📖 Biometric Authentication Glossary

🔑 Core Concepts

Biometric Authentication
Verification of identity using unique physical or behavioral traits such as fingerprints, face, or voice. Often used for secure logins without passwords.
🔗 FIDO Alliance

Passwordless Login
An authentication method that removes the need for traditional passwords, instead using biometrics, hardware keys, or secure links.
🔗 Microsoft on Passwordless

Multi-Factor Authentication (MFA)
A security process requiring two or more verification methods — e.g., a password plus a fingerprint scan.
🔗 MFA

Two-Factor Authentication (2FA)
A subset of MFA, using exactly two factors, such as a password and a one-time code or biometric check.
🔗 National Cyber Security Centre 2FA

Digital Identity
A digital representation of a person or organization used to access services securely online.
🔗 Digital Identity

Strong Customer Authentication (SCA)
A PSD2 requirement in Europe mandating multi-factor checks for electronic payments to reduce fraud.
🔗 European Central Bank

Zero Trust Security
A security model where no user or device is trusted by default, even inside a network. Every access attempt must be verified.
🔗 Zero Trust Explained

Account Takeover (ATO) Prevention
Techniques to prevent cybercriminals from gaining control of user accounts through stolen credentials.
🔗 Account Takeover

👁️ Types of Biometrics used by Authentiq8 Me

Fingerprint Recognition
Authentication using unique patterns of ridges and valleys in a fingerprint. Common on smartphones.
🔗 NCSC Fingerprint recognition

Facial Recognition
Authentication based on the unique geometry of a person’s face. Increasingly used in smartphones and airports.
🔗 Information Commisioners Office (ICO) – Facial Recognition

⚙️ Technologies & Standards

Liveness Detection
A safeguard to confirm that the biometric sample (e.g., a face or fingerprint) comes from a live person and not a spoof, photo, or mask.
🔗 Liveness Test

Spoofing (Presentation Attack)
Attempts to trick biometric systems with fake samples such as photos, videos, or synthetic voices.
🔗 Spoofing

Template Protection
Techniques to protect stored biometric data (templates) from theft or misuse.
🔗 NIST Biometric Data Security

GDPR & Biometric Data
Under GDPR, biometric data is classed as “special category” data, requiring strict protection.
🔗 UK ICO – Biometrics

NIST Digital Identity Guidelines
US standards for secure identity management and authentication, including biometrics.
🔗 NIST 800-63-3

ISO/IEC Biometric Standards
International technical standards for biometric systems and interoperability.
🔗 ISO Biometrics

💼 Business & Security Use Cases

Mobile Banking Authentication
Use of biometrics to secure financial transactions on mobile apps.
🔗 ECB PSD2

KYC (Know Your Customer)
Processes for verifying identity during onboarding, increasingly supported by biometric verification.
🔗 FCA Money Laundering Report

Remote Onboarding
Enabling new users to join services securely using biometrics without visiting a branch or office.
🔗 World Bank – Digital Onboarding

Fraud Prevention
Using biometrics to block identity theft, account takeover, and fraudulent transactions.
🔗 ENISA – Threat Landscape 2025

Accessibility & Digital Inclusion
Ensuring biometric authentication works for people with different abilities, devices, and technical skills.
🔗 W3C – Accessibility & Biometrics

🔒 Security Threats

SIM Swap Fraud
A scam where criminals convince a mobile operator to transfer your phone number to a new SIM card. This lets them hijack SMS one-time passcodes (OTPs), break into accounts, and steal money or data.
🔗 Metropolitan Police – SIM Swap Fraud

Phishing
A cyberattack where fraudsters impersonate trusted services (like banks or email providers) to trick people into revealing passwords, card details, or personal data.
🔗 NCSC (UK) – Phishing Explained

Credential Stuffing
When attackers use stolen username–password pairs from one data breach to try logging into other websites. It works because many people reuse passwords across services.
🔗 OWASP – Credential Stuffing

Man-in-the-Middle Attack (MITM)
An attack where a hacker secretly intercepts communication between two parties (like a user and a bank website). This can be used to steal login details or alter transactions in real time.
🔗 Man-in-the-Middle