A 95% Match Score Sounds Definitive. Here's Why It Might Mean Almost Nothing.

Here's something that should stop you mid-scroll: when a banking app confirms your identity through a face scan, it never actually "looks" at your face. Not in any meaningful visual sense. What it does instead is convert your face into a string of 128 to 512 numbers — a vector in mathematical space — and then asks a single question: how far is this vector from the one we stored during enrollment? If the distance is below a pre-set threshold, you're in. If it's above, you're not.

That's it. No face-to-face comparison. No visual inspection. Pure geometry.

The broader world is catching on to biometrics fast. According to Innovation News Network, 92% of chief information security officers have either implemented or are actively planning passwordless authentication systems — up from 70% just a year earlier. That's a 22-point jump in twelve months. Biometrics aren't coming. They're here. And most people have no idea what actually happens between "point your face at the camera" and "access granted."

Let's fix that.

---

Your Face Is a Building, and the Algorithm Only Cares About Its Coordinates

Think of facial recognition like converting an architectural blueprint into GPS coordinates. You don't store the entire blueprint — the full image. Instead, you extract the key structural features: eye spacing, jawline curvature, the distance between the tip of your nose and the corners of your mouth. Then you translate those measurements into coordinates in a 128-dimensional space. (Yes, 128 dimensions. Your brain can't picture it either, and that's fine.)

When the system later needs to verify your identity, it doesn't pull up your photo and squint at it. It generates a new set of coordinates from your current face and calculates the geometric distance between those coordinates and the ones on file. Close enough? Same person. Too far apart? Different person — or a bad photo. The match lives entirely in mathematical space.

This is why the process is reproducible and auditable in a way that eyeball comparison never could be. Two human analysts looking at the same pair of photos might disagree. Two distance calculations on the same pair of vectors will always return the same number. That's the foundation of why facial comparison can be investigatively sound — when the pipeline behind it is set up correctly. This article is part of a series — start with Deepfakes Hit 8 Million Courts Still Cant Prove A Single One.

---

The Six-Step Pipeline Nobody Talks About

The confidence score you see on a biometric result is the last thing computed. Everything before it is a chain of decisions, and a single weak link breaks the whole chain. Here's what actually happens, in order.

Step 1: Image Quality Check

Before any detection runs, the system evaluates whether the input image is even worth processing. Blur, low resolution, extreme angles, harsh shadows — all of these degrade what comes next. A sharp, well-lit, frontal image generates a reliable embedding. A grainy security camera screenshot from 40 feet away generates noise dressed up as data. The pipeline should flag poor-quality inputs and reject them rather than push garbage forward. Many systems don't do this aggressively enough.

Step 2: Face Detection

The algorithm needs to find where the face actually is in the image. Tools like MTCNN, OpenCV's SSD detector, or Dlib's HOG-based detector scan the image and draw a bounding box around any detected face. Sounds simple. It isn't. Poor lighting, partial occlusion, or unusual angles can cause the detector to miss the face entirely, crop it wrong, or — in a multi-face image — lock onto the wrong person.

Step 3: Alignment and Landmarking

This is the step most people don't know exists, and it's arguably the most important. Once a face is detected, the system identifies key landmarks — the corners of the eyes, the tip of the nose, the edges of the mouth — and uses those points to geometrically normalize the face into a standard orientation. Eyes aligned, face centered, consistent scale. Recent research on facial recognition pipelines confirms that preprocessing with consistent alignment is critical for accuracy. Without this step, the same person photographed at slightly different angles could generate wildly different embeddings — and fail to match their own enrollment photo.

Step 4: Embedding Generation

Now the face gets converted into its vector. A convolutional neural network — trained on millions of face pairs — processes the aligned face image and outputs a vector of 128 or 512 floating-point numbers. This is the mathematical fingerprint. Critically, as UCLA Deep Vision's academic breakdown of FaceNet explains, these embeddings are trained using a triplet loss function — meaning the network learns to push embeddings of different people apart and pull embeddings of the same person together, across varying lighting, pose, and aging. The embedding cannot be reverse-engineered back into a face image. It's genuinely non-reversible. What goes in as a face comes out as geometry.

Step 5: Distance Calculation and Threshold Decision

Here's where cases live or die. The system calculates either the Euclidean distance or cosine distance between two embeddings. In a well-documented FaceNet implementation, a distance of 0.0 means the faces are identical, and distances approaching 4.0 indicate completely different identities. A threshold — say, 1.1 — is then applied: below it, same person; above it, different person.

But that threshold is not universal. It's tuned for specific datasets, specific lighting conditions, specific demographic distributions in the training data. A threshold calibrated on frontal, well-lit mugshots may produce false rejections when applied to profile-angle surveillance footage. The number itself is meaningful only in context. Without knowing what threshold was used and on what training data, a "match" result is not reproducible science — it's a black box with a green light on it. Previously in this series: Deepfakes Rebuild Faces From Numbers Facial Comparison Inves.

Step 6: Human Review

In high-stakes contexts — banking KYC, law enforcement, court proceedings — a human examiner reviews the algorithmic output. This is not a formality. It's a necessary check on systematic errors the algorithm can't catch: unusual image artifacts, evidence of spoofing, edge cases outside the training distribution. The problem is that human review is only as good as the reviewer's understanding of what the algorithm actually did in steps one through five. A reviewer who trusts a "high confidence" score without interrogating the pipeline quality behind it isn't reviewing — they're rubber-stamping.

---

The Misconception That Makes Everything Worse

Ask most people what a "95% confidence score" means in a facial match result, and they'll tell you: the system is 95% sure it's the same person. That's intuitive. It mirrors how we think about test scores, weather forecasts, medical probabilities. It feels right.

It's wrong — and the wrongness matters enormously.

The system doesn't produce a confidence percentage in that sense. It produces a distance metric. A value like 0.4 on a scale where 1.1 is the threshold doesn't mean "96% confident." It means the two vectors are 0.4 units apart in embedding space — comfortably below the threshold, yes, but the interpretation of what that means depends entirely on what else is nearby in that space.

Here's the real kicker: in a database of one million faces, even a very tight threshold might still generate thousands of false matches, because with enough candidates, statistically similar-but-different embeddings pile up. A distance of 0.4 in a 10-person database and a distance of 0.4 in a million-person database are not equally reliable results. The score looks the same. The reliability is completely different.

"Biometric systems convert physical traits into mathematical templates, which are then compared as numerical data rather than images — making the process reproducible, but also dependent on the quality of inputs and the calibration of thresholds at every stage." — Innovation News Network

Why do people get this wrong? Because confidence percentages are how we've been taught to read every other kind of probabilistic output — from spam filters to medical tests. The mental model is baked in. Biometric vendors don't always help matters; some tools do display percentage-style readouts that paper over the underlying distance mathematics. The number looks familiar, so users trust it the way they'd trust a familiar thing. But the distance metric underneath is operating on completely different logic, and conflating the two leads to exactly the kind of uncritical acceptance that produces wrongful identifications.

At CaraComp, this is the distinction that shapes how we build and explain every comparison output — because a number without pipeline context isn't evidence. It's decoration. Up next: A 95 Match Score Sounds Definitive Heres Why It Might Mean A.

---

What "Court-Ready" Actually Requires

The shift toward biometric authentication in banking, KYC verification, and digital identity — documented across markets from the Netherlands to Saudi Arabia to the United States — means facial comparison results are increasingly appearing in legal and regulatory contexts. That raises the bar considerably.

A match result that holds up under cross-examination isn't one with the highest confidence number. It's one where every stage of the pipeline is documented: what image quality threshold was applied at step one, which detection model ran at step two, how alignment was performed at step three, which embedding architecture generated the vector at step four, what distance metric and threshold value were used at step five, and who reviewed it at step six — and what criteria they applied.

A distance of 0.3 against a threshold of 1.1 is a strong result. But "strong" only means something if you can answer: strong relative to what training data? Tested against what demographic distribution? Under what imaging conditions? Without those answers, you're presenting a number, not evidence.

So the next time you see a match result — in a banking app, a KYC check, or a court exhibit — the useful question isn't "is the score high enough?" It's: which step in the pipeline do you trust least? The image quality going in? The threshold someone tuned on a dataset you've never seen? Or the human reviewer who glanced at a percentage and called it done?

That question, by the way, doesn't have a generic answer. It has a specific one — for this image, this algorithm, this threshold, this reviewer. And that specificity is exactly what separates a defensible result from an impressive-looking number.