- The paper introduces MIDV-DynAttack, a dataset with 1,200 video sequences capturing both static and dynamic attacks for rigorous OVD evaluation.
- The proposed HoloVerif method uses background subtraction and HSV normalization for frame-level modeling of holographic content.
- Results show HoloVerif achieves robust recall (~61%) and high AUC (~93%) on dynamic attacks, outperforming traditional static-based approaches.
Verification of Dynamic Holographic Behavior in Identity Documents: An Expert Analysis
Introduction
The paper "Verification of Dynamic Holographic Behavior in Identity Documents" (2607.06466) systematically addresses the authenticity verification of Optically Variable Devices (OVDs) on identity documents, focusing on dynamic holographic effects exploited by emerging physical attacks. While current automated approaches adequately handle static fraudulent document presentations, dynamic physical forgeriesโsuch as those using crafted hologramsโpose a substantial challenge due to their real-time adaptive visual behavior. This problem is further compounded by the paucity of public datasets with dynamic fraud samples, impeding rigorous evaluation protocols for generalization to previously unseen attacks.
MIDV-DynAttack: Dataset Contribution
A primary contribution of this paper is the introduction of MIDV-DynAttack, a public test-only dataset comprising 1,200 video sequences of attack scenarios against identity document templates. This dataset represents a threefold increase in attack samples compared to the previous state-of-the-art (MIDV-Holo), integrating both static imitation and novel dynamically-acting physical attacks while adhering to realistic capture conditions and threat simulations. MIDV-DynAttack is intentionally designed without training splits to ensure genuine evaluation on out-of-distribution attacks.
Figure 1: MIDV-DynAttack extends MIDV-Holo with 1,200 challenge videos covering unseen static and dynamic attacks.
The dataset's design stratifies attacks into static template-based (e.g., various lighting, lamination, template swaps) and dynamic template-based (e.g., crafted overlays, target-specific hologram mimics), explicitly targeting weaknesses in approaches relying solely on static visual cues or naive pixel-level variation measures. Notably, swap attacks (i.e., rapid document exchanges simulated during capture) and morphologically-accurate dynamic overlays further test the robustness of sequence-based OVD verification.
Method: HoloVerifโFrame-Level Holographic Content Modeling
To match the sophistication of new attacks, the authors propose HoloVerif, a method that explicitly models frame-level holographic content using a background-subtracted, HSV-normalized signal channel. The method pipeline can be decomposed into three distinct stages:
- Preprocessing: Spatial alignment (rigid perspective and ROI cropping), background subtraction (sequence median per channel), and selective HSV normalization are performed to suppress invariant template content and enhance high saturation and brightness regionsโthe hallmark optics of authentic holograms.
- Frame Classification with Pseudo-Labels: A deep frame classifier is trained using pseudo-labels generated by measuring frame transitions and applying luminance-based heuristics. The network is optimized with targeted augmentations to improve robustness to content and illumination variance, handling both subtle valid variations and strong out-of-distribution artifacts arising from attacks.
- Sequence Verdict Aggregation: Final classification is based on thresholding the proportion of valid-classified frames, with calibration against validation data to optimize recall and F-score.
Figure 2: Overview of HoloVerif: preprocessing enhances holographic signals, pseudo-label-based supervised learning captures dynamic content, and sequence-level aggregation determines authenticity.
This approach explicitly counters biases inherent in naive classifiers that may exploit spurious template cues or static artifacts, and is uniquely designed to work in a training-only-on-legits regime.
Evaluation Protocol
The evaluation leverages stratified K-fold protocols ensuring that identities do not leak across training, validation, and testing splits, with all of MIDV-DynAttack used exclusively as an out-of-distribution test set. Video sequences are downsampled to 5 fps post-rectification to ensure consistent temporal behavior analysis. Performance is quantified using F-score, recall per fraud type, and aggregate AUC on both static and dynamic attack splits.
ROC curve analysis further elucidates operational characteristics in low-FPR (ease-of-use) and high-TPR (security) application regimes.
Figure 3: ROC curves on MIDV-Holo and MIDV-DynAttack highlight the strong AUC of HoloVerif and the impact of challenging dynamic attacks.
Results
On MIDV-Holo, both HoloVerif and contrastive Weakly Supervised Learning (WSL) yield competitive or state-of-the-art metrics (F-score โ 95โ96%, AUC > 90). However, when evaluated on MIDV-DynAttack, most existing methods including those relying on pixel-level or weak contrastive signal collapse, especially on dynamic frauds (recall drops to 2โ3%). Only HoloVerif maintains robust recall on unseen dynamic attacks (โ 61%) and strong aggregated AUC (โ 93%), demonstrating substantial improvement in generalization.
Ablation studies reinforce that both background suppression and augmentation-driven robust learning are critical. Removing augmentations leads to a dramatic reduction in recall for dynamic attacks, highlighting their necessity for discrimination under real-world conditions.
The proposed methodโwhile maintaining comparable performance to generic classifiers on static attacksโshows unique resistance to dynamic template attacks, which are not otherwise detected by appearance- or simple variance-based detectors.
Challenging Cases and Failure Modes
Performance analysis reveals that the Document Swap attack and the Photo Replacement attack remain challenging for all methods:
- Photo Replacement: High sensitivity of WSL, but low recall on all other approaches, implicating the need for face-centric spatial modeling.
- Document Swap: All methods except generic classifiers are defeated, since swap sequences present rare combinations of otherwise valid OVD appearances, confusing the temporal and frame-based decisioning.
These examples underscore the limitations of per-frame and even naive temporal aggregation: new models should combine OVD modeling with structured temporal reasoning and explicit attack pattern detection.
Figure 4: A mosaic of rectified frame samples showcases inter-dataset consistency (MIDV-Holo: green, MIDV-DynAttack: red), exposing the diversity of attack sample content.
Figure 5: Sequence visualization illustrates the breadth of dynamic fraud coverage, critical for robust authenticity validation.
Implications and Future Directions
The findings indicate that robust verification of OVDs in identity documents demands models capable of:
- Localizing and isolating dynamic holographic content, decoupled from background/template artifacts;
- Generalizing to a wide range of unseen dynamic attacks, not merely static forgeries or easily-modeled lighting phenomena;
- Integrating temporal modeling (beyond per-frame or aggregated voting approaches) that reasons over transition dynamics, especially for physical attacks simulating multi-state behaviors (e.g., swaps);
- Combining model verification (MD) and attack detection (AD) within a unified pipeline for production deployments.
The new MIDV-DynAttack dataset and open-source framework establish a rigorous testbed for future research, and community contributions of additional genuine sample sequences would further strengthen benchmarking and precision assessment on genuinely hard negative examples.
Conclusion
The paper advances the field of automated hologram verification by introducing a challenging benchmark (MIDV-DynAttack) and a targeted, augmentation-driven deep verification pipeline (HoloVerif) that achieves superior generalization to dynamic attacks relative to prior art. Failure analysis reveals that defeating dynamic and sophisticated physical attacks will require approaches combining fine-grained appearance modeling, explicit temporal reasoning, and integrated attack detection. The open dataset and method presented provide foundational tools for advancing practical OVD verification in remote identity authentication workflows.