Liveness Detection vs. PG-Presence: Closing the Gap Liveness Can't See.
What Liveness Detection Does
Liveness detection confirms that a real, physical face is present in front of the camera. It distinguishes a live person from a photograph, a pre-recorded video, or a 3D mask. Products like iProov, FaceTec, and others have made this capability a standard component of identity verification workflows.
Liveness is good at what it does. It stops 2D spoofing attacks where an attacker holds up a printed photo. It blocks video replay attacks where a recording is played back to the camera. Most modern implementations also stop 3D mask attacks through depth analysis and texture mapping.
For many IDV workflows — account opening, KYC onboarding, one-time document verification — liveness detection is a necessary layer. Polyguard does not dispute its value in those contexts. The question is what happens when the threat moves beyond the attacks liveness was designed to stop.
What Liveness Misses
Liveness detection has a fundamental limitation that no amount of algorithmic improvement can resolve: it confirms the face is real, but it cannot determine whether that face is physically present at the device.
Remote desktop control. An accomplice or the actual verified person can sit in front of a camera while an attacker controls the session from a different location. The face is real. Liveness passes. But the person operating the computer is somewhere else entirely.
Screen sharing relay. A real video feed from a real person at a remote location can be relayed through screen sharing to the target device. Liveness sees a real face and passes it — because it is a real face. It simply is not in the room.
KVM switches. Hardware-level keyboard, video, and mouse switches allow an attacker to control a device without installing any software. There is no software footprint to flag, no remote access tool to detect. The attacker has full control of the keyboard and mouse while a different person sits in front of the camera.
Virtual camera injection. A real video feed from a remote source can be presented to applications as if it were a local camera. Some liveness implementations catch this, but many do not — and the attack surface continues to evolve.
The common thread across all of these attacks is the same: the face is real, but the person is not at the device. Liveness was never designed to answer the question of physical presence. It answers the question of biological authenticity — and those are two different questions.
What PG-Presence Adds
PG-Presence uses patented optical distance bounding to verify that the person is physically present at the device — not just that a real face is visible to the camera, but that the human being is actually in the room, holding the device, within physical proximity.
The mechanism works through a rapidly-changing QR code displayed on the meeting screen, scanned by Polyguard Mobile over approximately five seconds. The optical round-trip timing between display and scan confirms physical proximity with verification completing in under ~100ms of optical measurement. A remote relay introduces latency that cannot be hidden. A screen share adds frames of delay. A KVM switch cannot bridge the optical gap between two physical locations.
This is patented technology that addresses an attack surface no other product currently closes. It targets the exact gap that liveness detection was never designed to address — and does so through physics, not pattern recognition. The speed of light is not something an attacker can fake.
PG-Presence does not replace liveness. It answers the question liveness cannot: is this person actually here?
Attack Coverage Comparison
Where each technology stops the threat — and where the gaps are.
| Attack Type | Liveness Detection | PG-Presence |
|---|---|---|
| 2D photo spoofing | Prevented | Prevented |
| Video replay | Prevented | Prevented |
| 3D mask | Most prevent | Prevented |
| Remote desktop control | NOT prevented | Prevented |
| Screen sharing relay | NOT prevented | Prevented |
| KVM switch | NOT prevented | Prevented |
| Virtual camera injection | Some prevent | Prevented |
The Key Insight
"Liveness tells you the face is real. PG-Presence tells you the person is actually in the room."
These are two different questions. Both matter. But only one of them closes the attack surfaces that are actively being exploited in remote hiring fraud, help desk social engineering, and financial impersonation.
Integration
PG-Presence is included in every Polyguard Trust Check — it is not an add-on, an upgrade tier, or an optional module. Every verification event confirms physical presence automatically.
PG-Presence works alongside existing liveness implementations if needed. It is complementary, not competitive. Organizations that already use liveness detection in their IDV workflows can layer PG-Presence on top to close the physical presence gap without replacing what already works.
Polyguard is integrated into Zoom, Microsoft Teams, and available via SDK for custom integrations. PG-Presence operates within those environments natively — no separate app launch, no workflow interruption.
Close the Gap
Liveness confirms the face. PG-Presence confirms the person. Close the attack surface liveness was never designed to address.