We present in this paper a new forgery scenario for the evaluation of talking-face verification systems. The scenario is a replay-attack where we assume that the forger has got access to a still picture of the genuine user. The forger is then using a dedicated software to realistically animate the face image , reproducing head and lip movements according to a given speech waveform. The resulting forged video sequence is finally replayed to the sensor. Such attacks are nowadays quite easy to realize for potential forgers and can be opportunities to attempt to forge text-prompted challenge-response configurations of the verification system. We report the evaluation of such forgeries on the BioSecure BMEC talking face database where a set of 430 users are forged according to this face animation procedure. As expected, results show that these forgeries generate much more false acceptation in comparison to the classically used random forgeries. These results clearly show that such kind of forgery attack potentially represents a critical security breach for talking-face verification systems. I. INTRODUCTION One of the direct advantages of biometric systems consists in the fact that the user doesn't have to remember passwords or keep all the different access keys. The other advantage of biometric systems is often claimed to be enhanced security. It is indeed generally believed that biometric data is difficult to steal, imitate or generate. The work reported in this paper is challenging this last statement in the framework of talking face systems. Talking face systems are multi-modal systems combining voice and face. We usually evaluate the security performance of biometric verification systems by measuring their ability to accept true users and to reject impostures. This is classically done using a pre-recorded biometric database, preferably composed of a large collection of users. The ability of the system to accept true clients can be quite precisely estimated provided that the recording conditions of the database match the ones of the deployed system. On the other hand, it is hard to estimate reliably the ability to reject impostures as the behavior of the forgers is typically never known in advance. Frequently, evaluations are carried out using so-called random impostures. This means that the data of a randomly chosen user is presented to the system using the claimed identity of a true user. In practice, such a scenario would correspond to very weak attacks, not very much realistic when considering intentional forgers. Random forgery evaluations are mainly used due to their simplicity of implementation. However, performances measured with such scenarios should