What Is a Presentation Attack?

Presentation attack

A presentation attack (sometimes called a spoofing attack) is when a fraudster presents a fake or manipulated document, image, or video to an identity verification system. There are two main types of presentation attacks:

Electronic replay attacks: The fraudster displays a fake ID, selfie, or video on a screen (such as a phone, tablet, or monitor) and then takes a picture or video of the screen.
Physical replay attacks: The fraudster submits a picture or video of a printed document, a person wearing a mask, or an unconscious person.

The ISO/IEC 30107 is the main international standard governing biometric presentation attack detection (PAD). You can detect presentation attacks using a combination of liveness checks and image analysis that align with PAD standards. Layering additional database checks and device-integrity signals can also help with fraud detection during presentation attacks.

Frequently asked questions

Can liveness detection stop presentation attacks?

.toggle-text { display: none; }

Liveness detection is one layer of defense against presentation attacks. However, it works best when combined with other risk signals, such as screen, replay, deepfake artifact, and metadata detection.

How is a presentation attack different from an injection attack?

.toggle-text { display: none; }

Presentation attacks involve physically showing an image to a camera, while injection attacks bypass the camera entirely by feeding fake images or videos directly into the data stream. Presentation attacks can leave physical clues, like screen reflections or paper edges. Injection attacks require different detection methods.