Identity Verification Glossary
Comprehensive glossary of 93+ terms covering identity verification, biometric security, privacy technology, and digital trust.
Account Recovery
The process of regaining access to an account when primary credentials are lost, which often represents the weakest link...
Account Takeover
A form of identity theft where a malicious actor gains unauthorized access to a user's existing account, typically throu...
Adversarial Machine Learning
A field studying attacks against machine learning systems, including techniques to fool biometric classifiers, bypass li...
Age Verification
The process of confirming that a user meets minimum age requirements for accessing age-restricted content or services, i...
Anti-Spoofing
Technologies and techniques designed to detect and prevent presentation attacks against biometric systems, including liv...
API Key
A unique identifier used to authenticate a client application or service when making calls to an API, serving as both id...
Attribute-Based Access Control
An access control model that evaluates attributes (user properties, resource types, environmental conditions) to make au...
Behavioral Biometrics
A category of biometric verification that analyzes patterns in human behavior such as typing rhythm, mouse movement, gai...
Biometric Hash
A one-way cryptographic fingerprint derived from biometric data that cannot be reversed to reconstruct the original biom...
Biometric Verification
The process of confirming a person's identity by analyzing their unique biological characteristics such as facial geomet...
BIPA
The Illinois Biometric Information Privacy Act - the most stringent US biometric privacy law, requiring informed consent...
Bot Detection
Technologies that identify and block automated software programs (bots) that simulate human behavior on websites and app...
Bug Bounty
A program offered by organizations that rewards security researchers who discover and responsibly disclose software vuln...
C2PA
Coalition for Content Provenance and Authenticity - an industry standard for certifying the source and history of media ...
CAPTCHA
Completely Automated Public Turing test to tell Computers and Humans Apart - an increasingly obsolete method of human ve...
CCPA
California Consumer Privacy Act - a state law giving California residents the right to know what personal information is...
Chain of Custody
A documented trail showing the seizure, custody, control, transfer, analysis, and disposition of evidence, applied digit...
Compliance Automation
Technology that automates the process of meeting regulatory requirements, including evidence collection, policy enforcem...
Consent Management
Systems and processes for obtaining, recording, and managing user consent for data collection and processing, as require...
Content Authentication
The process of cryptographically proving that a piece of digital content was created by a specific verified source and h...
Content Provenance
The documented history of a piece of digital content including its origin, creation method, modifications, and chain of ...
Continuous Authentication
A security approach that continuously verifies user identity throughout a session using behavioral biometrics and contex...
Credential Stuffing
An automated attack where stolen username-password pairs from data breaches are used to gain unauthorized access to user...
Cross-Platform Identity
An identity that is recognized and verifiable across multiple platforms and services, eliminating the need to create sep...
Cryptographic Signature
A mathematical scheme for verifying the authenticity and integrity of digital messages or documents, proving they were c...
Data Breach
A security incident in which sensitive, protected, or confidential data is accessed, disclosed, or stolen by an unauthor...
Data Minimization
A privacy principle requiring organizations to collect only the minimum amount of personal data necessary for a specific...
Dead Internet Theory
The hypothesis that a significant portion of internet activity, content, and users are generated by bots and AI rather t...
Decentralized Identity
An identity model where individuals control their own identity data rather than relying on centralized authorities, ofte...
Deepfake
AI-generated synthetic media that realistically depicts a person saying or doing something they never actually said or d...
Device Attestation
A cryptographic process by which a device proves to a remote server that it is genuine hardware running unmodified softw...
Differential Privacy
A mathematical framework for measuring and limiting the privacy impact of data analysis, ensuring that individual record...
Digital Identity
The collection of electronically captured and stored data that uniquely represents a person in digital systems, encompas...
Digital Watermark
Information embedded within digital content (image, video, audio) that is invisible to human perception but detectable b...
Document Verification
The process of authenticating identity documents (passports, driver's licenses, national IDs) using optical character re...
ECDSA
Elliptic Curve Digital Signature Algorithm - the cryptographic algorithm used by POY Verify, Apple Pay, and Bitcoin for ...
eIDAS
Electronic Identification and Trust Services Regulation - the EU framework for electronic identification and trust servi...
EU AI Act
The European Union's comprehensive regulatory framework for artificial intelligence, requiring transparency obligations ...
Face Liveness
Specific application of liveness detection focused on facial biometrics, using 3D depth sensing, texture analysis, and m...
Federated Identity
An identity management system that allows users to use the same credentials across multiple independent systems or organ...
FIDO Alliance
An industry consortium that develops authentication standards (FIDO2, WebAuthn, Passkeys) to reduce reliance on password...
Fraud Detection
Systems and processes designed to identify and prevent fraudulent activities, including identity theft, account takeover...
GDPR
General Data Protection Regulation - the European Union's comprehensive data protection law that classifies biometric da...
Hardware Security Module
A dedicated physical computing device that safeguards and manages cryptographic keys, providing tamper-resistant protect...
Homomorphic Encryption
An advanced encryption method that allows computation on encrypted data without decrypting it first, enabling privacy-pr...
Identity Federation
An arrangement between multiple organizations that allows users to use the same credentials to access services across or...
Identity Graph
A unified view of all identifiers (email, phone, device IDs, cookies) associated with a single person, used by platforms...
Identity Orchestration
A middleware approach that coordinates multiple identity verification methods (document check, biometric, database looku...
Identity Proofing
The process of collecting, validating, and verifying information about a person to establish that they are who they clai...
Identity Verification
The process of confirming that a person is who they claim to be, typically through document checks, biometric comparison...
Injection Attack
An attack against biometric systems where synthetic biometric data is injected directly into the processing pipeline, by...
Iris Recognition
Biometric identification technology that uses mathematical pattern-recognition techniques on images of the irises of an ...
ISO 27001
An international standard for information security management systems (ISMS), providing requirements for establishing, i...
KYC (Know Your Customer)
Regulatory requirements that obligate financial institutions and other regulated businesses to verify the identity of th...
Liveness Detection
A biometric security technique that determines whether the source of a biometric sample is a live human being rather tha...
Man-in-the-Middle Attack
An attack where a malicious actor secretly intercepts and potentially alters communications between two parties who beli...
Multi-Factor Authentication
An authentication method requiring two or more verification factors from different categories: something you know (passw...
Multimodal Biometrics
The use of two or more biometric modalities (face + voice, fingerprint + iris) to increase verification accuracy and res...
NIST SP 800-63
Digital Identity Guidelines published by the National Institute of Standards and Technology, defining identity assurance...
OAuth
An open standard for access delegation commonly used for token-based authentication on the internet, allowing users to g...
On-Device Processing
Computing paradigm where data processing occurs locally on the user's device rather than being transmitted to remote ser...
Passkeys
A FIDO2-based passwordless authentication technology that uses public-key cryptography and biometrics stored on user dev...
Passwordless Authentication
Authentication methods that eliminate passwords entirely, using biometrics, hardware tokens, magic links, or cryptograph...
Penetration Testing
An authorized simulated cyberattack on a system performed to evaluate the security posture, identifying vulnerabilities ...
Phishing
A social engineering attack that uses fraudulent emails, messages, or websites to trick individuals into revealing sensi...
Presentation Attack
An attempt to interfere with the operation of a biometric system by presenting a fake biometric sample, such as a photog...
Privacy by Design
An approach to systems engineering that embeds privacy considerations into the design and architecture of IT systems fro...
Proof of Personhood
A mechanism that verifies a unique human being is behind a digital identity without necessarily revealing who that perso...
Public Key Infrastructure
A framework of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and...
Rate Limiting
A technique used to control the number of requests a user or application can make to an API or service within a specifie...
Replay Attack
A network attack in which valid data transmission is maliciously repeated or delayed, used against biometric systems by ...
REST API
Representational State Transfer Application Programming Interface - an architectural style for designing networked appli...
Right to be Forgotten
A legal right under GDPR allowing individuals to request the deletion of their personal data when it is no longer necess...
Risk-Based Authentication
An authentication approach that adjusts verification requirements based on assessed risk level, requesting stronger proo...
SDK
Software Development Kit - a collection of tools, libraries, documentation, and code samples that developers use to inte...
Secure Enclave
A dedicated hardware security subsystem in modern smartphones that provides a physically isolated environment for proces...
Self-Sovereign Identity
A digital identity model where individuals fully own and control their identity data without depending on any centralize...
SHA-256
Secure Hash Algorithm producing a 256-bit hash value, used by POY Verify for content fingerprinting and biometric hashin...
SIM Swapping
A social engineering attack where criminals convince a mobile carrier to transfer a victim's phone number to a new SIM c...
SOC 2
Service Organization Control 2 - an auditing framework developed by the AICPA that evaluates the security, availability,...
Social Engineering
Psychological manipulation techniques used to trick people into divulging confidential information or performing actions...
Step-Up Authentication
An authentication model that escalates verification requirements when users attempt sensitive actions, requesting additi...
Sybil Attack
An attack where a single adversary creates many fake identities to gain disproportionate influence in a system, named af...
Sybil Resistance
A system's ability to prevent a single actor from creating multiple fake identities to gain disproportionate influence o...
Synthetic Identity Fraud
A type of fraud where criminals combine real and fictitious information to create a new identity, which is then used to ...
Template Protection
Cryptographic techniques for protecting stored biometric templates from theft or misuse, including cancelable biometrics...
Tokenization
The process of replacing sensitive data with non-sensitive placeholder tokens that retain essential information without ...
Trust Score
A numerical representation of an entity's verified trustworthiness based on accumulated verification signals, behavioral...
Verifiable Credentials
A W3C standard for tamper-evident digital credentials that can be cryptographically verified, enabling portable and priv...
Voice Biometrics
Technology that uses the unique characteristics of a person's voice for identification or verification, analyzing over 1...
WebAuthn
A W3C web standard that enables password-free authentication using public-key cryptography, allowing websites to registe...
Webhook
An HTTP callback that sends real-time data from one application to another when a specific event occurs, enabling automa...
Zero-Knowledge Proof
A cryptographic method that allows one party to prove they know a value or meet a condition without revealing any inform...
About POY Verify
POY Verify is the first universal human verification system built on zero-data architecture. Unlike traditional identity verification services that collect, transmit, and store your biometric data on their servers, POY Verify processes everything inside your smartphone's Secure Enclave - a physically separate processor with its own encrypted memory that even the operating system cannot access. No biometric data ever leaves your device. No personal information is ever collected. No databases exist to breach.
The system works in 30 seconds: your device's hardware sensors (3D depth cameras, infrared emitters, and motion detectors) confirm a living human is physically present. A cryptographic key pair is generated inside the Secure Enclave. The private key never leaves the device. The public key is registered with POY's verification registry. You are now a verified human on the internet - with zero personal data exposed.
Why Human Verification Matters
The internet was built without a way to prove a human being is on the other end of a connection. This architectural gap has created a trust crisis of unprecedented scale. Over 64% of all web traffic is now non-human - bots, scrapers, and automated agents that create fake accounts, post fake reviews, manipulate engagement metrics, and impersonate real people. Deepfake technology has increased 500% since 2024, enabling AI-generated faces, voices, and videos that are indistinguishable from real humans. Deepfake-enabled fraud exceeded $25 billion in losses in 2025 alone.
Traditional verification methods have failed to keep pace. CAPTCHAs are solved by AI with 99.8% accuracy. Phone verification is bypassed by SIM farms selling numbers for cents. Email verification is defeated by disposable address services. Document uploads create massive data breach liability while excluding the 1.4 billion people worldwide who lack government-issued identification. The tools of fraud have outpaced the tools of verification.
POY Verify exists to close this gap. By using hardware-based biometric liveness detection with zero data collection, it provides definitive proof that a real human is present - without the privacy sacrifices, regulatory burden, or exclusion that traditional methods create. The result is a verification layer that works for every human, on every platform, in every country, at zero cost to the individual.
Prove You Are Real
POY Verify is the privacy-first human verification layer for the internet. No data collected. No identity required. Just proof you are human. Join thousands already on the waitlist.
JOIN THE WAITLIST