Silicone fingers, rubber masks that imitate a person’s face, ear molds made of gelatin, and recordings indistinguishable from a live human voice. These are some of the tools criminals use to deceive biometric authentication systems, which identify individuals through fingerprints, faces, voices, irises, or even ears. To detect and prevent such attacks, known as spoofing, in which biometric features are falsified to fool the system, researchers are increasingly relying on artificial intelligence (AI).

“It’s a cat-and-mouse game,” says computer scientist Rodrigo Colnago Contreras, from the Institute of Science and Technology at the Federal University of São Paulo (ICT-UNIFESP), a specialist in detecting biometric forgeries. “As new fraudulent techniques emerge, we need to develop more sophisticated solutions to recognize and combat them.” According to Contreras, newest antifraud systems use AI algorithms to identify falsifications. Sensors that verify liveness by measuring physiological signals are also being employed.

Contreras’s interest in the field began during his undergraduate studies, when he worked on a project focused on fingerprint recognition at crime scenes. Spoofing became the subject of his master’s thesis at São Paulo State University (UNESP) and later of his doctoral dissertation at the University of São Paulo (USP). A few weeks after competing in LivDet, the world’s leading biometric fraud detection competition, held in Italy—where he placed second—Contreras spoke with Pesquisa FAPESP via video call and email. Below are highlights from the interview.

Are biometric systems vulnerable to fraud?
Yes. Although these platforms provide a highly convenient and secure method of user identification, as they eliminate the need to memorize passwords or carry objects like cards or keys, they do have vulnerabilities. The main weakness stems from spoofing attacks, in which biometric traits are falsified and presented to the system. The complication is that nearly all biometrics (fingerprints, faces, voices, and even irises) can be replicated. This makes it essential to employ strong protection mechanisms against this type of fraud.

Are such falsifications becoming more common worldwide?
We don’t yet have precise data on the increase in these attacks, but we know they are becoming more frequent. Biometric fraud has become a major concern for both the financial sector and public institutions around the world. One emblematic case occurred in 2013 in Ferraz de Vasconcelos [São Paulo], when a doctor from the Mobile Emergency Care Service [SAMU] was caught using silicone fingers, created with help from colleagues, to clock in for them. The case gained international attention and is still cited as a key motivation for developing spoofing detection techniques. More recently, facial forgery cases have emerged, in which photos of other people are used to bypass facial recognition systems and secure loan approvals in banking apps. In one investigation by the Santa Catarina police, around 50 individuals and companies were reportedly affected.

Artificial intelligence identifies subtle patterns that distinguish genuine biometrics from forgeries

How can these frauds be countered?
It really is a cat-and-mouse game. As new spoofing techniques appear, companies and researchers create increasingly sophisticated countermeasures. Most rely on artificial intelligence (AI) algorithms, though there have also been advances in specialized sensors that verify a user’s liveness by measuring factors such as temperature, electrical response, or other physiological signals—although even these can sometimes be simulated. Ongoing research in universities and industry is critical to ensuring the security of biometric systems against ever-evolving threats.

What are the most common types of fraud?
Each biometric has its own forms of spoofing. Fingerprints, for example, can be replicated using latex, wood glue, or silicone. Faces can be faked with photos, videos, or rubber masks. Voices are vulnerable to replay attacks, in which recordings are used to reproduce a person’s speech. Even the iris and ear, both used in biometric systems, can be forged using photos. Artificial eyes or printed contact lenses can imitate irises, while videos or rubber molds can replicate the shape of the ear.

How can we create more secure systems?
Artificial intelligence plays a central role. Through techniques such as machine learning, AI can detect subtle patterns that distinguish genuine biometric data from forgeries, even in sophisticated attacks. Moreover, these methods enable systems to continuously learn from new fraud attempts, becoming more accurate and adaptive over time. A particularly important point is cost: it is far more economical to incorporate an AI-based spoofing detection module than to invest in additional hardware, such as thermal or electrical conductivity sensors that differentiate real fingerprints from fake ones. The advantage is even greater in large-scale scenarios, such as companies with multiple branches or hundreds of time clock terminals. AI offers a scalable, efficient, and financially viable solution for strengthening security.

What is the focus of your research?
I have developed and published several papers on spoofing detection in biometric systems, each using a different approach. One key study focused on fingerprints: we proposed a framework combining multiple image filters with a new descriptor designed to represent artificial patterns as signals to help identify fraud. More recently, during my postdoctoral fellowship at UNESP, supported by FAPESP, I concentrated on voice spoofing detection. We proposed several frameworks based on classical machine learning and demonstrated that, with proper feature engineering, results comparable to those achieved by deep neural networks can be obtained at a significantly lower computational cost. We also investigated spoofing in ear biometrics, applying image enhancement strategies, multiple filters, and textural descriptors. This work broadened the scope of our solutions beyond the most common biometric modalities. Each paper sought to demonstrate that it is possible to develop robust, scalable, and cost-effective solutions to enhance biometric system security without relying solely on specialized hardware.

MURA, V. et al. IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS). 2015Original fingerprint (left) and two counterfeits made from latex (center) and glueMURA, V. et al. IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS). 2015

When did your interest in this area begin?
I have been studying biometric systems since my undergraduate years at UNESP in São José do Rio Preto, during a research project funded by FAPESP. At that stage, I proposed a new approach for identifying fingerprints collected at crime scenes. During my master’s studies, I began focusing on detecting biometric forgeries. I developed a generalization of the Local Binary Pattern (LBP) method—a micro-pattern texture descriptor in images that compares each pixel with its neighbors, generating binary patterns later converted into decimal values. These values form a histogram, which is a graph representing the frequency of different structures in the image, used for recognizing and analyzing visual patterns. The technique I proposed, called Multi-Scale Local Mapped Pattern [MSLMP], differs from traditional LBP by describing multiple concentric regions rather than just one micro-region. Comparisons of pixel values across these regions help reduce the effects of noise or imperfections, especially in fingerprint images. This method was refined and submitted in 2021 to the international Liveness Detection Competition [LivDet], where we won second place.

What is this competition?
LivDet is an international competition that evaluates systems designed to distinguish genuine fingerprints from counterfeits made of materials such as silicone, gelatin, or other materials. Participants receive a dataset containing a mix of real and fake fingerprint images and must classify them accordingly. The organizers assess performance based primarily on accuracy rate. Processing time is also measured, but accuracy, remains the key metric. Held every two years, LivDet is the most traditional and respected global competition in the field of biometric fraud detection. I’ve participated in the last three editions, all focused on fingerprints. There are also LivDet competitions dedicated to facial and iris recognition, as well as ASVSpoof, organized by another group, which focuses on voice biometrics. The challenges have evolved considerably in recent years. In 2021, participants received a database with both genuine and fake fingerprints for model training. By 2023, when our team earned an honorable mention, only a small number of legitimate samples, and no fake ones, were provided, forcing competitors to design more generalizable models. This year’s edition was even more demanding: no training data was made available at all. We had to rely on older databases and experiment with AI-based data generation. Our method, combining classical image processing techniques with artificial intelligence to distinguish live fingerprints from forged ones, proved highly adaptable under these conditions.

Where is research into biometric fraud most advanced?
LivDet has been organized in Italy since its first edition in 2009. The group led by Gian Luca Marcialis, at the University of Cagliari, is one of the world’s foremost authorities on spoofing detection. Another major reference is the team led by Christoph Busch, at the Norwegian University of Science and Technology, which has also made significant contributions. Smaller but influential groups include Önsen Toygar’s team at the University of the Western Mediterranean in Cyprus, which stands out for its work on ear biometric spoofing. We currently collaborate on research projects with her team.

And what about in Brazil?
Brazil does not yet have formally consolidated research groups dedicated exclusively to spoofing detection, but there have been notable contributions from researchers at USP, UNICAMP, UNESP, and more recently, UNIFESP. We are now in the process of formalizing a research group focused on this topic, bringing together national researchers and international partners. I believe this collaboration will help strengthen Brazil’s role in the global field of biometric security.

The above interview was published with the title “A game of cat and mouse” in issue 356 of October/2025.

Republish

This article may be republished online under the CC-BY-NC-ND Creative Commons license. The Pesquisa FAPESP Digital Content Republishing Policy, specified here, must be followed. In summary, the text must not be edited and the author(s) and source (Pesquisa FAPESP) must be credited. Using the HTML button will ensure that these standards are followed. If reproducing only the text, please consult the Digital Republishing Policy.

Text HTML<br><p>This work first appeared on <a href='https://revistapesquisa.fapesp.br/'>Pesquisa FAPESP</a> under a <a href='https://creativecommons.org/licenses/by-nd/4.0/'>CC-BY-NC-ND 4.0 license</a>. Read the <a href='https://revistapesquisa.fapesp.br/en/fighting-fraud-in-biometric-systems-is-a-game-of-cat-and-mouse-says-expert/' target='_blank'>original here</a>.</p><script>var img = new Image(); img.src='https://revistapesquisa.fapesp.br/republicacao_frame?id=576073&referer=' + window.location.href;</script>This work first appeared on Pesquisa FAPESP under a CC-BY-NC-ND 4.0 license. Read the original here.Copy code