iBank: RBS, NatWest first UK banks to allow Apple Touch ID logins
Thieves, prepare your Gummi Bears* for deployment
RBS and NatWest have become the first UK-based banks to offer their customers the option to log in to mobile banking apps using Apple’s Touch ID fingerprint recognition technology.
From today (19 February), RBS and NatWest customers who have an iPhone 5S, iPhone 6 or iPhone 6 plus will be able to access their mobile banking app within seconds using their fingers. The approach does away with the need to remember passcodes every time you log into mobile banking apps loaded on your smartphone.
Half the banks’ 15 million customers actively use online banking, with over 3 million customers using the mobile app every week. RBS and NatWest have 1.8 million active iPhone users who use the app on average 40 times per month.
“Adding Touch ID to our mobile banking app makes it even easier and more convenient for customers to manage their finances on the move and directly responds to their requests,” said Stuart Haire, managing director, RBS and NatWest Direct Bank, in a statement.
Security experts gave the technology a mixed welcome.
Sarah Francis, money laundering reporting officer and compliance director at The PPRO Group, said that the bank was steering customers away from passwords while cautioning that fingerprints on their own are far from foolproof.
“This is an interesting, yet exciting step for the financial and banking sector. With more and more consumers turning to online banking, we have seen an increased move into a cashless society, which is becoming increasingly apparent with the closure of many bank branches," she said.
“Whilst this announcement may be welcomed by some, many may still be concerned with the possibility of security and fraud. It should be remembered that fingerprints are publicly available and could be cloned, with different levels of effort. Therefore deploying biometric technology should be considered as part of a multi-factor authentication strategy by industry,” she added.
Roy Tobin, a threat researcher at security software firm Webroot, also expressed reservations about the use of fingerprints as a biometric.
“With so many high-profile data breaches over the past 12 months, banks should tread carefully when implementing biometric technology,” Tobin said. “Biometrics have a very useful application in certain areas. But fingerprint technology isn’t the most reliable or secure method. In security we are always tasked with making the technology easy to use, but as secure as possible. Unfortunately, these two goals are difficult enough on their own, let alone when combined.”
Tobin noted that Apple’s iPhone fingerprint scanner hack days after the release of the iPhone 6 last September hardly inspires confidence.
“The sheer amount of prints the average individual leaves behind day-to-day means that this data can relatively easily be compromised. There are a vast issues around data protection; who can access these fingerprints and how that data can be used are all real concerns. Add in the fact that the iPhone fingerprint scanner was hacked less than two days after its release, doesn’t restore faith in this type of verification. We should not be looking for the simplest form of access, but the most secure - two-stage authentication with a strong password is the ideal security option,” he concluded. ®
* See the first time we covered Gummi Bears as a method of cracking fingerprint ID tech, back in 2002, here... It was still a problem, specifically in relation to Apple's Touch ID tech, a full 12 YEARS LATER – in September 2014.