Two banks based out of the United Kingdom - Royal Bank of Scotland and NatWest - yesterday announced incoming support of Touch ID in their iOS-based apps, allowing customers to gain access to their accounts without needing to input a user name and password (via BBC News).
Customers of each bank will need to activate the Touch ID feature with their existing security information within each respective app before being able to gain access to their banking statements via their finger. After three failed Touch ID login attempts, each bank said the app will revert to the traditional user name/password protected log-in request before needing to re-establish the Touch-ID features.
/article-new/2015/02/RBS-logo-800x228.jpg?lossy){kind=logo}
BBC reported that a few "security experts" voiced concern over the new fingerprint security feature given reports of specialized fake fingerprint hacks. Speaking to BBC, Ben Schlabs, of SRLabs, a German hacking think tank, said, "The security implications are the same, it is just as dangerous... I think it has been shown that it is pretty easy to spoof it and the risks aren't fully understood." There have, however, been no reports of such hacks being successfully used for malicious purposes.
With the recent surge of online and app-based banking solutions, both RBS and NatWest are confident the new feature will continue to offer their customers the level of security and accessibility they expect from the banks.
Stuart Haire, managing director, RBS and NatWest Direct Bank, said: "There has been a revolution in banking, as more and more of our customers are using digital technology to bank with us.
"Adding TouchID to our mobile banking app makes it even easier and more convenient for customers to manage their finances on the move and directly responds to their requests."
Both RBS and NatWest are owned by the same parent company, Royal Bank of Scotland Group, so many of the same features and options will be similar between each app. Each bank also promised that existing processes that required additional verification of identity, like money transfers, will continue to do so even if users choose to opt-in for the Touch ID features.
Top Rated Comments
The partner could just use the pin code as easily.. Because in a trusting, non-paranoid relationship, chances are both partners already know each other's pin codes for bank cards
----------
I'm with Barcalys, and I swear its a Stockholm syndrome relationship.....
Getting a viable fingerprint along with a users phone is not easy.
I respect the German hacking groups efforts but I think I could get a PIN with 100 times less difficulty. If I have to do a high resolution image of a finger, held just right, why couldn't I just SloMo Video the entering of a PIN.
The fingerprint is not stored in the cloud it is stored in the secure element on the phone. So it can't be mass harvested.
Compared to a PIN. I'll take the fingerprint anytime. For Apple Pay you can choose to use PIN only and your PINs can be longer than 4 digits.
Yes you can lift a fingerprint from a glass but you're talking a very targeted and dedicated crime and you still have to steal the phone. Are criminals going to find that worth the effort.
PINs are notoriously insecure, how many of them are anniversary or child or parents birthdays or street address of last four of SSN or telephone number. A bunch.
In the US even our Chip and PIN cards are not requiring a PIN at the one place I have been able to use it Walmart.
So I think the English banks use of FingerPrint tech like AliPay's last year is a big step in greater authentication.
Both useful. One is up to the bank. One is up to Apple. We'll get it, hopefully in a few months along with the other Summer announcements.
Good to see Touch ID adoption spreading too though, extremely useful in it's own little way.