Glossary

Biometrics

Fourthline Forrester TEI thumbnail The Fourthline Team · May 16, 2025

What is biometrics? 

Biometrics refers to the measurement of individuals’ unique physical or behavioral characteristics. Certain types of biometric data are now commonly used for identification and authentication in security systems.  

The most well-known examples of physical or physiological biometric identifiers include: 

  • Facial features 

  • Fingerprints 

  • Iris or retina patterns 

  • Hand geometry 

Examples of behavioral biometric identifiers include:   

  • Voice patterns 

  • Typing rhythms 

  • A person’s gait (i.e., how they walk) 

How is biometrics used in security? 

Biometrics is commonly used to verify or authenticate a person's identity, and it has become quite integral in our everyday lives. It’s commonly used in banking and financial services, at border and airport controls, and even on our smartphones and laptops. 

 Biometric authentication enhances security because it relies on characteristics that are inherent to a specific individual and difficult to copy. This makes it generally more resistant to theft or misuse compared to traditional knowledge-based authentication methods such as PINs or one-time passwords OTPs, which can be easily stolen or forgotten. 

 In financial services and fintech, biometric verification supports identity proofing during customer onboarding, ongoing customer authentication, and periodic data updates. As such, it helps organizations comply with KYC and Anti-Money Laundering (AML) requirements. 

 Because everyone's biometric data is unique, it’s considered Personally Identifiable Information (PII) and generally treated as sensitive personal data. The collection of biometric data is subject to strict regulations, such as the General Data Protection Regulation (GDPR) in the European Union. 

Types of biometrics 

Biometrics can be broadly put into two groups: physiological and behavioral.   

  • Physiological biometrics refers to the analysis of the physical characteristics of a person, such as their facial structure, fingerprint, palm, or iris.  

  • Behavioral biometrics identifies the specific characteristics of movements and gestures of an individual performing a task, such as how they type or walk. 

As criminals leverage new technologies and methods to bypass biometric security methods, multimodal biometrics, in which methods such as facial recognition, fingerprinting, and voice authentication are combined, provide increased security.  

Facial biometrics 

Facial recognition is a biometric technology that identifies or verifies someone through an image, video, or any audiovisual element that includes their face. It scans this data to create a detailed map of the person’s features. This facial template includes a mathematical representation of key facial features, such as the distance between the eyes, the shape of the nose, and distinctive characteristics like scars or moles.  

To ensure the person is real and prevent spoofing (i.e., the use of photos, masks, or deepfakes), many facial biometrics technologies use liveness detection. This technique uses algorithms to help determine whether a biometric sample comes from a real human being or a synthetic representation. Liveness checks can also detect discrepancies in subtle movements, like blinking or small head movements. 

Facial recognition is often used for unlocking phones or laptops and logging into apps (particularly banking apps). It’s also used in law enforcement, at border and airport controls, and in apps that tag and organize photos. 

While facial biometrics is generally considered accurate, potential limitations include poor image quality or lighting, changes in appearance at different angles, and the effects of aging. 

Eye-based biometrics 

There are several types of eye-based biometric technologies, including iris recognition, retina scanning and scleral vein pattern recognition.   

Iris biometrics uses mathematical pattern-recognition techniques on video images of the iris — the colored part of the eye surrounding the pupil. This is generally considered a non-intrusive and convenient verification method, as users don’t need to make physical contact with the scanner.   

Retina scanning, by contrast, maps the unique patterns of blood vessels in the retina, located at the back of the eye. As the retinal blood vessel pattern is intricate and stable over time, retinal scanning is considered highly accurate. However, this method is not as easy to use as many others. The user must focus on a specific point to align their retina with the scanner, which can be uncomfortable.  

Scleral vein scanning maps the vein patterns in the sclera — the white part of the eye. Using near-infrared (NIR) imaging, it captures vascular maps that are unique to individuals. This method is still relatively new but can be quite reliable, as the vein patterns are less affected by factors such as aging or changes in lighting. 

Eye-based biometrics are used for a range of situations, including e-government services, access to secure buildings (such as prisons), and automated/passport-free border controls. 

Finger and hand biometrics 

Finger and hand biometrics refer to a category of measurements that analyze the characteristics of the fingers and hands. These include fingerprint, finger geometry, and hand geometry.    

Fingerprint biometrics is one of the most widely used and mature biometric authentication technologies. As you may know from watching detective shows, it works by capturing the distinctive pattern of ridges in a person’s fingerprints. This method is cost-effective, easy to use, and difficult to fake. This makes it a relatively secure and useful tool for identification, though it can be spoofed with advanced techniques.  

Fingerprint scanning is often used to access phones and apps. Other common uses include access control to buildings and premises, as well as workplace time and attendance monitoring. 

Finger geometry measures distinctive features of the human fingers, such as their shape, surface area, length, width, thickness, and the distance between them. Hand geometry measures broad features of the entire hand, including palm size and finger positions.  

Finger and hand geometry have some notable shortcomings. The characteristics aren’t very “biometric rich”; in other words, they don’t contain a high amount of unique data. Furthermore, a hand’s shape can be influenced by physical changes such as weight gain or loss, swelling, and injury.  

Hand and finger geometry biometrics are sometimes used for physical access and attendance tracking.

Keystrokes, typing, and writing biometrics 

Keystroke dynamics, typing behavior, mouse usage, and handwriting biometrics all fall under the general category of behavioral biometrics, which analyze human behavior rather than physical characteristics.  

Keystroke and typing biometrics identify individuals based on the manner and rhythm with which they type — some individuals may hold certain keys for longer, while others may type at a faster rate of words per minute. Typing patterns are generally extracted from keyboards, although they can also be extracted from phone touchpads. The most common use cases include securing account access, or continuous authentication to sensitive systems accessed from a laptop. 

Handwritten biometric recognition is the process of identifying a person based on their handwriting style — stroke order, pressure, speed, rhythm, and the like. You may think this is limited to literal handwriting, but handwriting biometrics may be used on touchscreen devices or digital signing pads, too. 

Behavioral biometrics can be difficult to spoof using static artifacts like photos or fake fingerprints, as they rely on machine-learning models that analyze complex behavior patterns. But they're not inherently more secure than physiological biometrics, as they can be heavily context-dependent and may be affected by variables like fatigue, stress, or using an unfamiliar device. 

Other types of biometrics 

There are other physiological and behavioral biometrics, including voice pattern, ear shape, lip movement, heartbeat, DNA, and even odor. These are less commonly used, due to a range of complicating factors. For example, voice recognition is sensitive to background noise, while gait recognition isn’t practical for tasks such as opening a phone or accessing a bank account.  

Even so, developments in these technologies may help their use cases grow in the future. 

Biometrics FAQs  

What is biometric verification? 

Biometric verification is a way to confirm the identity of an individual based on physiological or behavioral traits, such as their face, fingerprints, voice, or typing style. There is a minor but key difference between biometric verification and biometric authentication.  

Verification is the validation of a person’s identity against official documents, such as when a new customer is being onboarded at a bank and their identity is confirmed by checking a selfie against biometric data in a passport. Authentication, on the other hand, is when a person’s identity is validated based on previously collected biometric information, such as when an existing bank customer authorizing a payment with a face scan that's checked against records in the bank’s database.  

What is a biometric scanner? 

Biometrics scanners are hardware devices used to capture the biometric information that verifies an individual’s identity. This data is matched against the saved database to approve or deny access to a system. Common types include fingerprint, iris, and facial-recognition scanners.   

How is biometrics used in everyday life? 

Biometrics are used in everyday life to onboard bank customers, screen travelers at airport security, unlock phones, and authorize payment transactions.  

Do passports and ID documents use biometrics?  

Biometric passports are common worldwide and typically include an integrated circuit chip that stores the passport holder’s biometric data. Many governments also use biometrics for documents such as drivers’ licenses, ID cards, and voter registration cards.