Built to know a real palm.
An anti-spoofing assessment of palmprint and palm vein authentication across common and advanced presentation attacks in payment scenarios.
One scan. Multiple security gates.
A successful attack must do more than imitate the visible surface of a palm. The X-Telcom flow layers liveness, two biometric modalities, image quality controls and identity checks--raising the difficulty at both enrollment and authentication.
Liveness detection
The device incorporates dual-spectrum RGB and NIR liveness detection technology to mitigate presentation attacks such as photos, video replays and prosthetic replicas.
Dual-modal matching
Validates palmprint texture and sub-surface palm vein features together.
Image quality
Rejects samples without sufficient texture, vein integrity or imaging consistency.
Enrollment controls
Applies registration verification and account association before payment use.
Registration and recognition, step by step.
Every capture moves through device status, palm position, brightness, image quality and liveness checks before alignment and reliability assessment. The flow then branches into controlled registration or feature-based recognition.
+ Click diagram to enlargeFrom paper prints to advanced prosthetics.
Our internal Presentation Attack Detection (PAD) testing examines realistic acquisition paths, practical attack costs and the observable differences that enable defensive models to identify spoof attempts.
Printed palmprint
RGB paper images lack sub-surface vein information.
Printed palm vein
Printed infrared imagery lacks matching surface palmprint information.
Paper splice
Adhesive traces and aliased print/vein signals expose mixed real-and-fake samples.
Screen replay
Visible screen light does not reproduce near-infrared vein imaging.
3D palm model
Material imaging and absent dynamic vascular signals distinguish prosthetics from skin.
Glove attack
Material differences are detectable; highly transparent gloves reveal the real wearer.
Feature reconstruction
Image-to-feature extraction is irreversible; encrypted feature transport adds protection.
Animal skin
Dry animal skin differs from human tissue and lacks dynamic vascular information.
Complexity changes the equation.
More realistic fakes rapidly become expensive to produce. They must also obtain a target's biometric data and pass every downstream security gate.
Cost bands are estimates from the X-Telcom internal assessment and are shown on a non-linear visual scale for readability.
Low commercial viability for spoofing in payment authentication.
Common print, replay, splice and ordinary prosthetic attacks are effectively addressed by established defensive coverage. Advanced attacks remain theoretically possible, but must simultaneously satisfy liveness, palmprint, palm vein, image quality, enrollment and account checks--at a cost that generally outweighs the potential return.
* Findings and figures summarize "Testing of Spoofing Attack Methods -- Focusing on Payment Scenarios," an internal X-Telcom assessment. References to ISO/IEC 30107-3 describe principles used to inform algorithm training and internal PAD testing only. X-Telcom does not claim ISO/IEC 30107-3 certification, formal conformance or third-party PAD evaluation on this page. Results are scenario-dependent and do not constitute an absolute guarantee against every attack.