Governments worldwide are shifting to digital identity (e-ID) systems for citizens. The goal is to streamline access to public services, unlock immense economic value, and drive social inclusion. Replacing outdated paper-based processes, these new biometric systems utilize biometric verification to offer a secure method for citizens to remotely access various services.

The case for e-ID is clear. Estonia's highly digitized public services, with 99% available online, result in an annual saving equivalent to an estimated 2% of the country's economic output.

Brazil offers another compelling demonstration of digital identity at national scale. In just a few years, the country has transformed Gov.br into one of the largest digital public-service ecosystems in the world, with more than five thousand federal services fully digitized. Citizens can authenticate remotely across thousands of services using secure facial biometrics, and the platform’s interoperability layer eliminates the need for citizens to repeatedly submit documents already held by government agencies.

Luis Felipe Monteiro, VP of Institutional Relations at Unico and former Brazilian Secretary of Digital Government, summarizes the impact:

“Gov.br has put Brazil firmly on the global map of public-sector efficiency. With around 170 million users and 92% of more than five thousand public services fully digitized, the platform not only brings agility and convenience to citizens, it also delivers tangible annual savings measured in billions of reais. Its digital identity, based on secure facial biometrics, is the key that unifies access to all these services, turning the relationship between citizen and State into a safer, simpler, and more efficient experience. This progress has earned Brazil recognition as the world’s second-leading country in digital government maturity, according to the World Bank.”

By 2025, Gov.br had recorded more than 140 million legally valid digital signatures, while data-sharing across agencies generated over R$ 3.95 billion in accumulated savings. Brazil’s trajectory shows that when biometric identity is secure, inclusive, and trusted, it becomes essential national infrastructure.

But this digital transformation can get stalled by a critical barrier: a crisis of trust. Effective fraud prevention is the primary challenge. Without it, the risk of mass identity theft and data breaches paralyzes progress. Digital fraud targeting government services is exploding, with suspected fraudulent transactions surging by 33% from 2023 to 2024.
This new wave of crime erodes the public trust that is essential for widespread adoption.

The Cost of Inaction

Public data reveals the staggering scale of digital identity fraud. Global losses from identity-related fraud exceeded USD 50 billion in 2024, growing more than 20% year over year, according to estimates from Juniper Research and LexisNexis Risk Solutions.

Public leaders bear a responsibility to safeguard both citizens’ data and the integrity of public spending, ensuring every tax dollar reaches its rightful destination.

Postponing modernization is, therefore, a direct acceptance of financial loss, erosion of trust, and institutional vulnerability.

The New Threat: AI-Driven Fabrication

The nature of this fraud has fundamentally changed. Traditional security was built to stop impersonation, stealing a real identity or the use of fraudulent documents. The new threat, powered by Generative AI, is fabrication, creating a fake identity that looks real.

The core defensive mechanism of the system, biometric technology, is now the target of a new type of attack. This sophisticated method uses fabricated or purloined biometric data to generate highly realistic forgeries.

This threat, identified as a top trend for 2025, is known as synthetic identity fraud. Attackers now use sophisticated, high-resolution AI-generated deepfakes to fool face recognition systems in two primary ways:

1. Presentation Attacks (PAD): The most common "spoofing" method. Fraudsters may use fake artifacts, such as high-resolution photographs, videos displayed on a screen, or advanced 3D masks, as input for a camera.

2. Injection Attacks (IAD): The fraudster bypasses the physical camera entirely and uses software (like a virtual camera or emulator) to "inject" a deepfake video stream directly into the application's data pipeline.

   
   This creates a critical "Verification Gap." An obsolete system could successfully verify a non-existent user by confirming that a deepfake selfie precisely matches a synthetically generated ID document.

   
   The Global "Gold Standard" for Defense

   
   To build trust, governments must adopt a modern, multi-layered defense defined by global standards. Moving beyond basic verification, this framework utilizes strong biometric authentication to ensure a user's identity is genuine and that the individual is present.
   First, leading analysts like Gartner state that any modern identity verification (IDV) process has three mandatory components:

   
   

1. Document Authentication

2. Biometric Matching

3. Integrated Liveness Detection.

   
   "Liveness detection" is the specific technology that proves the user is a living person present during the check. It is the component that prevents fraud from spoofs. However, not all liveness technology is created equal. The global standards for proving this defense are clear:

   
   

   Standard 1: ISO 30107-3 (Tested by iBeta)

   
   

   This is the global benchmark 11 for Presentation Attack Detection (PAD). Independent labs like iBeta test a solution against thousands of spoofing attempts. For Level 1 and Level 2 compliance, the system is required to have an Attack Presentation Classification Error Rate (APCER) of 0%. This requirement mandates that the system successfully blocks all (100%) of these attacks.

   
   

   Standard 2: CEN/TS 18099

   
   This European technical specification defines the requirements for detecting and blocking Injection Attacks (IAD), where fraudsters bypass the physical camera and inject synthetic video streams (deepfakes, virtual cameras, emulators) directly into the system. Compliance with CEN/TS 18099 ensures that biometric verification systems can withstand this new generation of attacks.
   This update is a seismic shift: ISO compliance for PAD is no longer enough. A government system must also prove it can defend against the injection attacks defined by CEN/TS 18099.

The Accessibility Mandate: Why a Strong "Passive Liveness" is Essential

A secure system that honest citizens cannot use is a failure. An ideal user experience is just as critical as security. Digital ID systems must be designed for inclusivity, actively preventing a "digital divide" that would marginalize individuals such as the elderly, people with disabilities, or those who have low digital literacy.
This is the failure of traditional "Active Liveness" detection. These systems force users to perform actions: "blink now," "turn your head," "move closer." This process can be confusing, high-friction, and a primary cause for users to abandon the onboarding process.

The best route? "Passive Liveness." This advanced technology requires no action from the user other than a simple selfie. It works "frictionlessly" in the background, analyzing texture, light, and micro-movements to prove liveness in an instant.
Passive liveness is a foundational inclusion technology. It ensures that security is transparent, accessible to all citizens, and maximizes adoption.

Conclusion: Building the solution that elevates public services

The future of government e-ID depends on verifiable trust. A multi-layered defense architecture is essential for securing citizen services. This is a non-negotiable requirement for entities like government agencies and financial institutions that handle processes such as Know Your Customer (KYC). These advanced biometric systems must be built to defeat modern threats.

This architecture must include:

🔐 Layer 1: Anti-Spoofing (PAD Defense)
Certified Passive Liveness Detection (ISO 30107-3) blocks presentation attacks — such as photos, videos, or masks shown to the camera — while ensuring a frictionless and inclusive user experience for all citizens.

🛡️ Layer 2: Anti-Injection (IAD Defense)
Verified Injection Attack Detection (CEN/TS 18099 + NIST SP 800-63-4) blocks synthetic video streams — deepfakes injected via virtual cameras or emulators that bypass the physical device.

⚠️ Deepfakes are not a layer — they are the threat. They can be used in both PAD and IAD attacks. That’s why both layers are essential to fully protect against deepfake-driven identity fraud.

This architecture ensures:
• ✅ Security against both spoofing and injection
• ✅ Compliance with global standards (ISO, CEN, NIST)
• ✅ Accessibility for all citizens through passive liveness
• ✅ Trust in digital public services

To fully realize the potential of digital identity, governments must first establish citizen trust.

The integrity of your digital identity services depends on defeating these threats. Protect your citizens, prevent identity theft, and ensure a frictionless user experience.

To discover how our certified, multi-layered biometric security platform can safeguard your services and establish verifiable citizen trust, reach out to Oz Forensics today!