Why do some apps need to see my heartbeat to know it's really me?
How heartbeat identity verification and rPPG let identity platforms confirm a live human passively, without blinks or head turns, for CISO and eKYC teams.
When an onboarding flow asks for nothing more than a steady look at the camera and still concludes that you are a living person, something invisible is happening behind the lens. The camera is reading the faint flush of blood moving through the skin of your face. This is the quiet mechanism behind heartbeat identity verification, a class of passive liveness signals built on remote photoplethysmography, or rPPG. For identity platform providers and security leaders, the appeal is direct: a real pulse is hard to fake, and reading it requires no action from the user at all. The person being verified does not blink on command, turn their head, or recite a number. They simply exist in front of the sensor, and the sensor confirms the biology.
"rPPG signals are non-invasive, inherently contain liveness information, and are resistant to spoofing, making them a cost-efficient alternative for biometric authentication.", Findings summarized from 2024 rPPG presentation attack detection literature, including work from the University of Oulu Center for Machine Vision and Signal Analysis.
What heartbeat identity verification actually measures
Every heartbeat pushes a pulse of blood into the capillaries just beneath the skin. That pulse changes how much light the skin absorbs and reflects, by an amount far too small for the human eye to notice. A standard RGB camera, however, can pick up the periodic shift in green-channel intensity across the forehead and cheeks. By isolating that rhythmic color change across many frames, an algorithm reconstructs the cardiac waveform and, with it, the heart rate. The technique traces back to Wim Verkruysse and colleagues at the Beckman Laser Institute in 2008, who showed pulse could be extracted from ordinary ambient-light video, and to Ming-Zher Poh, Daniel McDuff, and Rosalind Picard at the MIT Media Lab around 2010, who measured cardiac signals from a basic webcam.
For identity verification, the heart rate itself is not the point. The point is what the signal proves: a genuine, perfused, living face is in front of the camera. A printed photo has no pulse. A screen replay has no pulse. A silicone or resin mask blocks the blood flow underneath it, so the signal flattens. This is why heartbeat identity verification sits in the passive liveness category. The proof is generated by the subject's physiology, not by their cooperation, which removes a step from the flow and removes a script that an attacker could rehearse.
The contrast with older liveness methods is worth laying out plainly.
| Approach | What the user must do | Spoof it resists best | Main weakness |
|---|---|---|---|
| Active challenge-response | Blink, smile, turn head on prompt | Static printed photo | Replay and deepfake can mimic scripted motions; adds friction |
| Texture and depth analysis | Hold still for capture | Flat photo, low-quality screen | Struggles against high-resolution replays and 3D masks |
| rPPG heartbeat verification | Nothing; just face the camera | Photos, screen replay, opaque 3D masks | Needs adequate light, video length, and frame rate |
| Document plus selfie match alone | Take a selfie | Mismatched identity | No liveness signal at all without an added layer |
The differences shape where each method fits in a real pipeline:
- Active methods are familiar and easy to explain, but the prompted action is the same thing a sophisticated attacker prepares for.
- Texture and depth cues are passive and fast, yet they reason about appearance rather than life.
- Heartbeat verification reasons about a process that a still image or opaque mask cannot reproduce, which is why it is often layered with texture analysis rather than used alone.
Industry applications of passive heartbeat signals
eKYC and remote identity proofing
For banks and fintech platforms running electronic Know Your Customer checks, abandonment during onboarding is a measurable revenue loss. Every extra instruction in a liveness step increases drop-off. A passive heartbeat signal lets the platform satisfy a liveness requirement during the same camera session used for the document-to-selfie match, with no added user action. The verification feels like a photo, while the system quietly confirms perfusion.
Government ID verification technology
Public-sector identity proofing carries a wider accessibility obligation than most commercial flows. Active challenges such as "turn your head left" can exclude users with motor or cognitive differences, and they translate poorly across languages and devices. A passive physiological signal does not depend on a user understanding or performing an instruction, which makes it attractive for remote credential issuance and benefits enrollment where inclusivity is a legal and ethical requirement.
High-assurance access and account recovery
For CISO teams defending privileged access or account-recovery paths, the threat is increasingly a synthetic video rather than a stolen password. Heartbeat verification adds a layer that an injected video stream or a presented screen has to defeat at the level of biology, not just pixels. It is most effective as one input among several, feeding a risk score alongside device signals and document checks.
Current research and evidence
The research base has matured quickly. To counter 3D mask attacks, Si-Qi Liu, Xiaobai Li, Pong C. Yuen, Guoying Zhao and collaborators proposed the rPPG correspondence feature, or CFrPPG, which isolates the faint heartbeat trace from noisy signals even under changing light, improving robustness against masks that fool appearance-based detectors. The same Oulu group introduced the OR-PAD database, described as the first rPPG-focused presentation attack dataset, with 25 distinct attack scenarios for benchmarking.
Other teams have pushed the sensing and modeling further. Researchers at Hochschule Bonn-Rhein-Sieg evaluated Time-of-Flight cameras for rPPG-based detection, reporting that integrated depth and insensitivity to electronic displays and ambient light give advantages over plain RGB capture. On the modeling side, transformer architectures such as PhysFormer, augmented with temporal-difference attention, have been applied to face presentation attack detection. The PAD-Phys line of work from Julian Fierrez and colleagues at Universidad Autonoma de Madrid demonstrates that physiological cues meaningfully separate genuine faces from attacks.
The evidence also includes a clear warning. A 2025 study highlighted by Fraunwarn and published through Frontiers found that high-quality deepfakes can now carry a realistic, detectable heartbeat, because the fake inherits the pulse signal from the genuine driving video used to animate it. Separate cautionary work, including a note from researchers at the University of Modena, argues that rPPG signals used naively for deepfake detection can latch onto non-physiological artifacts. The lesson for buyers is that a heartbeat alone is no longer a guarantee. The strength now lies in analyzing the spatial consistency and localized blood-flow pattern across the face, which Dutch forensic researchers have used to flag manipulated video, rather than in simply confirming that a pulse exists.
The future of heartbeat identity verification
Three directions are taking shape. First, fusion: heartbeat signals are converging with texture, depth, and document analysis into single risk decisions rather than standing alone, which addresses the deepfake-with-a-pulse problem. Second, spatial physiology: the next generation of models examines whether blood flow is consistent across facial regions in the way real perfusion is, not just whether a periodic signal is present. Third, standardization and sensing: as Time-of-Flight and higher-frame-rate cameras spread, and as testing frameworks mature, rPPG liveness will be evaluated under the same presentation attack detection standards already applied to other methods. For identity platforms, the practical conclusion is that passive physiological liveness is becoming a layer to integrate, not a single product to buy, and its value grows as it is combined with other signals.
Frequently asked questions
Does heartbeat identity verification record my medical data? No. These systems extract a coarse pulse signal to confirm that a living face is present, then discard it. The goal is a liveness decision, not a clinical heart-rate record, and the signal is not precise or persistent enough to serve as a health diagnostic.
Why use a heartbeat instead of asking me to blink or turn my head? Prompted actions are the exact behaviors a prepared attacker can script with a replay or deepfake, and they add friction that increases onboarding drop-off. A heartbeat is generated by your physiology rather than your cooperation, so it works passively and is harder to rehearse.
Can a deepfake fake a heartbeat now? Recent research shows advanced deepfakes can inherit a realistic pulse from the real video used to create them. This is why modern systems do not rely on the presence of a pulse alone, and instead check whether blood flow is spatially consistent across the face and combine the result with other liveness signals.
Does it work in low light or on older phones? Performance depends on adequate lighting, sufficient video length, and a reasonable frame rate. Poor light, heavy video compression, and very low frame rates degrade the signal, which is one reason heartbeat verification is layered with methods that are less sensitive to capture conditions.
Circadify is building toward this layered approach, where passive physiological signals reinforce presentation attack detection rather than stand alone, giving identity teams stronger assurance without adding friction for genuine users. Teams evaluating how to fold passive liveness into an existing verification stack can review the fraud detection integration guide for implementation patterns.