Face recognition systems are increasingly vulnerable to novel 3D presentation attacks (PAs), particularly high-fidelity, deformable nylon face masks (NFMs). To address the poor generalization of existing liveness detection methods against such attacks, we introduce the first large-scale, multi-scenario public NFM dataset. It comprises video sequences of real subjects—both bare-faced and wearing NFMs—captured using an iPhone 11 Pro under four controlled lighting and pose conditions, ensuring realistic geometric conformity and optical fidelity. Leveraging this dataset, we conduct a benchmark evaluation of five state-of-the-art liveness detection methods, revealing substantial performance degradation (average AUC drop of 23.6%), thereby exposing critical robustness deficiencies against elastic 3D spoofing. This work fills a key gap in publicly available, high-fidelity, deformable 3D PA data and provides an essential resource for rigorous evaluation and advancement of anti-spoofing algorithms.

Face recognition systems are increasingly deployed across a wide range of applications, including smartphone authentication, access control, and border security. However, these systems remain vulnerable to presentation attacks (PAs), which can significantly compromise their reliability. In this work, we introduce a new dataset focused on a novel and realistic presentation attack instrument called Nylon Face Masks (NFMs), designed to simulate advanced 3D spoofing scenarios. NFMs are particularly concerning due to their elastic structure and photorealistic appearance, which enable them to closely mimic the victim's facial geometry when worn by an attacker. To reflect real-world smartphone-based usage conditions, we collected the dataset using an iPhone 11 Pro, capturing 3,760 bona fide samples from 100 subjects and 51,281 NFM attack samples across four distinct presentation scenarios involving both humans and mannequins. We benchmark the dataset using five state-of-the-art PAD methods to evaluate their robustness under unseen attack conditions. The results demonstrate significant performance variability across methods, highlighting the challenges posed by NFMs and underscoring the importance of developing PAD techniques that generalise effectively to emerging spoofing threats.