Financial Services
EN
    Contact
    All categories

      Your privacy

      On the GK Comarch websites, both we and our partners use cookie files and targeting. Cookie files (a.k.a. "cookies") are small text files sent to your browser by the site you visit at any given time. They are used for analytical and statistical purposes as well as to ensure the proper functioning of the site. Additionally, they are used to tailor marketing content to the interests of users visiting our sites.

      As we respect your privacy, we ask for your consent to use these technologies. You can consent to cookies by clicking "Accept all". If you want to personalize your choices, click "Settings." You can withdraw your previous consent or change your preferences at any time by clicking the "Settings" button.

      Using cookies for the purposes indicated above is related to the processing of your personal data. The administrator of your data is Comarch SA. In some cases, our partners may also be the administrators of your data. 

      For more information on how we and our partners use cookies and process your personal data, please see our Data Processing Notice and Cookie Policy.

      Face Recognition and Liveness Verification in Mobile Banking Applications

      • Published
      • 5 min reading
      Face Recognition and Liveness Verification in Mobile Banking Applications

      Along with the ongoing digitalization, mobile banking has become widespread. It currently serves as the primary access channel, mostly for younger-generation customers, making data and transaction security a top priority for financial institutions.

      In Thailand, where the banking services market is rapidly developing, banks are struggling with the growing threat of cybercrime. According to reports from Thai authorities, over 20,000 online fraud cases were recorded in 2023, including phishing, identity theft, and unauthorized access to bank accounts. Typical schemes include fake SMS messages impersonating banks and the use of stolen biometric data to take over accounts.

      In response to these challenges, banks are increasingly using biometric technologies, including methods like facial recognition and liveness detection, to ensure high levels of user convenience and security.

      How is facial recognition different from a liveness check?

      Facial recognition is a biometric technology that identifies or verifies a person’s identity based on unique facial features. In the context of a banking app, this process involves taking a selfie using a smartphone camera. The system analyzes the image, extracting key facial features – such as the distance between the eyes, the shape of the nose, or the jawline – and compares them with the user’s previously saved biometric template.

      Liveness detection, or liveness check, on the other hand, is a fraud prevention mechanism that checks whether the face presented to the camera is that of a living person and not a photo, video recording, or mask. Liveness algorithms analyze facial movements (like blinking, smiling, or head rotation), skin texture, or responses to light stimuli, allowing to distinguish a real person from an impersonation, or spoofing attempt.

      In mobile banking applications, both technologies are used to authenticate users during login and transaction authorization, providing fast and secure access to accounts without the need for passwords or PIN codes.

      Face Recognition

      Biometric algorithms used in mobile devices are based on machine learning techniques, particularly neural networks. The process of face recognition and liveness detection involves the following stages:

      1. Face detection: The algorithm locates the face in the camera image.
      2. Normalization: To ensure analysis consistency, the image is adjusted for lighting, position, and scale.
      3. Feature extraction: The system extracts a unique vector of facial features based on key points.
      4. Comparison: The feature vector is compared with the stored biometric template to verify identity.

      In the case of liveness detection, the algorithms can additionally analyze facial movements, skin texture, or data from depth sensors (e.g., in 3D cameras) if the device supports them. Due to the smartphones’ hardware limitations, the algorithms are optimized for performance. Transfer learning is commonly used, in which the model is pre-trained on large datasets and then adapted to the specific application needs. Modern mobile devices equipped with dedicated systems (e.g. Neural Engine in iPhones) additionally accelerate machine learning computations.

      Biometric data protection in practice

      In 2020, Thailand introduced the Personal Data Protection Act (PDPA), which regulates the processing of personal information, including biometric data. According to the PDPA, banks must:

      • Obtain users' explicit consent to collect and process their biometric data.
      • Apply appropriate technical and organizational safeguards to protect data from unauthorized access or breaches.
      • Inform users about data processing purposes and their rights, such as the right to access, rectify, or delete data.

      These strict legal requirements aim to protect customer privacy and ensure that biometric data – as being particularly sensitive – is adequately secured, especially in the face of emerging cybersecurity threats.

      Face Recognition

      The Bank of Thailand (BOT) has introduced new regulations on the security of mobile banking and payment services, including requirements for liveness checks for payments:

      1. For high-value transactions (over THB 50,000), biometric verification, such as facial or fingerprint scanning, is required .
      2. To prevent fraud attempts and deepfake-based attacks, financial institutions must implement facial matching technology with presentation attack detection (PAD).
      3. For remote customer identity verification, banks must use liveness detection and biometric matching technology.
      4. If liveness detection does not allow behavioral observation, financial institutions must implement additional risk management processes or guidelines to mitigate fraud risks.
      5. Banks can use different forms of biometric matching technology depending on technological advances to enhance verification efficiency.

      It is worth noting that some experts suggest that the introduction of these measures alone may not be enough and also recommend the use of solutions based on user behavior analysis to better protect banking customers in Thailand.

      Face Recognition

      The growing role of biometric security in Thai banking

      The widespread use of smartphones in Thailand underscores the importance of biometric identity verification processes. They enable bank customers to conveniently log in and confirm financial transactions while offering greater security than more traditional authentication methods. With these technologies, banks can minimize the risk of fraud, such as identity theft. This is crucial in the digital environment – changing the face of mobile banking in Thailand, biometric security combines convenience with high security. As cyber threats like phishing and identity theft continue to rise, advanced biometric algorithms and compliance with regulations such as PDPA allow banks to protect their customers effectively. As technology develops and user trust grows, these solutions have the potential to become the standard in mobile banking not only in Thailand but worldwide.

      Is Your Bank’s Biometric System Compliant with New Regulations?

      Schedule a Free Consultation

      Piotr Pacewicz

      Piotr Pacewicz

      Product Manager at Comarch

      Lates Posts

      Want to learn more?

      Tell us about your business needs. We will find the perfect solution.

      Fill out the form