Biometric Credential FAQ: Common Questions Answered

Explore the answers to the most frequently asked questions about biometric credentials in this informative guide. 

SentryCard FAQ’s

What makes SentryCard so secure?

Among several differentiators, the SentryCard’s antennas are undiscoverable until an on-card biometric authentication takes place. Once a user biometrically authenticates to the credential, the microprocessor validates the match and makes the antennas discoverable again during the transaction, whether opening a door or logging into a computer.

Would utilizing the SentryCard require an organization to rip out and replace its existing infrastructure?

No, there’s no need for rip and replace. The SentryCard is completely open-architected, meaning that it is compatible with all leading access control systems, door readers, and readily connects to the Active Directory via commonly used software (Microsoft, OKTA, PingID, VeridiumID, Windows Hello, Google, Citrix, Azure, etc.) Sentry maintains an “agnostic” approach to access control and has the ability to integrate (or embed) any of HID’s technologies (Prox, iClass, iClassSE and SEOS) as well as the entire NXP MiFARE suite (MiFARE Classic, DesFIRE EV1 and DesFIRE EV2), allowing it to work with any existing readers.

How are the biometrics enrolled onto a SentryCard?

Please also reference the Enrollment videos in the Resources Section of the website.  A user’s fingerprints are enrolled directly onto the SentryCard itself and never need to pass-thru or be stored on a database of server. This is critical in the on-going compliance requirements of GDPR (General Data Protection Rights), the CCPA (California Consumer Protection Act) and the growing number of BIPAs (Biometric Information Protection Acts).

How many fingers can you enroll on the SentryCard?

SentryCards are designed with firmware allowing the enrollment of two (2) fingers. The two fingers need to be enrolled concurrently.

Is there a certain finger that is required to enroll on the SentryCard?

No, any two fingers can be selected, a thumb from each hand is recommended.

How long does it take to enroll the biometrics?

Generally, less than 30-seconds to load two different fingers.

Can the SentryCard be transferred to another individual?

No, once the biometrics have been enrolled onto the SentryCard they are irreversible and no longer able to be changed.

How does SentryCard address issues with individuals whose fingerprints historically don’t work?

(either due to ethnicity or being worn-out) don’t work well with readers?

SentryCard utilizes a capacitive fingerprint sensor produced by Fingerprint Cards, a Swedish manufacture that has deployed a billion+ sensors. The SentryCard uses a large sensor array (160 X 160 pixels) with 508 DPI resolution, enabling the most robust matching capability in the market. There will always be exceptions, but the capacitive technology within the SentryCard has proven to overcome the otherwise most common matching issues.

What is the False Acceptance Rate (FAR) of your fingerprint sensor?

The FAR is 1 in 50,000. That said, consider that the biometric within the SentryCard is decentralized, meaning that 50,000 unique people would have to be in possession of the credential to attempt a false acceptance. Compare that scenario again current solutions, where there could be hundreds of thousands of user biometrics in a database that one user’s biometric could be matched with.

Is the SentryCard a multi-technology card, allowing me to grandfather older ID populations?

Yes. Because a SentryCard will work with your existing infrastructure, you can integrate the use of Sentry while phasing out your existing/older ID populations.

Why wouldn’t an organization just use a mobile device solution vs. a card solution?

There are numerous reasons, starting with the understanding that a phone, although a convenient answer, is not a secure answer. 1) In the vast-majority of cases, phones are owned by the user and not the enterprise; 2) The user controls the loading of biometrics on the device; 3) Multiple biometrics can be loaded/changed on the device by the user; 4) Phones still utilize a back-door PIN code for access that can be shared/stolen; 5) Phones are always connected (Wi-Fi or Cellular) and thereby discoverable by bad actors; 6) Phones have innumerable other applications within them, allowing malware and back-door access to the device; 7) Phones aren’t allowed in most enterprises secure environments, call centers and other critical areas; 8) Imagine the number of different types of phones within an enterprise, all with potentially different levels of operating systems. What would the help-desk burden be to manage access control issues across so many different versions?

Can you print on the SentryCard?

Yes. you can print directly on the SentryCard using a RE-TRANSFER printer but due to the texture on the credential DTC (Direct to card Printers) do not currently work well. We have tested the HID/FARGO 5000 and Canon IX-R7000 printers. The only caveat is that you cannot apply an additional laminate overlay on the sensor side.

Can you punch a hole in the SentryCard for use with a lanyard?

No. Due to the amount and sophistication of the electronics within the SentryCard, it is unable to be punched. That said, Sentry provides an acrylic card sheath with both a vertical and horizon tab for a lanyard that provides a convenient way for the user to access the biometric sensor for use.

Does SentryCard incorporate Corporate 1K and Elite Key credentials?

The end-user will need to complete and submit the HID authorization form directly to HID before we can begin manufacturing.

Is there a minimum to order credentials?

If you are ordering Elite Key or Corporate 1000 you have a 100 card minimum, the same as you would order today.

Can you use with gloves?

The biometric sensor is sonar like 3D picture of your fingerprint, which can somewhat see through certain types of thin materials like a very thin latex glove. It does reduce the effectiveness of the sensor.

Is there a form I need to fill out for an order?

Currently, you only need to fill out a form if you are needing Corporate 1000 or HID.

What access control systems do your credentials work with?

Any access control system that utilizes HID, LEAF, LEGIC, DESIFIRE/MIFARE or FIDO2 credentials. Sentrycard is typically matched with the existing readers.

For Logical Access can you setup a timed computer logout if there is not keyboard or mouse movement after a set time?

Your local IT/OT team would have the ability to establish requirements for your own organization

What is your demo program?

We have a demo package with a variation of number of cards, holders and a reader. Contact your Sentry Enterprises representative to discuss

Do the cards need to be presented to a reader to enroll your fingerprint biometrics to the card?

Yes, unless it has FIDO2, then you can hold it to an NFC reader or app on your phone. We have a Sentry app that you can hold it to your phone and then enroll.

Is HID a partner or a manufacturer for you?

We do all our own manufacturing. We buy the antennas from HID and we have our own product and manufacturing patents.

Do you have PIV cards?

We have FIDO2 which is the public version of PIV.  We are in the process of achieving FIPS-201 certification by mid-2023 and will have a Government certified PIV ID then.

What are your current card configurations?

1. DEMO Card:

This card is made for testing and evaluation. This configuration allows individuals to enroll their 2-fingers and lock the card temporarily for testing. Once the individual has completed the testing they can reset the card by placing the card on a reader and using anyone’s non-enrolled finger on the card for approximately 20-30 seconds (10 sets of flashes) Once the sets of flashes goes to individual flashes they can remove the card from the reader and it is now reset for another individual to enroll and test.


This card enrolls exactly the same as the Demo card but once the enrollment is complete the card is PERMANENTLY locked to that individual. That is what we call ABSOLUTE TRUST and IDENTITY. Whenever this card is used you ABSOLUTELY know who used it.


This card enrolls exactly the same as the Demo card and is locked to the individual until the card is placed on a reader and the reset key is applied for 3-5 seconds to the sensor on the card. Once that is complete the card can be re-enrolled/re-used. This ensure the card can only be used by the registered person until the secure SentryKey is used to reset it. Typically these cards have a Visitor or Contractor General information printed on them and not a photo as you would not be able to reprint directly to the card.