SECURITY
Where is the fingerprint held and is it secure?

The biometric reference image, that is captured during enrollment, is immediately processed and transformed into an abstract biometric template. This biometric template is not the fingerprint image itself, and for utmost security is stored within a secure storage area of the Secure Element (SE) chip.
This biometric template consists of features and data extracted, by a non-commutable algorithm, from the fingerprint images. The IDEX Biometrics reference design and biometric matching algorithm does not rely on or include personally identifiable information (PII) metadata.

What happens if someone steals a biometric smart card and tries to use it?

Their fingerprint will not match the fingerprint template, secured in the EMV chip, so they will not be able to use the card.

Are PIN numbers, Passcodes and Keys still required?

In principle no, biometric fingerprint security can replace all of these.

Do small fingerprint sensors create security issues?

Yes, because small fingerprint sensors fundamentally work on smaller amounts of biometric data for authentication. Also, for a first-time match to be possible, a high-quality biometric template must be created in the initial enrolment process – and to achieve this a larger sensor is critical. Larger sensors require less touches to enrol the fingerprint – the smaller the sensor the more times an enrollee needs to touch the sensor to capture an image of the whole surface of the finger.

What is dynamic enroll and why is it a security risk?

Dynamic enroll is the process of only partially initially enrolling a user’s fingerprint, and then subsequently adding biometric data to the template, as the biometric card is used.

This method of enrollment, known as dynamic enroll, is leaving a huge security hole in the use of fingerprint biometrics and puts users at risk as a result. If a template can be changed, then over time the fingerprint biometric data originally enrolled onto the card can be gradually replaced. These ‘climbing attacks’ mean that potential fraudsters could use a card that has only been partially enrolled and add their own biometric fingerprint data to it.