Why do some apps ask me to take a moving selfie before I can sign up?

If you have ever signed up for a banking app, a crypto exchange, or a government portal, you may have been asked to do something that feels oddly theatrical: hold your phone up, center your face in an oval, and slowly turn your head or follow a moving dot. That moment is not a gimmick. It is a deliberate security control designed to verify a real person online, and it sits at the center of how modern identity platforms separate a living human from a printed photo, a screen replay, or an AI-generated face. For CISO teams and identity platform providers, that brief interaction represents one of the highest-value, highest-risk checkpoints in the entire customer journey.

The "moving selfie" goes by a more formal name in the security community: liveness detection, supported by presentation attack detection (PAD). The movement you perform is the visible tip of a much deeper analysis happening on the captured frames. Understanding what that analysis does, and where it is heading, explains why the prompt has become near-universal across regulated industries.

"By 2026, 30% of enterprises will consider identity verification and authentication solutions unreliable in isolation due to AI-generated deepfakes.", Gartner, 2024

How a moving selfie helps verify a real person online

When an app asks for movement, it is testing whether the face in front of the camera is physically present and three-dimensional, rather than a flat artifact held up to the lens. A static photo cannot produce the natural micro-movements, depth cues, and lighting changes of a live face. By prompting head rotation, a smile, or tracking a moving target, the system collects evidence that the subject responds in real time and reacts to the physical environment.

This is the core problem that liveness detection solves. According to the Biometrics Institute, a presentation attack is any attempt to subvert a biometric system using an artifact such as a photo, a video replay, or a silicone mask. The moving selfie is the user-facing layer of the countermeasure, while the algorithmic scoring against ISO/IEC 30107-3, the international standard for PAD testing, is what actually determines whether the capture is genuine.

There are two broad approaches to confirming presence, and the distinction matters enormously for onboarding teams who care about both fraud rates and completion rates.

Dimension	Active Liveness (moving selfie)	Passive Liveness
User action required	Turn head, blink, smile, follow a dot	None beyond looking at the camera
Average completion time	Longer, multi-step	Near-instant, single frame or short capture
Accessibility impact	Harder for some elderly or motor-impaired users	Lower barrier, more inclusive
Resistance to coached attacks	Movement instructions can be anticipated	No public challenge to mimic or script
Drop-off risk during onboarding	Higher friction	Lower friction
Spoof signal analyzed	Behavioral response	Texture, depth, light, blood-flow cues

The contrast helps explain why the moving selfie, while common, is not the only path. Active checks ask the user to prove presence through behavior. Passive methods analyze involuntary biological and optical signals from the image itself, with no choreography required.

Passive liveness typically examines:

• Skin texture and reflection patterns that differ between live skin and a printed or screen surface
• Depth and 3D structure inconsistent with a flat photo or display
• Subtle color shifts from blood flow beneath the skin, sometimes analyzed through remote photoplethysmography (rPPG)
• Micro-expressions and natural noise that synthetic media often fails to reproduce convincingly

Industry Applications

The moving selfie and its passive counterparts appear wherever the cost of admitting a fake identity is high. The control is calibrated differently across sectors based on regulatory pressure and threat exposure.

Financial Services and eKYC

Banks and fintechs use liveness as part of electronic Know Your Customer (eKYC) flows mandated by anti-money-laundering rules. The selfie step ties a live human to a submitted government document, frustrating attempts to open mule accounts with stolen identity data. Because onboarding abandonment directly affects revenue, financial platforms are among the most aggressive adopters of low-friction passive approaches.

Government and remote identity proofing

Public agencies issuing credentials or granting access to benefits face strict identity assurance requirements. Frameworks such as NIST SP 800-63A define identity proofing expectations, and liveness checks support the requirement to confirm that a genuine applicant, not a fraudster with copied biometrics, is present at enrollment.

Crypto, gaming, and marketplaces

High-value digital platforms use liveness to enforce one-person-one-account policies, block bonus abuse, and meet age verification rules. These environments face automated attacks at scale, making robust presentation attack detection essential to platform integrity.

Current research and evidence

The urgency behind the moving selfie has intensified as generative AI lowered the cost of producing convincing fakes. iProov's 2025 Threat Intelligence Report documented a 2,665% surge in native virtual camera attacks and a 300% year-over-year increase in face-swap attempts, evidence that attackers are industrializing their methods. The same body of research found that digital document forgery rose 244% year over year, accounting for 57% of document fraud cases.

Perhaps the most striking finding for anyone designing onboarding flows is human limitation. An iProov consumer study reported that only 0.1% of 2,000 participants could accurately distinguish real media from deepfakes. That result undercuts any assumption that a human reviewer can catch sophisticated fraud, and it shifts the burden onto automated liveness and PAD systems.

Gartner research adds market context. The firm's analysts noted that a large share of organizations encountered deepfake incidents within a single year, and projected that by 2026 nearly a third of enterprises will treat identity verification as unreliable when used in isolation. The takeaway for security leaders is not that liveness fails, but that single-signal checks must be layered with broader controls.

A critical nuance from this research concerns the moving selfie specifically. Because active challenges follow predictable scripts, "turn left, then smile," attackers can pre-render deepfake sequences or use injection tools to feed synthetic responses through a virtual camera. This is why many security architects now favor approaches where the challenge is unpredictable or where presence is confirmed passively from signals an attacker cannot easily anticipate or fabricate.

The future of verifying a real person online

The trajectory points away from asking users to perform and toward analyzing signals they cannot consciously fake. Three shifts are shaping the next phase.

• Movement toward passive liveness that removes choreography while raising the bar against synthetic media, improving both inclusion and completion rates.
• Greater emphasis on injection attack detection, since the fastest-growing threat is no longer a phone held up to a camera but malware feeding a fabricated video stream directly into the verification pipeline.
• Convergence on standardized, independently tested PAD under ISO/IEC 30107-3, giving buyers a common benchmark rather than vendor self-assessment.

For CISO teams, the strategic question is no longer whether to require a liveness check, but which method balances assurance against friction for their specific risk profile. The moving selfie made the concept visible to millions of users. The next generation aims to make the same security invisible.

Frequently asked questions

Why do I have to move my head or follow a dot during sign-up? The movement proves you are a live, three-dimensional person present at the camera rather than a static photo or a video replay. The app analyzes your real-time response and the captured frames to confirm presence and block presentation attacks.

Is a moving selfie the only way to confirm I am real? No. Passive liveness detection can confirm presence from a single look at the camera by analyzing texture, depth, lighting, and subtle blood-flow cues. It removes the need to blink or turn your head, reducing friction while still resisting spoofing.

Can a deepfake beat a moving selfie? Sophisticated attackers can pre-render synthetic responses or inject fake video through virtual cameras, which is why scripted active challenges are increasingly paired with injection attack detection and passive signals that are harder to fabricate.

Does the app keep my selfie video? Retention depends on the platform and the regulations it follows. Reputable identity providers minimize stored biometric data, encrypt captures, and disclose retention terms in their privacy policy, often using the capture only to generate a pass or fail decision.

Circadify is addressing this space with passive liveness that verifies a real human without asking them to blink, turn, or follow a moving dot, reducing onboarding friction while resisting modern presentation and injection attacks. To see how this fits into a fraud-prevention pipeline, read the integration guide at circadify.com/solutions/fraud-detection.