Biometric identity verification has a compelling pitch: analyse 68 facial landmarks in real time, detect whether a person is physically present (vs. a photo or video replay), and confirm they match the face on the document they're submitting. Done in seconds, with no manual intervention.
The pitch is accurate. The problem is what it doesn't say: liveness detection confirms the person is real; it says nothing about whether the document is.
A fraudster submitting a genuine face and a fake document passes a liveness check every time.
What Liveness Detection Actually Checks
Liveness detection — also called presentation attack detection (PAD) — solves a specific problem: distinguishing a live human being from a non-live reproduction.
Attacks it prevents:
- Holding a printed photo of the genuine holder in front of the camera
- Playing a recorded video of the genuine holder
- Using a 3D mask of the genuine holder's face
Attacks it does not prevent:
- A real person submitting someone else's genuine document (if their face hasn't been enrolled)
- A real person submitting an altered genuine document with their face already on it
- A real person submitting a fully fabricated document that matches their appearance
- A real person submitting a document with an AI-swapped face that matches theirs
In each of these cases, the liveness check passes — because a live human is presenting. The fraud is in the document, not the presentation.
What Document Forensics Actually Checks
Document forensics analyses whether the submitted document is genuine — independent of who is presenting it. It runs on the document image, not the biometric session.
Problems it detects:
- Altered genuine documents (changed name, date, balance, address)
- Fully fabricated documents (never issued by any authority)
- AI-generated synthetic identity documents
- Face substitutions within genuine documents (photo zone tampering)
- Metadata inconsistencies that reveal the document's non-genuine origin
Problems it does not solve:
- Whether the person presenting the document is the person named on it (that's biometrics)
- Whether the person is physically present rather than recorded (that's liveness)
The Fraud Scenarios Each Layer Catches
| Fraud Scenario | Liveness Detection | Document Forensics |
|---|---|---|
| Printed photo presented to camera | ✓ Caught | — |
| Video replay attack | ✓ Caught | — |
| Real person, someone else's genuine ID | — | — (needs biometric match) |
| Real person, altered genuine ID | — | ✓ Caught |
| Real person, fake AI-generated ID | — | ✓ Caught |
| Face swap on genuine ID, real person presenting | — | ✓ Caught (photo zone analysis) |
| Genuine ID, genuine face, genuine person | Both pass | Both pass |
The table shows two things clearly: there's no overlap (they catch different attacks), and there's no single layer that covers the full fraud surface.
The Combination That Covers the Surface
A complete identity verification stack runs both layers:
Step 1: Document submission + forensic analysis (< 3s)
→ Is this document genuine?
→ If not: stop here, flag for review
Step 2: Biometric capture + liveness detection (seconds)
→ Is a live person presenting?
→ Does their face match the document face?
→ If not: stop here, flag for review
Step 3: Data checks
→ Does the identity data match external records?
→ Is the identity flagged on any watchlist?
Running forensics before biometrics matters: if the document fails forensic checks, there's no value in completing the biometric session. The fraud is already identified. This reduces biometric session volume and associated costs.
Structuring the pipeline with document forensics first — before biometrics — means biometric sessions only run on documents that have passed a forensic gate. This cuts biometric session costs while catching fraud earlier in the funnel.
Where Deepfakes Sit in This Picture
AI-generated deepfake attacks complicate both layers — but differently.
Against liveness detection: passive liveness checks are increasingly challenged by AI-generated video that mimics natural face movement. Anti-spoofing research is advancing rapidly on this front.
Against document forensics: AI-generated identity documents are statistically distinguishable from genuine photographed documents — different pixel noise profiles, edge characteristics, and missing physical artefacts. But the gap narrows as generation models improve.
The response to both is the same: multi-signal analysis that requires a fraudulent submission to defeat multiple independent checks simultaneously. An AI-generated document that passes pixel noise analysis might fail MRZ validation. An AI-generated video that passes basic liveness might fail 3D depth estimation.
Layered detection is inherently more robust than any single check.
For Compliance Teams: What to Ask Your Vendor
If you're evaluating an identity verification platform, the key question is: does it run document forensics, biometric verification, or both?
Many platforms lead with biometrics — the technology is visually impressive and easy to demo. Forensic document analysis is less visible but addresses a different and equally important fraud vector.
Ask specifically:
- What forensic checks run on the document image (not the face)?
- Can you detect altered genuine documents — not just fake ones?
- Is AI-generation detection part of the document analysis stack?
- What happens if the document passes forensics but the biometric fails (and vice versa)?
TamperCheck specialises in the document forensics layer — the complement to biometric verification, not its substitute. The two work together to close the full fraud surface.
Add the document forensics layer
Check any identity document for alterations, fabrication, and AI generation in under 3 seconds. $5 free to start.
Start free →FAQ
Can I use document forensics without biometric verification?
Yes, and it's often the right choice for workflows where documents are submitted asynchronously — loan applications, insurance claims, rental applications — where a live biometric session isn't practical. Document forensics alone catches the majority of document fraud without requiring a real-time biometric capture.
Does document forensics work on documents photographed by the applicant with a mobile phone?
Yes. Mobile-captured document photos are the standard submission format and what forensic analysis is optimised for. The AI adjusts its analysis for photograph-of-physical-document submissions versus native digital PDFs.
If liveness detection is already in my stack, do I actually need document forensics too?
If your workflow includes document submission and liveness check, you currently have a gap: fraudsters with genuine faces and altered or fabricated documents pass your liveness check without any forensic gate. Document forensics closes that gap.
What's the regulatory position on combining biometrics with document forensics?
Both the European Banking Authority (EBA) and the UK's FCA have published guidance recommending layered identity verification — biometric and document checks operating together rather than as substitutes. FATF's guidance on digital identity similarly recommends multi-layer approaches. A liveness check without document forensics satisfies the biometric requirement but leaves the document integrity layer unaddressed.
Where can I read more about the specific document fraud methods these layers catch?
See Deepfake Document Fraud in KYC for how AI-generated IDs specifically evade liveness-only workflows. For the full taxonomy of document fraud types and detection signals, see the Complete Guide to Document Tampering and Fraud.