AI Deepfakes Are Already Winning Against Most Liveness Systems
Independent tests, real bank breaches, and public red-team videos prove that 2D and server-side liveness are no match for today's generative AI attacks.
FaceTec® and UR Code™ are registered trademarks of FaceTec, Inc. Envoc is an official FaceTec reseller partner. FaceLock is powered by FaceTec’s 3D Liveness technology and biometrically-bound UR Codes.
Envoc is an Innovation Partner of FaceTec
FaceLock, created by Envoc, is an Innovation Partner of FaceTec. After rigorously evaluating numerous identity verification and liveness solutions, Envoc selected FaceTec as the undisputed gold-standard for biometric liveness detection. FaceTec puts its money where its mouth is by maintaining a real $600,000 Spoof Bounty Program — the largest and most transparent in the industry.
The Threat Is No Longer Theoretical
Generative AI now produces manipulated media that survives compression, re-encoding, and low-quality device capture. Juniper Research forecasts synthetic identity fraud losses will reach $58.3 billion by 2030. Most verification systems were never built to withstand these attacks.
USAA Bank "Selfie-Recognition" Defeated by a Photo Slideshow
A simple automated slideshow of still photos was enough to unlock accounts protected by a major bank's 2D blink-based liveness. The attack required no sophisticated tools — just a screen and a camera pointed at it. Watch the demonstration on liveness.com.
See the USAA spoof video on liveness.com →Lab-Tested Deepfake Tools Fail in the Real World
Shufti's research shows that detection models trained on clean lab datasets collapse under the bandwidth-limited, device-variable conditions of actual KYC checks. Compression strips away the fine textures these models rely on, creating a growing gap between headline accuracy and production performance.
Read the full Shufti analysis →60% of Phones Unlocked by Printed Photos
Which? testing found that 133 smartphones from major brands (Samsung, Motorola, Oppo, and others) could be unlocked using a simple printed image of the owner's face. The cameras on these devices capture flat images that cannot distinguish a high-resolution photo from a live person. Apple Face ID and newer Google Pixel / Samsung Galaxy flagships performed significantly better — but only because they use more advanced 3D sensing.
Read the ITV / Which? investigation →Live Fraudulent Liveness + ID Verification Captured on Video
A public demonstration shows exactly how easily weak liveness combined with a fabricated ID can bypass remote verification flows. These are not lab conditions — they are the exact flows used by banks, fintechs, and government services every day.
Watch the fraudulent verification video on X →Deepfake Puppets Created in 20 Seconds From a Single Photo
Using widely available tools, attackers can turn one high-resolution photo into a controllable deepfake that blinks, turns its head, and opens its mouth on command. When this puppet is injected via virtual camera, most server-side and 2D liveness APIs report success. FaceTec's device-side 3D Liveness has never been defeated by these techniques in the public Spoof Bounty Program.
Why FaceTec's Spoof Bounty Keeps FaceLock Secure
While other vendors rely on iBeta PAD letters that explicitly do not cover video injection or deepfakes, FaceTec has spent years paying researchers to break its system with exactly these attacks. The result: a technology that has withstood Level 1–5 assaults, template tampering, virtual-camera injection, and MIPI/HDMI adapter attacks. Envoc inherits this proven defense in every FaceLock implementation.
The Cost of Weak Liveness
Rising manual review queues, higher false-negative rates, increased operational costs, and growing regulatory exposure are the hidden "trust tax" organizations pay when they choose liveness that only works in the lab. FaceLock eliminates that tax by starting with the only liveness technology that has been continuously and publicly proven against real-world attacks.
Stop betting your identity security on lab scores that don't survive production.
Talk to Envoc about deploying FaceLock with FaceTec 3D Liveness that has never been publicly spoofed.
Request a Security Review →Deepfakes Are Here. Is Your Liveness Ready?
Only continuous public red-team testing at the scale of FaceTec's Spoof Bounty Program gives organizations the confidence that their liveness layer will actually stop the attacks that matter.