent across independent sources. Regula's August 2024 survey found that 49 percent of businesses had encountered video deepfake fraud, up from 29 percent in 2022. Sumsub reported a roughly fourfold year-over-year increase in detected deepfake incidents from 2023 to 2024. On the cost side, analyses placed the average deepfake-related fraud loss for affected businesses near 500,000 dollars in 2024, with some large enterprises reporting losses well above that figure.
Standards bodies have responded. ISO/IEC 30107-3 remains the reference framework for presentation attack detection testing, and the introduction of iBeta Level 3 in 2025 raised the bar for what counts as credible PAD conformance, with only a small number of vendors holding it in the months following its launch. Work is also underway toward standardized injection-attack testing protocols, reflecting industry recognition that PAD certification alone does not address the injected-stream threat. For security buyers, the practical takeaway from this body of evidence is that conformance claims should be tied to named standards and accredited laboratory results rather than marketing assertions.
The future of deepfake detection
The trajectory points toward an arms race in which detection and generation improve in tandem, which is why durable strategies emphasize signals rooted in physics rather than appearance. A pulse extracted from genuine skin, sub-surface light scattering, and the integrity of the capture pipeline are harder to synthesize convincingly than a face, and they degrade more gracefully as generative models advance. Expect three developments to dominate the next few years: standardized injection attack testing that complements existing PAD certification, broader adoption of device and content provenance signals, and continuous model retraining pipelines that treat deepfake detection as a living system rather than a one-time certification. The organizations that fare best will be those that architect for layered defense now, so that defeating one control does not defeat the whole.
Frequently asked questions
Can a deepfake pass a standard liveness check? A basic check that only confirms a face is present, or that asks for a scripted action like a blink, can sometimes be fooled by a high-quality animated deepfake or a replayed video. Passive liveness that analyzes involuntary physical cues, combined with injection attack detection, is far more resistant because it looks for signals a rendered video does not contain.
What is the difference between a presentation attack and an injection attack? A presentation attack shows a fake artifact, such as a deepfake on a screen or a mask, to a real camera. An injection attack bypasses the camera and feeds synthetic video directly into the verification software using a virtual camera or emulator. They require different defenses, which is why layered systems address both.
Why do some systems measure a heartbeat to verify a live person? Remote photoplethysmography detects subtle skin color changes caused by blood flow. A rendered or generated video has no circulatory system, so the absence of a consistent pulse signal is strong evidence that the footage is synthetic rather than a live human capture.
Does detecting deepfakes require the user to do anything? Not with passive approaches. Passive liveness and rPPG analyze a normal camera capture without prompting the user to blink, smile, or turn, which keeps the experience frictionless while still distinguishing a live person from a deepfake.
As deepfake and injection attacks scale, Circadify is building toward this exact problem, combining passive liveness with pipeline integrity checks so platforms can verify a real human without adding friction. Teams evaluating how to detect deepfake live video in their own onboarding can review the integration guide for implementation details.