Choosing the right liveness detection partner is a critical decision for any organization looking to implement secure and reliable biometric authentication. As fraud techniques evolve, businesses need a provider that not only meets today’s security requirements at the highest level but is also prepared for future threats. Here are the key considerations to ensure you select the best partner for your needs.

1. Third-Party Tested Accuracy

Not all liveness detection solutions are created equal, and independent testing is the best way to ensure accuracy.

  • Transparency in Results: Any credible vendor should be able to point you to independent benchmark results. If they hesitate or cannot provide a clear answer, that should be a concern. Transparency should include insights into false positive rates (APCER), false negative rates (BPCER), failure to acquire rates (FTA / APNRR / BPNRR), and transaction times. 
  • DHS RIVTD Benchmarking: Did your vendor submit to the DHS Remote Identity Validation Technology Demonstration (RIVTD) Track 3? If so, what alias did they use? DHS RIVTD is the first (and currently only) evaluation that tests liveness providers against each other within an operational test setting. Leading vendors participate in these evaluations, and their results provide an apples-to-apples comparison of performance. Your vendor should be able to explain their APCER, BPCER, and transaction time results, which are clearly articulated by RIVTD.
  • iBeta Testing: Has your provider been tested by iBeta? If so, was it for Level 1 or Level 2 compliance? iBeta testing is a widely recognized industry base standard for biometric liveness detection, and any liveness vendor should at least be iBeta certified. Go deeper and ask your provider about their APCER, BPCER, APNRR, and BPNRR – critical measures of accuracy and usability. Leading vendors not only meet iBeta’s 0% APCER, but dramatically exceed iBeta’s 15% BPCER threshold for passing. 

2. Score Transparency

Understanding liveness detection decisions is key to refining authentication processes and minimizing errors while ensuring an appropriate level of control over your system and its implementation. 

  • Does the vendor provide a liveness score? A trusted vendor should provide a detailed liveness score rather than just a binary Live/Spoof result. Having a black box approach to Liveness Detection makes it difficult to detect and understand any underlying challenges, and harder to trust the results.
  • Can you access raw results for analytics? Having access to the underlying data helps businesses improve their fraud detection processes. 
  • Are thresholds adjustable? The threshold determines the sensitivity of a liveness detection system–it is essentially the minimum liveness score that is needed for a “Live” classification. A lower threshold may reduce friction for legitimate users but could increase the risk of spoof acceptance, while a higher threshold enhances security but may lead to more false rejections. Your vendor should allow you to set or adjust thresholds based on your security vs. convenience needs. Vendors should provide recommended thresholds along with an analysis of the specific tradeoff between APCER and BPCER at any given threshold. 

3. Passive vs. Active Liveness

Different liveness detection methods impact both security and user experience.

  • Passive Liveness: This method works without requiring user interaction, making it seamless and frictionless. It is well-suited for most identity verification scenarios and has become very accurate with the latest AI-based technologies.
  • Active Liveness: Requires users to perform an action, such as blinking or moving their head or their device, or engaging with some sort of blinking lights from the software user interface. While historically effective, this approach can introduce friction and may not be suitable for all applications.
  • Which One is Right for You? DHS RIVTD testing has shown that both passive and active liveness methods can achieve high levels of security. However, active liveness methods tend to be significantly slower, creating unnecessary friction in user experiences. Additionally, active liveness can introduce bias, particularly impacting older users who may struggle with movement-based challenges. Passive liveness, when implemented correctly, provides an equally secure and far more seamless experience.

4. Deployment Options to Fit Your Tech Stack

Security and compliance needs vary across industries, so understanding deployment options is crucial.

  • Does the partner offer on-premises deployment options? Service providers should have the option to deploy liveness technology in their own Cloud instances or compute environment. SaaS-only solutions do not permit the level of security, control, and data privacy that are required by many end user organizations.
  • SaaS (Cloud-Based) Solutions: These can offer ease of use and scalability, but do they meet your data security and privacy requirements? What policies are in place to handle the very specific nature of biometrics and the potential to (mis)use operational data for training? 
  • Compatibility with Your Infrastructure: Ensure that the liveness detection solution integrates seamlessly across main operating systems and platforms, and works well with your existing identity verification and authentication systems. Consider the importance of front-end SDKs that enable rapid, useful feedback and automated capture. These SDKs should be available for iOS, Android, and web app development alike as users will engage across a wide range of both mobile and desktop devices. 

5. Ethical AI and Data Collection Practices

Liveness detection is built on AI models that require large amounts of training data. Ensure your vendor follows ethical AI practices.

  • Do they have a clear AI ethics policy? Ethical AI development should be a core principle of any biometric technology vendor. Your partner should have a clearly articulated ethics policy on data collection, training, and testing their AI models.
  • Do they have access to end user data, and if so, how is that data managed? Ensure that the terms do not allow your provider to improperly use any submitted data to train on or otherwise develop new technology if those terms are not explicitly articulated in any end user opt-in. In other words, end users should be made explicitly aware of how their data is used, and if their data can be used for training, end users should be given an explicit opt-in / opt-out.

6. Preparedness for Next-Gen Threats

Liveness detection is an evolving field, and attackers are constantly finding new ways to bypass biometric authentication.

  • Deepfakes: Does your vendor have solutions to detect AI-generated deepfakes? Push to understand exactly how the vendor detects deepfakes, and which specific types they cover (and how they do it), as deepfakes are a very broad category and often misunderstood.
  • Ongoing R&D Investment, Flexibility for Future Threats: Vendors should have a roadmap for addressing emerging fraud techniques and should be able to articulate how their product development pipeline can address previously unknown techniques. Ask your vendor how they plan to adapt their technology to counteract next-generation fraud.

Final Thoughts

Choosing a liveness vendor isn’t just about today’s security—it’s about ensuring long-term reliability and trust. A strong vendor will be independently tested, offer flexible deployment options, provide transparency in decision-making, operate ethically, and stay ahead of evolving fraud threats. Asking the right questions upfront can save significant time, money, and risk down the road.

If you’d like to explore a partnership with Paravision, please don’t hesitate to reach out.