Glossary

Biometric Scanner

Fourthline Forrester TEI thumbnail The Fourthline Team · May 16, 2025

What is a biometric scanner?  

A biometric scanner is a physical device that captures biometric information — typically physiological features like fingerprints, facial structure, iris patterns, or palm vein maps — for identity verification or authentication. Some behavioral biometric data, such as typing rhythms or handwriting dynamics, may also be captured by biometric hardware, but these are usually collected via software. 

Where are biometric scanners used?  

Biometric scanners — or integrated biometric sensors — are used in a range of everyday situations. You may encounter them at border-control checkpoints, when signing in to rooms or buildings that have restricted access, when accessing your phone or banking app, or when using smart home devices. They’re also used by law enforcement agencies, particularly for identity verification and forensic investigations.  

In financial services, biometric scanners are used for identity verification during customer onboarding, and for authentication when a customer wants to access digital services.  

Types of biometric scanners  

Fingerprint scanners: Optical, capacitive, ultrasonic, and thermal  

A fingerprint scanner is a biometric sensor that captures fingerprint data. Two of the most common types of fingerprint scanners are optical scanners and capacitive scanners.  

Optical fingerprint scanners take a photo of the fingerprint under a bright light, and a light-sensitive microchip makes a digital image by looking at the fingerprint’s ridges and valleys. They are low-cost and durable, but can be vulnerable to spoofing attacks that use latent fingerprints (i.e., residual impressions left on the sensor surface). 

Capacitive fingerprint scanners take a high-quality fingerprint by generating a digital image based on an electrostatic field. A capacitive sensor can be more prone to wear or damage over time compared to an optical sensor, but it’s quick to use and highly accurate. 

Both optical and capacitive are used on smartphones and laptops. Lately we’ve seen some newer smartphones with enhanced optical fingerprint scanners that incorporate advanced signal processing or pressure-sensing to detect the presence of a real finger. These are sometimes called “hybrid” solutions.  

Optical fingerprint scanners are commonly used by law enforcement and government agencies, while capacitive scanners are commonly embedded in consumer devices, where they’re often used for mobile banking or payments — though financial institutions rarely control the biometric hardware directly. 

Less-common fingerprint scanner types include ultrasonic scanners, which use high-frequency sound waves to sense differences in skin density, and thermal scanners, which sense the temperature differences on the contact surface between fingerprint ridges and valleys. 

Iris and retinal scanners 

The term “eye scanner” can be a bit imprecise, as different types of scanners analyze unique patterns in different parts of the eye. The two most common biometric eye-scanning technologies are iris scanners and retinal scanners. 

Iris scanners capture high-resolution images of the iris (the colored ring around the pupil). These scanners then use algorithms to recognize unique patterns in the iris. The process is fast and non-intrusive, which explains why it’s commonly used in high-security facilities and at border-control checkpoints. 

Retinal scanners use infrared light to map the unique patterns of a person’s retina, which is the light-sensitive layer of tissue at the back of the eyeball. Retinal scanning is less convenient than other methods, as the person being scanned needs to remain still and focus on a target point to align their retina with the scanner. For this reason, retinal scanners are less commonly seen today. 

Facial recognition systems 

A facial recognition system is a software-based technology capable of verifying someone’s identity through an image, video, or live camera feed. These systems often rely on embedded hardware, like smartphone cameras or depth sensors, to capture facial data.   

Facial recognition systems are widely used in banking and financial services for Know Your Customer (KYC) flows. For example, when a new customer wants to open a bank account, a facial recognition system compares their face from a selfie with the portrait on their ID document, often with mechanisms such as liveness checks or 3D mapping to ensure accuracy. Likewise, when an existing customer attempts to log in to an account, the facial recognition feature compares their selfie to a stored reference image before granting access.  

Facial recognition systems are also used in law enforcement by matching the faces of people captured by CCTV or specialized cameras against images on a watchlist. This practice is subject to significant legal restrictions due to issues like privacy and consent, and it may not be implemented to the same degree across different jurisdictions. 

Palm vein scanners 

Palm vein scanners use near-infrared light to capture an image of the unique vein patterns in the hand and then compare them to others in adatabase. Unlike fingerprints, veins are hidden beneath the skin and require blood flow for proper imaging, meaning they can be more difficult to spoof.  

Hand geometry readers 

Hand geometry readers capture geometric characteristics of a human hand, including the length, width, thickness and curvature of the fingers, the palm size, and the distances between joints. Though this is an older biometric technology and less precise than some newer technologies, it’s still used in some security systems.  

Biometric scanner limitations and security considerations 

There are a range of limitations and concerns for any security system, and biometric scanners are no exception. They include:  

  • Spoofing or impersonation attacks. Biometric data can be vulnerable to spoofing attacks, where a malicious actor presents fake biometric traits to fool a scanner. Advanced systems attempt to prevent this through anti-spoofing techniques such as liveness detection or multi-factor authentication. 

  • Hacking risks. Vulnerabilities in databases or transmission can expose biometric data to bad actors. This is especially serious because, unlike stolen passwords, biometric traits can’t simply be changed. A successful hack potentially causes permanent damage — one reason why it’s crucial to strictly comply with data protection laws. 

  • False positives (when a system incorrectly identifies one individual as another) and false negatives (when a system fails to recognize the legitimate user) are also real risks. While modern biometric scanners generally have low error rates, misidentifications can have serious consequences. 

Best practices and technologies to mitigate risks  

There are a number of practices and technologies organizations can leverage to mitigate biometric scanners’ limitations.   

Implementing multi-factor authentication (MFA, in which a user must provide two or more pieces of evidence to authenticate their identity, makes it more difficult for fraudsters to impersonate someone. Typically, MFA combines different types of identifying factors — for example, something you are (biometrics), something you know (e.g., a PIN or password), and something you have (e.g., a smartphone). MFA doesn’t affect biometric error rates, but it does help to compensate for them. 

Furthermore, for access to sensitive systems, some organizations apply continuous authentication. Rather than relying on a one-time authentication process, this involves ongoing verification of a user’s identity throughout an active session, using behavioral biometrics like typing patterns and mouse movements. Privacy concerns apply here, too. 

In terms of technology, artificial intelligence (AI) is emerging as a helpful tool to improve the accuracy of many physiological and behavioral biometrics by enabling advanced pattern recognition and adaptive decision-making. For example, with physiological biometrics such as facial recognition, AI can help overcome issues such as false positives or negatives caused by different skin tones or facial features. But these systems aren’t infallible, and they must be trained on diverse datasets to be effective. 

Finally, liveness detection can help spot spoof attempts by determining whether a biometric sample’s source is a human or a fake representation. A common liveness check is a phone facial-recognition system that scans for natural movements like blinking — or a system that directs a user to make specific movements, such as tilting their head or looking from side to side. 

Biometric scanner FAQs   

What does a biometric sensor detect?  

A biometric sensor detects physiological or behavioral features, such as fingerprints, maps of the iris, palms, or face, or data about how a person walks, types, or writes by hand.  

What is the most common biometric identification? 

Face and fingerprint recognition are the most common biometric technologies for authentication and identification, particularly in consumer devices and secure system access. While other methods may be less popular overall, they may be preferrable for specific use cases — such as iris scanners for entry into secure facilities.  

Which finger is used for biometric scanning? 

The best practice is scanning at least one finger from both hands. This ensures that the user can gain access to a system even if one of their fingers is not recognized due to cuts, scrapes, dirt, or other issues. Thumbprints are commonly used for smartphones and laptops.