Back
Blog
Jul 8, 2026

Real-Time Liveness Detection Solutions for Deepfake Fraud

CONTENTS
Active heading
Section heading
CONTRIBUTORS
Zohaib Ahmed
Co-Founder and CEO

A finance employee joined what looked like a normal video call with the company’s CFO and colleagues. The participants looked familiar, the voices sounded authentic, and nothing about the meeting immediately raised suspicion.

By the time the call ended, $25 million had been transferred. The same pattern extends beyond video. The FTC has warned that scammers increasingly use AI-generated voices to impersonate trusted individuals and persuade victims to transfer money or disclose sensitive information.

That is the problem many security engineers, fraud product managers, and CISOs at banks and fintechs are now evaluating. Liveness controls built for KYC onboarding were not designed for live calls, contact center authentication, or video meeting approvals where a person may be trusted based on how they look or sound in real time.

This guide explains how real-time liveness detection works across face and voice channels, where most fraud stacks fall short, and what to evaluate when comparing solutions for real-time liveness detection against deepfake fraud.

Key Takeaways

  • Liveness detection confirms a biometric input is from a live person, not a photo, replay, mask, or synthetic media
  • Most commercial solutions cover facial liveness for KYC, while voice liveness is a separate and often uncovered layer
  • Deepfake fraud targets both channels: face-swap attacks in video calls and cloned-voice attacks in contact centers and phone interactions
  • Selecting a solution requires evaluating latency, modality coverage, explainability, zero-day model coverage, and deployment options
  • If your fraud stack only covers onboarding, the voice channel at the transaction layer is likely unprotected

What Liveness Detection Is - And What It Is Not

Liveness detection is a biometric security process that determines whether a presented face or voice comes from a real, live person rather than a spoofed input. It confirms "who" and "when" simultaneously by verifying that the signal was produced in real time, by a human, at the point of capture.

It is not the same as identity verification or face matching. A face recognition system checks whether a face matches a stored record. Liveness detection checks whether the presented face is real and live. Without it, a fraudster can present a photo, a video replay, or an AI-generated face and bypass the identity check entirely.

The same logic applies to voice. A voice biometric system matches a caller's voice against an enrolled profile. Voice liveness detection checks whether the submitted voice is from a live speaker or a synthetic or replayed audio source.

Liveness detection sits between presentation and authentication. It filters out fraudulent inputs before they reach your verification system.

The Two Channels Deepfake Fraud Targets

Deepfake attacks can target multiple points in a workflow, including visual identity checks, voice interactions, or both simultaneously. It may exploit the face layer, the voice layer, or both. Most fraud stacks address one but not the other.

Face-Layer Attacks

Face-layer attacks target visual identity verification, including onboarding flows, KYC checks, remote authentication portals, and video calls where identity is assessed visually.

Three main attack types operate here:

  • Presentation attacks: A fraudster holds a printed photo, a video on a screen, or a 3D mask to a camera during verification.
  • Injection attacks: A synthetic video is inserted directly into the camera data stream via virtual camera software, bypassing the physical camera. 
  • Synthetic identity fraud: An AI-generated face is used during digital onboarding to open a fraudulent account under a synthetic identity.

Many commercial liveness platforms focus primarily on facial verification during onboarding. That leaves voice-based interactions, such as contact center authentication and executive calls, outside their detection scope.

Voice-Layer Attacks

Voice-layer attacks operate through telephone systems, contact centers, and live calls, where callers are often trusted based on how they sound.

Voice cloning tools can replicate aspects of a person’s tone, cadence, and speech patterns from an audio sample. The FTC warns that scammers use voice cloning to make requests for money or information more believable, and the FBI has warned about malicious campaigns using AI-generated voice messages for impersonation.

Three common voice-layer attack types:

  1. Deepfake vishing: A synthetic voice impersonates a CFO, bank representative, or colleague to manipulate a target into transferring funds or revealing credentials.
  2. Contact center fraud: A cloned voice passes IVR voice biometric authentication to access an account without a stolen password.
  3. Live meeting impersonation: A cloned voice, sometimes paired with a face swap, joins a video call posing as an executive to authorize transactions or extract confidential information.

A fraud stack covering only facial liveness is blind to all three. If your contact center or executive communication workflows rely on voice as a trust signal, you have an unprotected surface.

Also read: What Is Deepfake Vishing? Strategies for Prevention and Response 

How Real-Time Liveness Detection Works

Liveness detection follows the same core logic regardless of modality: analyze the incoming signal for artifacts indicating it is not from a live human at the present moment.

Although the underlying goal remains the same, the techniques used vary depending on whether the system is evaluating facial or voice signals.

Active vs. Passive Liveness Detection

Evaluation factor Active Passive
User action required Yes — blink, turn head, repeat a phrase No
Friction level Higher Low to none
Best fit High-risk verification, regulated onboarding Contact centers, live calls, recurring auth
Spoof resistance High Very high against AI-generated deepfakes


ISO
/IEC 30107-3 defines performance assessment for biometric presentation attack detection, while NIST’s FATE PAD work evaluates passive face presentation attack detection algorithms.

Active liveness prompts a challenge and verifies the response is consistent with a live human. It suits high-stakes, one-time checks where added friction is acceptable. Passive liveness analyzes biometric input in the background without user interaction, making it better suited to high-volume contexts where friction creates operational problems.

How Facial Liveness Detects Synthetic Signals

Facial liveness systems analyze incoming video frames for signals that distinguish a live face from a spoofed one:

  • Texture inconsistencies: Real skin has specific grain and light-reflection behavior. Synthetic faces often show flattened textures or irregular reflections.
  • Micro-movements: A live face moves continuously - minor eye tremor, breathing motion, natural shifts. A static image or poorly generated face does not.
  • Depth cues: 3D liveness systems map facial depth to confirm a real three-dimensional structure.
  • Temporal consistency: AI-generated faces can produce frame-level artifacts - flickering, unnatural blinking, or lighting shifts inconsistent with the environment.

ISO/IEC 30107-3 is the international standard for presentation attack detection in biometric systems. iBeta PAD testing provides independent certification against it. Checking for this certification is a practical starting point when evaluating facial liveness vendors.

How Voice Liveness Identifies Synthetic Audio

Voice liveness detection works at the waveform level, analyzing the acoustic properties of a speech signal:

  • Spectral artifacts: TTS and voice cloning pipelines leave characteristic frequency-spectrum patterns absent in natural speech.
  • Prosodic inconsistencies: Natural speech has micro-variations in pitch, rhythm, and emphasis that generative models struggle to replicate over the course of a full call.
  • Compression and codec artifacts: AI-generated deepfake audio pushed through telephony codecs introduces detectable artifacts that native speech does not produce under the same conditions.
  • Formant irregularities: Synthetic voices can produce formant patterns outside the range of natural human speech variation.

Zero-day coverage matters here specifically. New generative voice models are released frequently. A detection system trained only on known models may miss attacks from a tool released last week. Systems with zero-day coverage update when new models emerge, closing that window faster.

Also read: How Does Deepfake Detection Work? 

Where Real-Time Liveness Detection Is Deployed

Liveness detection is not a single control. It covers different threat surfaces depending on where in your workflow a synthetic identity or voice could be introduced.

KYC and Digital Onboarding

This is where most facial liveness is concentrated. Banks, fintechs, and regulated digital services require identity confirmation at account opening. A fraudster who opens an account using a synthetic face bypasses every downstream fraud control that assumes the enrolled identity is real.

The challenge is balancing detection accuracy against onboarding drop-off. High false-positive rates block genuine users and increase abandonment. The global face biometric liveness detection market is projected to surpass $250 million by 2027, according to a March 2025 report from Biometric Update and Goode Intelligence, reflecting how central this layer has become to regulated KYC workflows.

Contact Centers and IVR Authentication

Contact center fraud presents a different challenge. Attackers often possess enough account information to reach the voice authentication stage, where the objective is to pass biometric verification using a cloned voice rather than stolen credentials. 

Because these interactions occur in real time, detection systems must analyze telephony audio with low latency and support common voice codecs. Unlike onboarding scenarios, facial liveness offers little protection here, making voice liveness a key control for organizations that rely on voice authentication.

Live Meetings and Executive Communication

Live meeting protection is a newer but critical deployment context. As generative AI has made real-time face swapping and voice cloning accessible, video conference calls have become a viable attack surface.

The pattern: a fraudster joins a call posing as an executive using a face swap and cloned voice, then authorizes a wire transfer or extracts confidential information from attendees who have no reason to question who they are speaking with. The attack occurs inside an authenticated session, against non-security professionals, in a context where social pressure reduces scrutiny. Detection needs to run continuously throughout the call, not just at a login checkpoint.

Evaluating your real-time multimodal coverage? Resemble Meetings integrates directly with Zoom, Microsoft Teams, Google Meet, and Webex to analyze audio and video streams in real time across every scheduled call - no changes to your existing setup required.

What Real-Time Liveness Detection Solutions Need To Cover 

If you are a security engineer, fraud product manager, or CISO comparing real-time liveness detection solutions for deepfake fraud, these criteria help determine whether a system can perform under production conditions, not just in a vendor demo. 

The Evaluation Checklist

  1. Does the solution cover facial liveness, voice liveness, or both? If your threat model includes contact center fraud or meeting impersonation, voice coverage is not optional.
  2. Is detection passive or active? Passive suits high-volume or low-friction contexts. Active suits high-risk one-time checks.
  3. What is the actual latency under production load? Demo performance does not predict performance under concurrent usage.
  4. What attack types is it tested against? Confirm coverage across presentation attacks, injection attacks, and AI-generated synthetic media.
  5. Does the system provide zero-day generative model coverage? New synthesis tools are released frequently.
  6.  What are the false positive and false negative rates - and under what conditions? Ask for rates across different audio or video quality conditions, not best-case lab results.
  7. Is detection explainable? Compliance and legal teams need to understand what triggered a flag, not just receive a score.
  8. What deployment options are available? On-premise and air-gapped deployments matter for regulated environments.
  9. What compliance certifications apply? ISO/IEC 30107-3 and iBeta PAD testing for facial systems. SOC 2, GDPR, and HIPAA compatibility for audio and voice detection.
  10. Does it connect with your existing infrastructure? An API that does not support your telephony formats, conferencing platforms, or SIEM creates a compatibility problem before it becomes a security tool.

Also read: Top 10 Deepfake Audio Detection Tools

Common Mistakes When Deploying Liveness Detection

Even strong liveness programs can fail when teams treat the check as a single onboarding control instead of part of a broader fraud stack.

  1. Covering the face and ignoring the voice
    Most teams deploy facial liveness for onboarding and consider fraud protection complete. Voice-based attacks in contact centers and live calls use a channel that facial liveness does not touch.
  2. Selecting based on demo accuracy rather than production performance
    False positive rates, latency under load, and performance across degraded audio or video quality are the metrics that matter. Vendors demonstrate their best-case results.
  3. Treating liveness detection as a standalone control
    It should sit alongside document verification, behavioral biometrics, device intelligence, and contextual risk scoring. A system that passes liveness but fails other signals should still be flaggable.
  4. Choosing a black-box system, the compliance team cannot audit
    If the output is a score with no explanation, your compliance and legal teams have no actionable evidence when a fraud incident is reported.
  5. Underestimating injection attacks
    Many facial liveness systems are tested against photos held up to a camera. Injection attacks route synthetic video directly into the camera data stream via virtual camera software, a distinct attack vector not covered by all products.
  6. Assuming detection coverage stays current by default
    New synthesis tools and attack methods emerge over time. Fraud teams should ask how often detection models are updated, what new attack types are tested, and how quickly coverage changes are reflected in production.

Also read: Comprehensive Voice Security Solutions Guide 

How Resemble AI Supports Multimodal Liveness Detection

Resemble AI helps security and fraud teams add real-time analysis to parts of the workflow that rely on voice or video as a trust signal. That includes contact center authentication, live-agent calls, payment-approval meetings, remote hiring interviews, and executive communication workflows.

This matters because deepfake fraud does not only appear during onboarding. It can also appear later, when a caller is trying to access an account, a meeting participant is approving a transaction, or a remote candidate is being evaluated through a live interview.

DETECT-3B Omni and Voice-Layer Coverage

Resemble Detect is powered by DETECT-3B Omni, a multimodal model that evaluates audio, video, and image signals together rather than treating each modality independently. This enables organizations to identify synthetic manipulation across voice calls, video meetings, and identity verification workflows using a single detection architecture.

For contact center and call-analysis workflows, Resemble Detect supports:

  • Telephony audio formats, including G.711, G.723.1, and PCMu/PCMa
  • Standard audio formats, including MP3 and WAV
  • Inbound and outbound call analysis
  • Network-layer or application-layer integration
  • Cloud, on-premise, Docker, Kubernetes, and fully air-gapped deployment

Every detection passes through Resemble Intelligence, an explainability layer that surfaces specific artifacts triggering a flag and generates forensic output for compliance and legal review.

Resemble Meetings for Live Call Protection

Resemble Meetings integrates directly with Zoom, Microsoft Teams, Google Meet, and Webex. It analyzes participant audio and video streams during live calls to flag potential synthetic voice or face-swap attempts without recording the session or disrupting the meeting.

When a flag is triggered, security teams can use the alert to review the session and decide whether to require re-authentication, escalate the event, or end the call.

Each flagged session can generate forensic output with:

  • Timestamp data
  • Manipulation technique identification
  • Confidence scoring
  • Evidence for legal, compliance, or incident response review

For financial institutions using voice biometrics, the more important question is whether existing fraud controls extend beyond onboarding and into live voice interactions where transactions are actually approved.

Chrome Deepfake Detection for Analysts

For fraud analysts, compliance reviewers, and trust and safety teams who encounter suspicious content during web-based investigation workflows, Resemble AI's Chrome Deepfake Detection extension provides on-demand scanning of images, video, and audio while browsing. It returns a confidence score for AI-generated content without requiring a separate upload workflow.

Conclusion

Effective liveness detection for deepfake fraud requires coverage of both the face and voice layers. Many fraud stacks cover one side more thoroughly than the other.

If your current stack includes facial liveness for KYC but no audio analysis for contact center calls or live meetings, you have coverage at the point of account creation but not at the point of transaction authorization, where financial losses often occur.

Map your threat surface. Identify which interaction points rely on voice as a trust signal, including IVR authentication, live agent calls, executive video meetings, and financial approval flows. Then assess whether your current stack includes real-time analysis at those points.

If it does not, that is a measurable gap. If you are assessing whether your current fraud stack covers audio deepfake threats, contact Resemble AI to understand how real-time voice and live-call detection can fit into your production environment.

Frequently Asked Questions

1.What is real-time liveness detection?

Real-time liveness detection confirms whether an incoming biometric signal - a face or a voice - comes from a live person at the moment of capture, rather than from a photo, video replay, mask, or synthetic media. "Real-time" means the check runs during the interaction, not after it. Post-hoc analysis can confirm fraud occurred but cannot stop a transaction already authorized. Detection running in real time can flag a suspicious participant or caller before the interaction ends, giving security or operations teams a window to act.

2. How does liveness detection prevent deepfake fraud?

It analyzes the biometric input for artifacts indicating it is synthetic rather than from a live human. For facial systems, this includes texture inconsistencies, absence of micro-movements, and depth anomalies. For voice systems, this includes spectral artifacts left by synthesis pipelines, unnatural prosody, and formant irregularities. When a synthetic signal is flagged, the system blocks or escalates the interaction before authentication completes or a transaction is authorized. The prevention value is strongest when detection runs before authentication completes or a transaction is approved. For live-call workflows, low latency is usually important because security teams need a signal while the interaction is still active.

3. What is the difference between active and passive liveness detection?

Active liveness requires the user to complete a challenge - blinking, turning their head, or repeating a phrase - and verifies the response is consistent with a live human. It adds friction but provides strong confirmation in high-stakes scenarios. Passive liveness runs in the background with no user interaction, analyzing the biometric signal through AI-based pattern recognition. It suits high-volume contexts like contact centers or recurring authentication where friction creates drop-off. Both types apply to facial and voice biometrics. The choice depends on the risk level of the workflow and how much friction that context can absorb.

4. Can liveness detection catch voice deepfakes?

Voice liveness detection is specifically designed to catch synthetic audio, including AI-generated speech and cloned voices. It analyzes waveform-level patterns, including spectral artifacts, prosody inconsistencies, formant irregularities, and codec-interaction behavior - that differ between natural human speech and synthetic output. Performance can vary depending on audio quality, telephony codec compression, ambient noise, and how sophisticated the synthesis model is. Systems with zero-day coverage - those that update when new synthesis models are released - maintain broader detection over time than static models trained only on known tools.

5. What is the difference between liveness detection and face recognition?

Face recognition matches a presented face against a stored identity record. It answers: "is this the right person?" Liveness detection answers a different question: "is this a real, live person?" Face recognition without liveness can be bypassed by presenting a high-quality photo or AI-generated image of the enrolled person. Liveness detection confirms the input is genuine before the identity match runs. Both are required for secure biometric authentication: liveness confirms the input is real, and face recognition confirms the identity matches the record.

6. What compliance standards apply to liveness detection?

ISO/IEC 30107-3 is the international standard for presentation attack detection in biometric systems. iBeta PAD testing provides independent certification against it. For voice and audio deepfake detection, relevant frameworks include SOC 2 Type II, GDPR, and HIPAA depending on deployment context and geography. The EU AI Act Article 50 introduces watermarking and transparency requirements for AI-generated content. Security and compliance leads in regulated sectors should confirm which frameworks apply to their jurisdiction before selecting a vendor.

7. What is zero-day coverage and why does it matter for deepfake detection?

Zero-day coverage is a detection system's ability to identify synthetic media produced by generative AI models it has not previously been trained on - specifically models released after the system's last update. New generative tools release frequently. A static model trained on known synthesis pipelines will miss attacks from a tool released last month. Systems with zero-day coverage update their detection when new architectures emerge, shortening the window between a new tool entering the threat actor's toolkit and your system being able to catch it. For security teams, this directly determines how long your fraud stack stays effective after a new AI tool becomes widely available.

8. How do I know if my fraud stack has a voice-layer deepfake gap?

Map every interaction in your workflow where a voice signal is used as a trust input. This includes IVR authentication, live agent call flows, executive approval calls, video meetings where financial or sensitive decisions are made, and any customer verification conducted over the phone. Then ask: does your current stack include real-time analysis of the audio stream at any of these points? If the answer is no - or if fraud controls only apply during initial onboarding - you have an unprotected layer at the transaction level. Voice liveness detection addresses that gap and is distinct from the facial liveness tools covering your onboarding flow.

Try Resemble AI free
Generate with confidence. Verify ownership. Detect deception. Only with Resemble AI.
Get started
Generate and verify assets. Detect deception.
Start building now with a free account. Full API access. No credit card required.