How do companies stop scammers from using fake faces for new accounts?

Every new account form is an open door. Behind it sit fraudsters armed with printed photos, replayed videos, 3D masks, and increasingly, generative deepfakes that can fabricate a convincing human face on demand. For identity platform providers and the CISO teams who buy their technology, the core defensive question has narrowed to something deceptively simple: when a camera captures a face during onboarding, how does the system know it belongs to a real, physically present human rather than a manufactured artifact? The discipline that answers this is presentation attack detection (PAD), and the ability to prevent fake accounts with face scan workflows now hinges on how well that detection layer performs against attacks that did not exist three years ago.

"Deepfake fraud attempts have surged dramatically, with one industry analysis recording a deepfake attempt every five minutes in 2024 and digital document forgeries rising 244 percent year over year.", Entrust 2025 Identity Fraud Report

What it takes to prevent fake accounts with face scan systems

A presentation attack is any attempt to fool a biometric capture system using an artifact presented to the camera or sensor. The international standard ISO/IEC 30107-3 formalizes the vocabulary, defining presentation attack instruments (PAIs) and the test methodology used to measure how reliably a system rejects them. The standard organizes attacks into escalating levels that map to attacker effort, skill, and budget: Level 1 covers low-cost artifacts such as printed photos and screen replays, Level 2 covers more sophisticated PAIs like commercial silicone masks, and Level 3 covers expertly crafted instruments.

To prevent fake accounts with face scan onboarding, a verification pipeline has to defeat several distinct attack classes at once:

• Print attacks, where a high-resolution photograph of a target is held up to the camera.
• Replay attacks, where a video of a real or stolen face is played on a screen.
• 3D mask and mannequin attacks, ranging from paper cutouts to silicone prosthetics.
• Deepfake and synthetic face attacks, where AI generates a face that never existed.
• Injection attacks, where the fraudster bypasses the camera entirely and feeds a manipulated video stream directly into the application.

The last category is the fastest-growing threat. Rather than presenting an artifact to a lens, injection attackers use virtual cameras and emulators to insert a synthetic feed. This blurs the line between presentation attack detection and broader fraud telemetry, and it is reshaping how vendors architect their capture stack.

Active versus passive defenses

The most consequential design decision in this space is whether to ask the user to do something. Active liveness prompts a person to blink, smile, turn their head, or follow a moving dot. Passive liveness analyzes the captured image or short video for signs of genuine presence without any challenge, using texture analysis, depth cues, reflection patterns, and physiological signals such as remote photoplethysmography (rPPG), which detects the subtle color shifts of blood flow under the skin.

Dimension	Active liveness	Passive liveness
User action required	Blink, turn, smile, track motion	None; a steady camera look suffices
Onboarding friction	Higher; adds steps and abandonment risk	Lower; near-invisible to the user
Deepfake resilience	Challenge responses can be replayed or animated	Texture and rPPG signals harder to synthesize
Injection attack exposure	Scripted prompts can be pre-rendered	Combined with device telemetry to flag injection
Accessibility	Can exclude users with motor impairments	More inclusive, no physical task
Standards testing	ISO/IEC 30107-3 PAD methodology	ISO/IEC 30107-3 PAD methodology

The trade-off matters commercially. Active challenges add friction at the exact moment conversion is most fragile, yet a predictable challenge ("please blink now") can sometimes be satisfied by an animated deepfake. Passive approaches reduce abandonment while removing the script that fraudsters can rehearse against. The research consensus has shifted decisively toward passive methods, but the strongest deployments treat the choice as layered rather than binary.

Industry applications

eKYC and financial onboarding

Banks, fintechs, and payment platforms operate under Know Your Customer mandates that require them to bind a real person to a claimed identity. New account fraud and synthetic identity fraud are the dominant threats here. Synthetic identity document fraud rose 311 percent year over year in early 2025 according to Entrust data, and eKYC biometric liveness is the control that prevents a fabricated face from being stitched to a stolen or invented document. Passive liveness is favored because high abandonment directly erodes the economics of digital account opening.

Government and remote identity proofing

Government ID verification technology faces the highest assurance bar and the broadest accessibility obligation. Remote identity proofing programs that issue credentials, benefits, or licenses cannot exclude citizens who struggle with motion-based challenges, which makes passive detection attractive. These programs increasingly align procurement with NIST identity assurance guidance and ISO/IEC 30107-3 conformance evidence.

Platform marketplaces and gaming

Marketplaces, gig platforms, and gaming operators fight bulk fake-account creation, bot farms, and account-resale fraud. Here the goal is throughput: stopping thousands of automated or semi-automated fake signups without alienating legitimate users. Passive liveness combined with injection-attack telemetry is well suited to this high-volume, low-friction context.

Current research and evidence

Independent evaluation is what separates marketing claims from measurable security. The National Institute of Standards and Technology restructured its Face Recognition Vendor Test program in 2023, splitting it into Face Recognition Technology Evaluation (FRTE) and Face Analysis Technology Evaluation (FATE), with FATE PAD focused specifically on passive, software-based presentation attack detection. The accompanying NIST report quantified the accuracy of dozens of passive face PAD algorithms, giving buyers a vendor-neutral benchmark and lending weight to the view that passive detection can meet enterprise assurance needs.

On the threat side, the data is stark. Industry analyses cited in 2025 reporting projected deepfake files rising from roughly 500,000 in 2023 toward 8 million in 2025, with deepfakes accounting for a substantial share of all biometric fraud. The Entrust 2025 Identity Fraud Report documented a deepfake attempt roughly every five minutes in 2024 and a 244 percent increase in digital document forgeries. Regional figures are even more pointed: one report found that 69 percent of biometric fintech fraud in parts of Africa is now AI-generated.

Conformance frameworks tie this together. ISO/IEC 30107-3 provides the testing language, accredited laboratories run PAD evaluations against defined attack levels, and NIST's FATE PAD supplies ongoing comparative benchmarking. For a CISO, the meaningful evidence is not a vendor's self-reported accuracy but a current, independently tested PAD result against the specific attack levels relevant to the deployment.

The future of presentation attack detection

Three shifts are likely to define the next several years. First, the front line is moving from presentation to injection. As fraudsters bypass the physical camera, defenses are expanding to include device attestation, virtual-camera detection, and signal integrity checks layered on top of classic PAD. Second, physiological signals such as rPPG are becoming more central because a genuine pulse is far harder to fake than a blink, and passive collection of those signals keeps friction near zero. Third, evaluation will become continuous rather than a one-time certificate, since an algorithm certified against last year's deepfakes may underperform against this year's generative models.

The arms race favors defenders who treat liveness as a system rather than a single check: passive liveness for the genuine-presence decision, injection telemetry for the channel, document and data signals for the identity claim, and ongoing third-party testing to keep pace with attack innovation.

Frequently asked questions

What is a presentation attack? A presentation attack is any attempt to deceive a biometric system by showing it an artifact rather than a live person. Common examples include printed photos, videos replayed on a screen, silicone masks, and AI-generated deepfake faces. ISO/IEC 30107-3 defines these instruments and the methodology for testing how well a system detects them.

Why do companies prefer passive liveness to stop fake faces? Passive liveness verifies a real human without asking the user to blink, smile, or turn their head, which lowers onboarding abandonment. It also removes the predictable challenge that a deepfake can be pre-animated to satisfy, and it analyzes texture, reflection, and blood-flow signals that are difficult to synthesize convincingly.

Can deepfakes defeat face scan onboarding? Sophisticated deepfakes are a serious and growing threat, especially through injection attacks that bypass the camera. Well-designed systems counter this by combining passive presentation attack detection with device attestation, virtual-camera detection, and physiological cues such as rPPG, and by relying on independent ISO/IEC 30107-3 and NIST FATE PAD testing rather than vendor claims.

How do buyers verify a vendor's liveness really works? Look for current, independent test results: ISO/IEC 30107-3 PAD evaluations from accredited laboratories specifying which attack levels were tested, plus participation in NIST's FATE PAD benchmarking. Self-reported accuracy figures without third-party validation should be treated with caution.

Circadify is building toward this layered model of fraud detection, pairing passive liveness with the channel and identity signals modern onboarding demands. Teams evaluating how to prevent fake accounts with face scan workflows can review the technical approach in the integration guide at circadify.com/solutions/fraud-detection.