Strengthening Biometric Protection with Jscrambler & Build38

Download Case Study

Overview


A London-based identity verification provider and one of Europe's leading biometric vendors partnered with Build38 and Jscrambler to deliver advanced, cross-platform protection against digital fraud. By securing their unique approach to passwordless authentication—which verifies users without storing any biometric data—they successfully mitigated the risk of unauthorized account access.


This collaboration enabled the company to expand its biometric authentication security from mobile app to web, providing users with a unified, frictionless, and highly secure experience across all devices.


Our provider delivers a passwordless, multi-factor authentication approach that relies on biometric verification while safeguarding user privacy by storing no biometric data. This solution helps mitigate unauthorized account access and streamlines secure authentication across various devices

Headquarters

London, UK

Jscrambler’s client

Since 2025

Industry

Identity Verification

Use cases

SDK Protection

Challenge


The company had previously partnered with Build38 to protect its mobile SDK against video injection attacks, in line with CEN standards. It then sought to implement comparable safeguards for its web channel, where threats like synthetic or replayed video streams could undermine liveness verification mechanisms.


The organization detected two distinct attack vectors targeting its web SDK: crafted video injection and

virtual camera bypass.

Solution


Having already trusted Build38 to secure its mobile SDK against video injection and reverse-engineering attacks, the team sought to extend the same certified level of protection to its web SDK.

The objective was to create a unified, cross-platform defense that could withstand sophisticated fraud techniques while maintaining an effortless user experience. To achieve this, the company selected Jscrambler’s Code Integrity to shield its JavaScript code from runtime manipulation, DOM tampering, and reverse engineering.


Build38 and Jscrambler partnered on a proof-of-concept (PoC) during which real-world attack scenarios were simulated to evaluate the solution. To counter these threats, Jscrambler deployed its anti-DOM tampering and anti-monkey patching capabilities and Code Integrity protection features.

The PoC focused on two primary objectives: performance and code security. The implementation needed to operate seamlessly, preserving the user experience while effectively defending the application against simulated attacks. Jscrambler’s library met both requirements, protecting the code without compromising speed, which ultimately led the organization to move forward with a full license.

"We jumped on a call with the Jscrambler team and got very good guidance about

what we needed to do. It was easy to set up, easy to fine-tune when it needed fine-tuning, and that was it. Then we let it run"

Development Lead at the Identity Verification Platform

How Jscrambler & Build38 Strengthened Biometric Security

UNIFIED CLIENT-SIDE PROTECTION

RELIABLE-AT-SCALE PERFORMANCE

MITIGATION OF SDK SECURITY RISKS

Results

By combining the strengths of Build38 and Jscrambler, the identity verification company achieved a comprehensive, end-to-end security solution. Build38 provides protection for the mobile application, while Jscrambler’s Code Integrity technology secures the web SDK with runtime protection, making it resilient to tampering.

Section Divider

Related resources

Blog Article

Proactive Defense: Client-Side Protection Safeguards Healthcare Data

Solution Brief

Jscrambler Solution for Healthcare

Blog Article

Tracking the growth of healthcare data breaches

Blog Article

Client-Side Risks in Healthcare: Reinforcing Existing Application Security Programs