Passive vs Active Liveness

Who this is for

This guide is for product, compliance, fraud, and identity teams comparing biometric verification providers or deciding which liveness approach fits an onboarding flow.

Key takeaways

• Passive liveness runs in the background and usually creates less user friction.
• Active liveness asks the user to complete a prompt, gesture, or movement.
• Neither approach is automatically better; the right choice depends on fraud risk, accessibility, user experience, and regulatory expectations.
• Buyers should ask vendors how their liveness model handles printed photos, screen replays, masks, injection attacks, and AI-generated faces.

01 What is liveness detection?

Liveness detection is a biometric security check that tries to confirm a face, document selfie, or biometric sample comes from a live person instead of a spoof. In identity verification, it is commonly used with face matching: the user captures a selfie, the provider checks whether the face is live, and then compares it with the identity document or known account record.

The main purpose is to reduce presentation attacks. Common attacks include holding up a printed photo, replaying a video on another screen, using a mask, presenting an AI-generated image, or injecting manipulated media directly into the capture flow.

02 What is passive liveness?

Passive liveness attempts to detect whether the user is live without asking for an obvious action. The user may only need to look at the camera or take a selfie. The provider analyzes signals such as face texture, depth cues, lighting response, device signals, capture consistency, and signs of replay or manipulation.

The buyer appeal is simple: fewer instructions, less user drop-off, and a smoother mobile onboarding experience. Passive liveness is often attractive for consumer fintech, marketplaces, gig platforms, age assurance, and account recovery flows where every extra step can reduce completion.

• Best fit: high-volume onboarding where completion rate matters.
• User experience: usually smoother because the user does not need to follow a prompt.
• Buyer question: what attack types has the vendor tested against, and under what conditions?

03 What is active liveness?

Active liveness asks the user to perform a challenge. That challenge might be turning their head, blinking, smiling, reading numbers, following an on-screen dot, or recording a short video. The goal is to make a static photo or simple replay attack harder to pass.

Active liveness can provide a clearer user-visible challenge, but it also adds friction. It may be harder for users with accessibility needs, older devices, poor lighting, low bandwidth, or unclear instructions.

• Best fit: higher-risk flows where added friction is acceptable.
• User experience: more steps and more room for user error.
• Buyer question: how does the provider handle accessibility, localization, and failed attempts?

04 Passive vs active liveness: the practical difference

The practical difference is not only whether the user moves. It is the tradeoff between invisible detection and explicit challenge. Passive systems optimize for low friction. Active systems make the check more visible to the user and may create stronger evidence for some risk teams, but they can also increase abandonment.

A strong vendor may offer both. For example, a team might use passive liveness for standard users, then step up to active liveness when risk signals are higher, the document is suspicious, the device is unusual, or the transaction value is large.

05 How to choose

Start with the risk of the workflow. A low-risk account creation flow may prioritize conversion and use passive liveness. A regulated financial onboarding flow, high-value withdrawal, or account recovery flow may justify active liveness or a step-up path.

Then evaluate the evidence. Ask for test coverage, attack categories, false reject rates, fallback paths, and whether the liveness model is evaluated independently. Do not rely only on a vendor saying it has passive or active liveness. The implementation quality matters more than the label.

• Use passive liveness when completion rate and simple UX are central.
• Use active liveness when the workflow can tolerate more friction for higher assurance.
• Use step-up liveness when risk varies by user, device, geography, or transaction.
• Require clear reporting for spoof attempts, failed checks, review queues, and appeals.

06 Vendor questions to ask

When comparing providers, ask concrete questions. The point is to understand the model, the capture process, and the operational impact on real users.

• Which attacks are tested: printed photos, screen replay, masks, deepfakes, camera injection, and synthetic media?
• Does the provider support passive, active, or both?
• Can the flow step up from passive to active based on risk?
• What are the false reject and false accept tradeoffs?
• How does the product work on low-end phones, poor lighting, and slow networks?
• What accessibility alternatives exist for users who cannot complete a gesture challenge?
• Can failed liveness checks be routed to manual review or account recovery?

FAQ

How to use this guide

Use this guide to understand the core concepts, compare provider claims, and decide what to verify directly before choosing a vendor.