By NHI Mgmt Group Editorial TeamPublished 2026-04-20Domain: Identity Beyond IAMSource: Authsignal

TL;DR: Pension funds are adopting facial liveness detection to reduce benefit leakage from delayed death reporting and fraud, with the Philippines Social Security System adding biometric ACOP verification through its online platform; the process can take under a minute and update records immediately, according to Authsignal. Presence verification works best when it is layered onto existing eligibility controls, not treated as a standalone identity answer.


At a glance

What this is: This is an analysis of how pension funds are using liveness detection to confirm that a claimant is physically present and alive during benefit verification.

Why it matters: It matters because identity teams in benefits, fraud, and public-sector programmes need controls that address ongoing eligibility, not just initial onboarding or authentication.

By the numbers:

👉 Read Authsignal's analysis of liveness detection for pension verification


Context

Pension verification fails when eligibility is treated as a one-time check instead of an ongoing condition. If death reporting is delayed, payments can continue long after entitlement has ended, creating fraud exposure, operational debt, and reputational risk for the administering fund. The primary identity problem is not onboarding but presence verification at the point of continued access to benefits.

Liveness detection adds a real-time presence check to that workflow, which is why this topic sits at the intersection of identity verification, fraud prevention, and citizen access governance. For teams managing regulated benefits, the question is how to verify a living claimant without forcing everyone into an in-person process that disproportionately burdens older or disabled users.


Key questions

Q: What fails when pension programmes rely only on manual proof-of-life checks?

A: Manual proof-of-life checks fail when death reporting is delayed, because benefit payments can continue after entitlement has ended. They also create accessibility problems for elderly or disabled claimants. A better model combines recurring verification, exception handling, and evidence retention so the control addresses fraud without making legitimate beneficiaries jump through avoidable friction.

Q: Why do liveness checks matter for ongoing eligibility verification?

A: Liveness checks matter because they verify presence at the moment of the transaction, not just identity at enrolment. In benefit programmes, that closes the gap between a valid identity record and a still-living claimant. Without that layer, a photo, proxy, or replay can satisfy weaker checks and keep payments flowing incorrectly.

Q: How should teams combine biometric verification with manual fallback options?

A: Teams should design the biometric route as one channel in a broader eligibility workflow, not as the only path. Manual documents, assisted service, and escalation procedures should remain available for people who cannot complete a digital selfie flow. That keeps the programme accessible while still raising assurance against fraud.

Q: Who is accountable when biometric proof-of-life verification is wrong?

A: Accountability should sit with the programme owner that decides eligibility policy, retention, and exception handling, not only with the technology team. In regulated identity verification, governance must define who can approve overrides, how disputes are reviewed, and which records prove the decision was made consistently and lawfully.


Technical breakdown

Why face match alone is not enough for presence verification

Face matching confirms similarity between a live capture and a reference image, but it does not prove the subject is physically present. A photo, replayed video, or screen capture can sometimes satisfy a basic biometric comparison if the system lacks anti-spoofing controls. Liveness detection adds challenge-response or passive analysis to distinguish a real person from a presentation attack. In pension workflows, that matters because the control objective is not just identity assertion, but proof of life at the moment of verification.

Practical implication: treat liveness as an anti-spoofing control layered onto face match, not a substitute for eligibility validation.

How biometric liveness verification fits into ACOP-style workflows

ACOP-style processes are recurring eligibility checks, not account logins. The biometric step sits between benefit continuation and records update, so it functions as an ongoing assurance control. In the SSS model, the claimant can use an online path, while physical documents remain available for those who cannot complete the digital journey. That blended design is important because it reduces exclusion risk while still improving assurance over manual confirmation alone.

Practical implication: design the biometric path as one option in a multi-channel eligibility workflow, with fallback routes for accessibility and exception handling.

Presence verification, consent, and identity data boundaries

Presence verification creates a tighter link between identity evidence and a specific transaction, but it also increases the sensitivity of the data being processed. Biometric capture, identity match, and eligibility status all become part of the same control chain, so governance must cover storage, retention, access, and auditability. In public-sector settings, that means the programme needs clear rules for who can see biometric evidence, how long it persists, and how disputes are handled.

Practical implication: define retention and access rules for biometric evidence before scaling the workflow across beneficiary populations.


Threat narrative

Attacker objective: The objective is to keep benefits flowing after a beneficiary is no longer entitled to receive them.

  1. Entry occurs when a pension payment workflow accepts a claim or confirmation without verifying that the claimant is physically present at the time of interaction.
  2. Escalation follows when a deceased beneficiary, proxy, or forged submission continues to satisfy a manual or document-based proof-of-life process.
  3. Impact is continued benefit disbursement after entitlement has ended, which increases fraud loss and weakens trust in the programme's eligibility controls.

NHI Mgmt Group analysis

Proof-of-life is a governance control, not a biometric feature: the article is really about eligibility assurance under delayed death reporting, and liveness detection is just the mechanism. Pension administrators should treat the problem as ongoing access governance for benefits, because the real control failure is continuation of entitlement after the underlying condition has changed. That framing keeps the programme focused on eligibility, auditability, and exception handling.

Presence verification closes a gap that authentication alone cannot address: standard IAM controls answer whether a person can authenticate, not whether they are still alive and entitled to receive a benefit. That distinction matters in identity verification programmes because the security objective is lifecycle assurance, not session access. When the workflow is tied to public funds, the absence of proof-of-life controls becomes a measurable fraud exposure.

Biometric verification works best when it is one route in a multi-channel model: the SSS approach preserves physical document acceptance, which avoids turning digital verification into a new exclusion barrier. That balance is the right policy choice for ageing or disabled populations, where accessibility and fraud control have to coexist. Practitioners should see this as an example of equitable identity governance, not just technical modernisation.

Liveness detection creates a new governance surface around biometric evidence: once presence checks become part of the eligibility decision, the programme must manage biometric retention, access, disputes, and oversight with the same care as any other sensitive identity record. The named concept here is presence verification governance, meaning the control framework that governs when, how, and for what purpose a living-person check is allowed. Practitioners should build those rules before scaling the channel.

What this signals

Presence verification governance: programmes that handle recurring eligibility should stop treating authentication and entitlement as the same control. The stronger model is to combine proof-of-life, evidence retention, and exception handling so biometric data supports a governed decision rather than becoming an isolated check. For teams working under public-sector or regulated benefit constraints, that shift will matter as much as the biometric method itself.

The broader signal is that identity verification is moving from point-in-time onboarding toward continuous entitlement assurance. That creates a sharper boundary between identity proofing, fraud prevention, and access control, and it increases the need for policy clarity around retention and oversight. Where programmes already use standards such as the NIST SP 800-63 Digital Identity Guidelines, the next step is to map recurring proof-of-life into the same governance model.

For practitioners, the operational question is no longer whether biometrics are available, but whether the surrounding governance can justify their use. That includes accessibility fallback, complaint handling, and audit trails that can survive regulatory scrutiny. Teams that can document those controls will be better placed to expand digital verification without turning it into a trust problem.


For practitioners

  • Define proof-of-life as an eligibility control Map pension continuation decisions to a formal proof-of-life control objective, separate from initial enrolment or login assurance. Document what evidence is acceptable, when biometric verification is permitted, and how exceptions are handled across digital and manual channels.
  • Layer liveness with a fallback verification path Keep a non-biometric route for beneficiaries who cannot complete a selfie-based flow because of age, disability, device access, or connectivity constraints. The goal is to reduce fraud without excluding the people most likely to struggle with digital channels.
  • Set retention rules for biometric evidence Limit who can access captured selfies, match results, and verification logs, and define how long each record is retained. Align those rules with dispute handling and audit requirements so the evidence chain is defensible if a benefit decision is challenged.
  • Monitor for spoofing and proxy-submission patterns Track repeated failures, unusual device reuse, and abnormal verification timing as signals that a claimant may be using presentation attacks or third-party assistance. Feed those signals into fraud review so the control remains adaptive rather than purely procedural.

Key takeaways

  • Pension fraud risk arises when eligibility is assumed to persist after the claimant's status has changed, and manual proof-of-life checks often arrive too late.
  • Liveness detection helps by confirming presence at the moment of verification, but it works only when paired with fallback channels and evidence governance.
  • The control question is not whether biometrics exist, but whether the programme can prove who decided, with what evidence, and under which retention rules.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST SP 800-63, NIST CSF 2.0 and NIST AI RMF set the technical controls, while GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST SP 800-63SP 800-63AThe article is about identity proofing and assertion at verification time.
NIST CSF 2.0PR.AC-1Recurring access to benefits depends on verified identity and entitlement decisions.
GDPRArt.32Biometric processing and identity evidence require strong security of processing.
NIST AI RMFGOVERNThe programme needs clear accountability for biometric governance and exception handling.

Map proof-of-life workflows to identity proofing rules and require evidence that supports the transaction.


Key terms

  • Liveness Detection: Liveness detection is an anti-spoofing control that checks whether a biometric sample comes from a real person present at the moment of capture. It looks for signs of live interaction, such as depth, motion, or challenge response, to block photos, videos, and other presentation attacks.
  • Proof Of Life: Proof of life is a recurring verification control used to confirm that a beneficiary is still alive and still entitled to receive payments or services. It is common in pension and benefits programmes, where ongoing eligibility matters more than initial registration.
  • Presence Verification: Presence verification is the act of confirming that the person being checked is physically present during the transaction. In identity programmes, it reduces the risk that a proxy, replay, or stored image can be used to satisfy a live verification step.
  • Presentation Attack: A presentation attack is an attempt to fool a biometric system using a fake or replayed sample, such as a photograph, screen recording, or mask. Anti-spoofing controls like liveness detection are designed to detect and reject these attempts.

What's in the full article

Authsignal's full article covers the operational detail this post intentionally leaves for the source:

  • How the ACOP flow is implemented for eligible pensioners using the online platform
  • The relationship between facial recognition, liveness detection, and the Philippine Statistics Authority's National ID eVerify system
  • Why the SSS kept physical document submission available alongside the biometric route
  • How the approach compares with other public-sector proof-of-life programmes such as the UN Pension Fund rollout

👉 The full Authsignal article covers the ACOP workflow, the biometric step, and the wider use case for presence verification.

Deepen your knowledge

NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, and identity lifecycle practices that help teams design stronger verification controls. It gives practitioners a structured way to connect identity assurance with the wider security programme they already run.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-04-20.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org