There are three basic facets of authentication: what you have, what you know and what you are. The simplest thing you have is a key. The simplest thing you know is a PIN or password. Biometrics are a way to have a machine know what you are. There are a wide variety of biometrics, all of which are unrelated. Voice recognition, fingerprints, face recognition, hand geometry, etc. The technology for one of these has nothing to do with the technology for any of the others. Nonetheless, they all are alike in a number of ways. For example, all biometrics are probabilistic matches. A biometric system says, "I think so" or "I think not," rather than yes or no. You never say something the same way twice. Your fingerprints aren't quite the same before doing dishes and after them. Biometric systems always balance between "false negatives" (incorrectly saying "I think no") and "false positives" (incorrectly saying "I think so"). Biometrics are very good for some sorts of systems, closed systems that have a specific thing they do that needs merely a yes/no statistical answer. For example, opening a door. They are very bad for networked systems because they are vulnerable to the biometric data being stolen, or the yes/no being forged. I don't think they're particularly useful for credit card fraud. If you buy something in a store, there's already a biometric system in place -- your signature. It's handled by a person, not by a computer, but a signature check is a biometric system. It's hard to see how adding a computer would make it more reliable. On a network, biometrics could easily weaken overall security. If a hacker can steal your credit card number, they can steal your thumbprint. And it's a lot easier to get a new credit card number than a new thumb.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.