With the rapid growth of the Internet, electronic commerce amounts now to transactions of several billion US dollars. To avoid fraud and misuse, buyers and sellers desire more secure methods of authentication than today's userid and password combinations. Automated biometrics technology in general, and, fingerprints in particular, provide an accurate and reliable authentication method. However, fingerprintbased authentication requires accessing fingerprint images scanned remotely at the user's workstation, a potentially weak point in the security system. Stored or synthetic fingerprint images might be fraudulently transmitted, even if the communication channel itself is encrypted. In this paper, we describe an algorithm for secure data hiding in wavelet compressed fingerprint images to alleviate this problem. Assuming the image capture device is secure, then only the decompressor on the server can locate the embedded message and thereby validate the submitted image.