By NHI Mgmt Group Editorial TeamDomain: Identity Beyond IAMSource: Oz ForensicsPublished November 18, 2025

TL;DR: Government e-ID systems are expanding because biometric verification can streamline access and reduce fraud, but the article argues that passive liveness alone is no longer enough and that anti-injection controls are now required alongside presentation-attack defenses, according to Oz Forensics. The trust gap in digital identity has become a governance problem, not just a UX issue.


At a glance

What this is: The article argues that government digital ID programmes need layered biometric defences because presentation attack testing alone does not address injection attacks and deepfake-driven fraud.

Why it matters: For IAM, identity verification, and fraud teams, the practical issue is that citizen identity proofing now depends on controls that can resist both spoofing and virtual-camera injection, not just basic selfie checks.

By the numbers:

  • Estonia's highly digitized public services, with 99% available online, result in an annual saving equivalent to an estimated 2% of the country's economic output.
  • Global losses from identity-related fraud exceeded USD 50 billion in 2024, growing more than 20% year over year.
  • Suspected fraudulent transactions surged by 33% from 2023 to 2024.

👉 Read Oz Forensics' analysis of biometric identity verification and deepfake fraud


Context

Government digital ID programmes are trying to replace paper-based onboarding and repeated document checks with biometric verification that can be used remotely. The core governance challenge is no longer whether digital identity can scale, but whether the identity proofing model can keep pace with synthetic media, injection attacks, and public-sector trust expectations. This is an identity verification and fraud problem with direct IAM implications for service access.

In this article's framing, liveness detection is the security control that distinguishes a real, present person from a spoofed or injected capture. That matters for programmes that rely on remote citizen authentication, because the same identity layer increasingly gates services, signatures, and cross-agency access. For practitioners, the issue is not abstract biometrics theory but control completeness across onboarding and step-up verification.


Key questions

Q: How should organisations secure digital identity verification against deepfake fraud?

A: Organisations should test identity proofing against both presentation attacks and injection attacks. That means validating selfie, video, and device-pipeline controls separately, then confirming that verified identity cannot be reused to create downstream access without additional assurance for higher-risk actions.

Q: Why do biometric identity systems need more than liveness detection?

A: Liveness detection proves that a real person is present, but it does not automatically prove that the captured signal reached the system intact. If a virtual camera or emulator injects synthetic media, the control can still be bypassed unless the verification path is also defended.

Q: What do security teams get wrong about digital identity fraud controls?

A: They often treat spoofing defence as a complete solution and overlook the software path where fake media is inserted. That creates a verification gap, where a system can reject bad photographs but still accept a fabricated live stream as legitimate.

Q: Who is accountable when biometric identity proofing fails in public services?

A: Accountability usually sits with the identity programme owner, the service operator, and the risk or compliance function that approved the assurance model. In regulated environments, the obligation is to prove that controls are tested against the actual threat classes the system faces.


Technical breakdown

Presentation attack detection and the limits of selfie-based checks

Presentation attack detection, often shortened to PAD, is designed to stop a user from fooling a camera with a printed photo, replayed video, or mask. The article points to ISO 30107-3 as the benchmark for this class of defence, where testing focuses on whether the system can reject spoofing attempts during capture. PAD matters, but it only covers attacks that still interact with the physical camera path. Once fraud shifts to software injection or synthetic streams, PAD alone leaves a material gap in the verification chain.

Practical implication: treat PAD as one layer in the proofing stack, not the complete control for remote identity verification.

Injection attacks, virtual cameras, and the verification gap

Injection attacks bypass the camera entirely by feeding a synthetic video stream into the application pipeline through a virtual camera, emulator, or other software layer. That means the system may believe it has seen a live face when it has only processed fabricated input. The article's key point is that this is a different failure mode from spoofing, so the control set must change accordingly. CEN/TS 18099 is relevant because it maps the defence requirement to the software path where deepfakes and emulators are inserted.

Practical implication: validate identity proofing controls against injected media paths, not only physical capture fraud.

Passive liveness and accessibility as a control design issue

Passive liveness checks background signals such as texture, lighting, and subtle motion without forcing users to blink, turn, or follow prompts. That reduces friction and supports broader accessibility, which is important when digital identity becomes the gateway to essential services. The governance point is that usability and assurance are not opposing goals, but poor interaction design can still create a de facto exclusion control. In public-sector identity systems, a control that honest citizens cannot complete reliably is operationally weak even if it performs well in lab conditions.

Practical implication: test biometric journeys for both fraud resistance and citizen accessibility before scaling deployment.


Threat narrative

Attacker objective: The attacker wants to manufacture a trusted digital identity that can be used to obtain services, signatures, or benefits under a false persona.

  1. Entry occurs when an attacker uses a deepfake selfie, replayed media, or a synthetic video stream to enter the identity verification flow.
  2. Credential access happens when the system accepts the fraudulent capture as a valid biometric proof and binds it to a real account or service enrolment.
  3. Impact follows when the attacker uses that verified identity to commit fraud, bypass onboarding controls, or gain access to public services at scale.

NHI Mgmt Group analysis

Biometric identity proofing is now an access-governance problem, not just a fraud-screening problem. Public-sector identity systems increasingly act as the front door to essential services, digital signatures, and cross-agency workflows. That means the real question is whether the verification layer can withstand both spoofing and injection, because a successful fake identity becomes an authorised access path. IAM and identity verification teams should treat proofing assurance as part of access governance, not a separate fraud bucket.

Anti-injection defence is the named concept this market still underestimates. Presentation-attack testing has become a familiar compliance story, but software injection creates a different trust boundary that many programmes have not formally modelled. The article makes clear that a system can appear secure at the camera layer while remaining exposed in the transport and capture pipeline. Practitioners should judge identity controls on whether they defend the full verification path.

Accessibility is a security requirement in digital government identity. If identity proofing is too burdensome, users abandon it or seek workarounds, which weakens the system's trust base and adoption rate. Passive liveness is valuable because it reduces friction without removing assurance, but it still has to be validated against real-world fraud patterns. Identity leaders should design for inclusive assurance rather than choosing between security and adoption.

Standards alignment now has to span both physical and synthetic attack paths. The article's use of ISO 30107-3, CEN/TS 18099, and NIST SP 800-63-4 reflects a broader governance shift toward layered assurance. That shift matters because the control objective is no longer simply to confirm a face, but to prove the legitimacy of the capture process and the person behind it. Teams should align assurance testing to the weakest link in the capture chain.

Government e-ID maturity depends on trust architecture, not digitisation alone. Large-scale service digitisation produces value only when the identity layer remains credible under attack. Where biometric controls cannot keep pace with deepfake-enabled fraud, expansion slows and public confidence erodes. Practitioners should evaluate national or enterprise identity programmes as trust infrastructures that need continuous control renewal.

What this signals

Verification trust gaps now shape identity programme risk. As biometric onboarding becomes the entry point to public services and regulated workflows, teams need to treat capture integrity as a control family in its own right. The practical shift is from checking whether a face matches to checking whether the signal path can be trusted end to end.

The next maturity step is likely to be layered assurance across presentation, injection, and lifecycle controls rather than a single liveness checkpoint. For identity teams, that means tighter coordination between fraud, IAM, and GRC so the proofing journey can be audited as an access decision, not just a UX flow.

The broader programme signal is that digital identity platforms will be judged by how well they resist synthetic media while still remaining usable at population scale. That pushes teams toward policy-led verification design, continuous testing, and better evidence for risk acceptance.


For practitioners

  • Validate both spoofing and injection paths Test biometric verification against printed photos, replayed video, virtual cameras, and emulator-based injection, then document which attack class each control actually blocks.
  • Separate PAD assurance from anti-injection assurance Map ISO 30107-3 testing to presentation attacks and add distinct checks for CEN/TS 18099-style injection scenarios in the application and device pipeline.
  • Measure abandonment alongside fraud resistance Track completion rates, help-desk friction, and user dropout for active and passive liveness journeys so accessibility issues do not become hidden control failures.
  • Align identity proofing to access governance Treat verified digital identity as an entitlement source for downstream services, with explicit policy for step-up assurance, signature issuance, and service re-authentication.

Key takeaways

  • Digital identity programmes fail when they defend against spoofing but ignore injection, because a verified fake can still become a trusted access path.
  • The article shows that national-scale identity systems need layered assurance, with presentation-attack and injection-attack controls tested separately.
  • Practitioners should treat biometric verification as part of access governance, balancing fraud resistance, usability, and auditability in one control model.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST SP 800-63 and NIST CSF 2.0 set the technical controls, while GDPR and ISO/IEC 27001:2022 define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST SP 800-63SP 800-63AThe article centers on identity proofing and biometric verification for remote access.
GDPRArt.32Citizen biometrics and digital identity create direct personal data protection obligations.
NIST CSF 2.0PR.AC-1The article is fundamentally about controlling access through verified identity.
ISO/IEC 27001:2022A.5.15Identity verification governance depends on clear access control policy decisions.

Apply Art.32 to ensure biometric processing has appropriate technical and organisational safeguards.


Key terms

  • Presentation Attack Detection: Presentation Attack Detection is the set of controls that tries to stop a biometric system from being fooled by a physical spoof such as a photo, replayed video, or mask. It tests whether the capture stage can distinguish real user presence from an artificial presentation.
  • Injection Attack: An injection attack bypasses the camera or sensor path and feeds synthetic biometric data directly into the application or pipeline. In identity verification, this is dangerous because the system may process fabricated media as if it came from a live user.
  • Passive Liveness: Passive liveness is a biometric technique that verifies a user is present without asking them to perform deliberate actions. It uses background signals such as texture, motion, and lighting, which reduces friction and can improve accessibility while still supporting fraud resistance.
  • Verification Gap: A verification gap is the space between what a biometric system appears to check and what it actually protects. It exists when a control validates surface authenticity but does not defend the full signal path, leaving room for synthetic or injected media to pass.

What's in the full article

Oz Forensics' full article covers the operational detail this post intentionally leaves for the source:

  • Standards mapping for ISO 30107-3 and CEN/TS 18099 testing against specific biometric attack classes.
  • Detailed explanation of passive versus active liveness from the vendor's implementation perspective.
  • Examples of how deepfake injection attacks bypass camera-based controls in real verification flows.
  • The article's recommended layered defence architecture for government and financial identity programmes.

👉 Oz Forensics' full article covers the standards, attack classes, and layered biometric defence model in more detail.

Deepen your knowledge

NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, and secrets management. It helps security and identity practitioners connect access control design to the broader governance models their programmes depend on.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org