Evaluate the ISO 30107-3 compliance level required by your use case: level 1 for passive liveness, level 2 for active challenge-response, level 3 for higher-assurance injection-attack resistance
For passive liveness, integrate a vendor SDK that analyzes a single selfie frame for spoofing artifacts using a trained model without user interaction
For active liveness, present randomized challenge prompts such as head turn or blink instructions and verify that the user's motion matches the challenge via the SDK callback
For 3D liveness or injection-attack detection, integrate a vendor that performs on-device analysis or cryptographically signs captured frames to prevent camera injection attacks
Configure the liveness confidence threshold in the vendor SDK or API and define the action for scores below threshold (retry or fail)
Log the liveness check result, vendor score, and ISO compliance level alongside the biometric transaction record for audit purposes
Known gotchas
Passive liveness is vulnerable to high-quality printed photos and video replay; do not use it alone for high-risk financial onboarding without additional signals
Active challenge prompts can fail for users with certain disabilities or in poor lighting; design a fallback path that does not silently degrade liveness assurance
Vendor liveness scores are not interoperable; a passing score from one vendor's model does not imply the same assurance level as a passing score from another vendor
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp