Security

We are constantly taking actions to make the product more and more secure, mitigating a number of attacks observed in the capture process and, consequently, reducing as many possible identity frauds as possible. The SDK has some blocks that may prevent its execution in certain contexts. These are

Initially, the security enhancements are only available for PassiveFaceLiveness.

Obfuscated Code

The browser allows inspecting implementation details of solutions based on web tools. Understanding that this functionality can represent a point of vulnerability, it was implemented that the obfuscation of the code present in the SDK prevents implementation details from being revealed, thus inhibiting possible reverse engineering practices.

Automatic shutdown of the SDK

When enabled the security enhancements that terminate the SDK are, its execution will be terminated automatically, so it must be implemented in a way to directs the application to a screen at your discretion, both features that terminate the SDK are configurable and can be disabled, check the parameters used in the documentation of the corresponding SDK.

Tab change

While running the SDK, changing browser tabs makes it impossible to capture the selfie, automatically terminating the SDK. Therefore, it is recommended that the user does not switch tabs while using PassiveFaceLiveness.

Face not detected

In the process of capturing the selfie, it is necessary that the user keeps the face positioned in the indicated area, otherwise, the process will be terminated.

** Only available for automatic capture

Attempt control

For security measures, a mechanism was developed that limits the number of retries. After the user reaches the given number of tries, the SDK terminates the execution.

Last updated

Logo

2023 © Caf. - All rights reserved