Presentation Attack Detection (PAD)

Techniques that detect spoofed biometric inputs at the sensor. Covers hardware (depth, NIR) and software methods. Standardized under ISO/IEC 30107-3. Required for serious biometric IDV.

Presentation Attack Detection (PAD)

Presentation Attack Detection (PAD) is the set of techniques used to determine whether a biometric input presented to a sensor is genuine or a spoof.

Why this matters

It is the defensive counterpart to presentation attacks and a mandatory layer in any biometric IDV stack with regulatory or fraud-loss exposure.

ISO/IEC 30107-3 defines the test methodology and metrics — APCER (attack presentation classification error rate) and BPCER (bona fide presentation classification error rate) — used for vendor certification.

Without PAD, biometric matching alone cannot tell a real face from a high-quality photo, video replay, or 3D-rendered deepfake displayed on a screen.

Deepfake expansion

Hardware PAD uses depth sensors, near-infrared imaging, or thermal cues to confirm a three-dimensional, living subject is in front of the sensor.

Software PAD analyzes texture, frequency-domain artifacts, motion coherence, and reflection patterns from a standard RGB camera.

Modern PAD systems must specifically defend against deepfake-rendered faces displayed on phone or tablet screens, which have become a dominant PAI category.

Control gaps

PAD trained on legacy PAI datasets (printed photos, 2D masks) consistently underperforms against deepfake-on-screen attacks and 3D-printed silicone masks.

PAD only protects the sensor; it has no signal once an attacker bypasses the camera with an injection attack.

Hardware PAD requires capable sensors that are absent from much of the consumer device fleet, limiting its reach in remote onboarding.

Mitigation

Choose PAD vendors certified to ISO/IEC 30107-3 with current coverage of deepfake-class PAIs and published APCER/BPCER results.

Combine PAD with deepfake detection on the pixel stream and with injection-attack detection upstream of the sensor to cover the full attack chain.

Re-evaluate PAD performance against new generators on a quarterly cadence; the PAI landscape shifts faster than annual recertification.

‍

FAQ

Questions we get asked most

Are deepfakes illegal?

Deepfakes themselves are not inherently illegal, but their use can be. The legality depends on the context in which a deepfake is created and used. For instance, using deepfakes for defamation, fraud, harassment, or identity theft can result in criminal charges. Laws are evolving globally to address the ethical and legal challenges posed by deepfakes.

How do you use deepfake AI?

Deepfake AI technology is typically used to create realistic digital representations of people. However, at DuckDuckGoose, we focus on detecting these deepfakes to protect individuals and organizations from fraudulent activities. Our DeepDetector service is designed to analyze images and videos to identify whether they have been manipulated using AI.

What crime is associated with deepfake creation or usage?

The crimes associated with deepfakes can vary depending on their use. Potential crimes include identity theft, harassment, defamation, fraud, and non-consensual pornography. Creating or distributing deepfakes that harm individuals' reputations or privacy can lead to legal consequences.

Is there a free deepfake detection tool?

Yes, there are some free tools available online, but their accuracy may vary. At DuckDuckGoose, we offer advanced deepfake detection services through our DeepDetector API, providing reliable and accurate results. While our primary offering is a paid service, we also provide limited free trials so users can assess the technology.

Are deepfakes illegal in the EU?

The legality of deepfakes in the EU depends on their use. While deepfakes are not illegal per se, using them in a manner that violates privacy, defames someone, or leads to financial or reputational harm can result in legal action. The EU has stringent data protection laws that may apply to the misuse of deepfakes.

Can deepfakes be detected?

Yes, deepfakes can be detected, although the sophistication of detection tools varies. DuckDuckGoose’s DeepDetector leverages advanced algorithms to accurately identify deepfake content, helping to protect individuals and organizations from fraud and deception.

Can you sue someone for making a deepfake of you?

Yes, if a deepfake of you has caused harm, you may have grounds to sue for defamation, invasion of privacy, or emotional distress, among other claims. The ability to sue and the likelihood of success will depend on the laws in your jurisdiction and the specific circumstances.

Is it safe to use deepfake apps?

Using deepfake apps comes with risks, particularly regarding privacy and consent. Some apps may collect and misuse personal data, while others may allow users to create harmful or illegal content. It is important to use such technology responsibly and to be aware of the legal and ethical implications.

Your KYC was built for humans. Attackers stopped sending humans.

Synthetic faces. Cloned voices. Documents generated in the time it takes to read this sentence. DuckDuckGoose is the detection layer that catches what liveness can't — on every image, video, and audio your platform sees.