Identity verification and liveness detection: stopping document fraud at check-in

A scanned ID proves one thing: that the document exists. It doesn’t prove the person sending it is its holder. That gap is exactly where fraud slips through.

At an in-person check-in, the receptionist looks at the photo and looks at the face. Online, if all you ask for is a photo of the ID, you’re looking at nothing. You receive an image that anyone could have pulled from anywhere.

What a scan doesn’t catch

Three cheap attacks that a plain “upload your document” won’t stop:

• Someone else’s document. A real ID, just not the one belonging to the person booking. Without verifying the face, it’s indistinguishable.
• A doctored document. A montage with the photo swapped or the data edited. To the naked eye, in a compressed image, it passes.
• A photo of a photo. Holding a screen with someone else’s face up to the camera. This is where liveness detection comes in.

Document fraud isn’t theoretical. The tools to forge a document or generate a face with AI are now free and fast. What once took a forger now takes a website.

What liveness detection does

Liveness detection confirms there’s a real person in front of the camera, present and in that moment —not a photo, a video or a deepfake on a screen. It’s the piece that ties the document to whoever is presenting it.

It works in two layers that belong together:

1. Face match. Compare the selfie face with the document photo. Is it the same person?
2. Liveness check. Detect signals that the face is real and live —not a flat image or a replay. Good techniques do this without asking the guest to turn their head or read out numbers: the less friction, the more people finish.

Without the second layer, face match is fooled by a good photo. With it, the attack collapses.

“Won’t this scare my guests off?”

It’s a fair worry. The answer depends on how you build it. A two-second selfie at the end of a form the guest is already filling in is barely noticed. What scares people is five retries, good lighting and an odd gesture on demand. Verification that works is the kind the guest hardly sees: they take their photo, the system decides behind the scenes, and a human only steps in if something doesn’t add up.

Verify without hoarding risk

There’s a tempting mistake to avoid: keeping every selfie and document “for security”. It’s the opposite of secure. Biometric data is a special category under the GDPR; it should be used to confirm identity in that instant and not left in an archive. Verification done right makes its decision, records the result, and doesn’t turn your database into a warehouse of faces.

That’s how it all fits: the document supplies the data for the guest report, and identity verification confirms that data belongs to the person staying. You can see how we integrate it into the platform. The goal isn’t to distrust every guest —it’s to close the door on the ones you don’t want, without slowing down everyone else.