The Critics’ View: Biometric Security For Mobile Banking

google

TechWeekEurope gets the expert’s views on RBS and NatWest’s plans for fingerprint scanning logins

Earlier this week, RBS announced that users of its RBS and NatWest mobile banking apps can now access their accounts using the TouchID fingerprint scanner on Apple’s iPhone 5S, 6 and 6 Plus devices. The bank says the new service offers better security as well as added convenience for its customers, but what does the industry think of the move? TechWeekEurope has collated some of the best responses below…

Jason Goode, managing director EMEA, Ping Identity

“CIOs and IT managers should take note that while security is a top priority for online banking customers, so too is convenience. It should therefore come as no surprise that the banking industry is starting to embrace the next generation of application technology. Biometric technology such as fingerprint recognition not only facilitates a faster service in our on-demand culture, but it also centres on the user’s identity- a crucial aspect.

By deploying systems that centre on a customer’s identity and recognise returning customers to give them quick and easy access, banks can avoid any exodus and allow both their businesses and their customers to truly realise the benefits of secure online, mobile access to their finances.”

fingerprint scannerPhil Underwood, global head of pre-sales at SecurEnvoy

“Today’s announcement from RBS and NatWest on their adoption of fingerprint technology is a landmark moment for two factor authentication (2FA) entering the mainstream.

“There is always a balancing act when it comes to authentication. Make it too easy for the user and the authentication may be compromised or circumvented; too hard and adoption rates for the new authentication technology will drop. This shows that there is now a middle ground that is secure enough for banks to remain regulatory compliant, but easy enough to lead to widespread adoption (as backed up by them citing almost 1m downloads of its banking app already).

“One of the main drivers of this authentication technology taking hold, is that the current generation’s device of choice is now firmly the SmartPhone, with there now being over 1.75 billion devices in use worldwide and this is ever growing.

“Today, 2FA is all around us and prevalent on popular web sites such as PayPal, Gmail and Ticketmaster.

“With the advent of reliable fingerprint readers on the latest SmartPhones, the second “something the user knows” component is switched from a potentially easy-to-break password to a physical one that is unique. So the technology is at everyone’s finger tips… literally.”

bank security - ShutterStock - © Gena96Sarah Francis, money laundering reporting officer and compliance director at The PPRO Group

“In a new effort to move away from the use of passwords, RBS and NatWest have announced that they are soon to allow customers to access accounts on their smartphones using fingerprint recognition technology. This is an interesting, yet exciting step for the financial and banking sector. With more and more consumers turning to online banking, we have seen an increased move into a cashless society, which is becoming increasingly apparent with the closure of many bank branches.

Whilst this announcement may be welcomed by some, many may still be concerned with the possibility of security and fraud. It should be remembered that fingerprints are publicly available and could be cloned, with different levels of effort. Therefore deploying biometric technology should be considered as part of a multi-factor authentication strategy by industry.”

Tony Anscombe, senior security evangelist, AVG

“The process of recreating someone’s fingerprint is both difficult and time consuming and therefore unlikely to be an issue for the mass consumer audience. If you look back a few years, only a few people used PIN numbers on their phones.

I believe we should be celebrating that authentication mechanisms once only used by large companies and government agencies have found their way into our everyday lives.

If the introduction of swipe codes and biometric security increases the number of people with locked phones, isn’t that a good thing?”

Geoff Webb, senior director, solution strategy at NetIQ

“This move by RBS is being driven by the confluence of two very powerful trends. Firstly the widespread move to online banking, with customers expecting to be able to do more on the go from their mobile device, without the inconvenience of having to go to a physical bank or even use a traditional desktop or laptop computer.  The second trend is the failure of traditional methods of authentication – proving we are who we claim to be – and the rising cost of fraud and breaches that accompany that failure.

“The era of using passwords to prove who we are is drawing to a close. It’s simply too difficult for consumers to create and remember complex passwords, and far too easy for hackers to steal those passwords.  As a result there is a rapid shift to biometric-based methods of authentication. The most obvious (and accessible with modern smartphones) is the fingerprint. It’s a good solution – fast, reliable and actually pretty secure. As the need to quickly and securely prove who we are grows in line with the migration of our lives from offline to online, we should expect to see more and more biometric authentication – including fingerprints, iris scanning, retina scanning, and behavioural.”

Do you know all about biometric technology? Take our quiz!