A biometric capture method where the identity image is taken while the subject continues moving through the checkpoint. The goal is to reduce dwell time and queue pressure, but the control still depends on image quality, exception handling, and downstream verification reliability.
Expanded Definition
On-the-move capture refers to a biometric enrollment or verification process that acquires an image while a person continues walking through a checkpoint, rather than pausing for a fixed pose. It is used in high-throughput environments where queue length, passenger flow, or gate congestion matters.
The operational value is speed, but the security tradeoff is stricter dependence on camera placement, lighting, motion tolerance, and downstream matching accuracy. In practice, the control is not just the camera feed. It also includes liveness expectations, exception routing, and the reliability of the identity decision that follows. That is why definitions vary across vendors: some describe the term as a capture modality, while others treat it as part of a broader biometric screening workflow. For governance, it is best understood as a checkpoint design choice within the identity assurance path, not as a standalone security guarantee. NIST Cybersecurity Framework 2.0 is useful here because it frames the need to manage identity-related risk as an operational control problem, not merely a user experience improvement.
The most common misapplication is treating motion-friendly capture as proof-quality identity verification, which occurs when throughput goals override image-quality thresholds and fallback checks.
Examples and Use Cases
Implementing on-the-move capture rigorously often introduces a throughput-versus-assurance tradeoff, requiring organisations to weigh shorter queues against a higher rate of rejected or ambiguous captures.
- Airport security lanes that capture faces as passengers keep walking, reducing dwell time while still triggering secondary review when match confidence drops.
- Border or access checkpoints that combine moving capture with a watchlist lookup, where the capture is only one step in a larger verification chain.
- Corporate facilities that use motion-tolerant cameras at employee entrances, especially where high-volume shift changes make stopping every subject impractical.
- Critical infrastructure sites that pair capture on approach with an operator override for glare, occlusion, or unusual movement patterns.
In the identity security context, this design choice matters because it can either support controlled automation or create a fast path around scrutiny. NHI Mgmt Group has shown that only 5.7% of organisations have full visibility into their service accounts in the Ultimate Guide to NHIs, a reminder that any high-speed identity workflow must still preserve verifiable records and exception handling. For a standards lens on managing identity risk in operational environments, the NIST Cybersecurity Framework 2.0 remains a practical reference point.
Why It Matters in NHI Security
On-the-move capture is relevant to NHI security because many identity systems now operate under real-time pressure, where a delayed decision can interrupt physical access, automation, or machine-to-machine workflows. When the capture step is weak, attackers and operational failures can both benefit from the same blind spots: blurred imagery, spoof-resistant checks that are skipped, and exception paths that are poorly logged. That is especially important in environments where biometric entry is tied to privileged physical zones or downstream systems that assume the person, device, or agent has already been validated.
Risk also grows when motion-friendly capture is deployed as if speed alone were a control objective. NHI Mgmt Group reports that 79% of organisations have experienced secrets leaks, with 77% resulting in tangible damage, underscoring that weak identity processes often become visible only after an incident reveals the gap. When paired with lessons from the Salt Typhoon US telecoms breach and the Microsoft Midnight Blizzard breach, the governance lesson is consistent: identity controls fail fastest when convenience outruns verification.
Organisations typically encounter the consequences only after an access dispute, false accept, or failed investigation, at which point on-the-move capture becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST SP 800-63 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AA-01 | Identity assurance must be maintained even in high-throughput capture workflows. |
| NIST SP 800-63 | IAL/AAL context | Biometric capture supports identity proofing and authenticator use, but assurance depends on the full process. |
| OWASP Non-Human Identity Top 10 | NHI-01 | Fast identity workflows can hide weak verification and poor exception handling. |
Treat motion capture as one input to assurance, then enforce matching, liveness, and fallback checks.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
