For years, the digital identity industry has focused on a single critical question: "Is the face in front of the camera real?" We have created strong defenses against presentation attacks.

This process is called Presentation Attack Detection (PAD). It helps us find physical fakes like photos, masks, and deepfake videos. This was the digital equivalent of a security guard checking IDs at the front door.

But what if the intruder isn't trying to get past the guard? What if they found a new way to attack? They could tunnel directly into the building and skip the front door.

This is the reality of Injection Attacks, a more advanced threat that renders traditional camera-focused security obsolete. We are proud to announce that OZ Forensics has earned a new certification for injection attack detection (IAD). The well-known BixeLab independently verified this certification, following the advanced CEN/TS 18099 standard. This certification reinforces Oz commitment to highest protection against the most advanced forms of attacks.

From Fake IDs to Hacked Databases: The Evolution of Fraud

To understand the gravity of this shift, let's use a border control analogy:

• Presentation Attack (PAD): A criminal attempts to cross a border using a high-quality fake passport. The border agent's job is to scrutinize the physical document and the person presenting it, focusing on their facial features. All security is focused on this single point of interaction. This is what standards like ISO 30107-3 are designed to test.

• Injection Attack (IAD): A cybercriminal bypasses the border agent entirely. They hack into the customs database from a remote location and insert a fraudulent digital record of biometric data that lists them as an approved traveler. They can then walk through automated gates without ever presenting a document. The system has been compromised from within.

This is precisely what happens in a digital injection attack. Fraudsters can get around the device's camera. They inject harmful data, like pre-recorded images or videos, into the app's data flow.

Your camera cannot see anything. The attack is happening at the code level. It targets the core of the face recognition system.

The Rise of Advanced Fraud Techniques

Since the beginning of this year, we have observed a significant increase in advanced attacks made by professional fraudsters equipped with technology to bypass most liveness solutions. These include attempts combining deepfakes with injection techniques, blending methods, partial injections, mirror-based attacks, injections on iOS devices, and even sophisticated noise injections in videos.

Although injection attacks are technically more complex, their frequency has already become at least comparable to that of presentation attacks. Moreover, their high potential for automation and scalability makes them particularly dangerous, indicating a continued risk of growth in the number of such attacks.

CEN/TS 18099: The New Standard for a New Threat

While ISO 30107-3 remains a crucial standard for PAD, the emergence of injection attacks demanded a new, more specific benchmark. The European technical specification CEN/TS 18099 was created for this exact purpose: to test the resilience of biometric systems against these internal, data-level assaults.

Our evaluation by the accredited lab BixeLab was a simulated war, where our OzLiveness SDKs (Web, iOS, Android) were subjected to a barrage of sophisticated IAD techniques, including virtual camera outputs, emulator-driven attacks, and direct API manipulation. The goal was to ensure our liveness detection technology offered complete protection.

The results confirm a hermetically sealed defense:

• 0% APCER (Attack Presentation Classification Error Rate): No fraudulent data packet, regardless of the method, successfully breached our system's integrity. The digital tunnel was blocked, every time.

  
  

• 0% BPCER (Bona Fide Presentation Classification Error Rate): Our system's intelligence proved so precise that it never flagged the data from legitimate users as a threat, ensuring a frictionless user experience.

  
  

What This Means for Your Security Strategy

This certification provides more than just another layer of security measures; it offers a new paradigm of trust for your entire biometric verification process.

1. Security Beyond the Sensor: You are no longer just securing the camera's field of view; you are protecting the entire data pipeline and the sensitive personal information it carries.

   
   

2. A Proactive Defense: This is not about catching up to yesterday's fraud. It's about ensuring a secure onboarding process that is prepared for the sophisticated, systemic attacks that will define the next five years.

   
   

3. Verifiable Trust and Regulatory Compliance: In a market saturated with claims of "AI-powered security," this third-party validation provides concrete proof of resilience against a specific and advanced threat, helping you meet strict regulatory compliance demands.

The security checkpoint has moved. The threats are no longer just at the front door. With this certified defense against injection attacks, OZ Forensics ensures that your entire digital infrastructure, built on advanced facial biometrics, is secure from the lens to the ledger.

👉 Discover how our IAD-certified technology can protect your business from the inside out. Contact us for a demonstration.