Two British banks are getting into biometric authentication. Going forward, customers of RBS and NatWest will be able to access their banking accounts via smartphones using fingerprint recognition technology. The feature will need to be initially activated with their security information, but from then on users only need to use Apple’s Touch ID to get at their accounts.
Both banks are part of the Royal Bank of Scotland Group. Both financial institutions have stated that failed login attempts will require customers to manually re-enter their passcodes. Additionally, Some of the in-app features – like those used to pay money out – require additional verification currently and will continue to do so going forward.
But a security expert expressed concern that Touch ID is not secure enough.
Ben Schlabs, of SRLabs, a German hacking think tank, told the BBC: “The security implications are the same, it is just as dangerous…I think it has been shown that it is pretty easy to spoof it and the risks aren’t fully understood.”
He said that using Touch ID alone to gain access to a banking app presents new types of security risks.
“Just the fact that you are carrying the key around with you and leave copies of it exposed everywhere you go makes it a very different risk to something that is inside your brain. The risks are poorly understood.”
Whatever the risks, however, mobile is on fire in the U.K. According to a British Banking Association report, banking apps have been downloaded 12.4 million times in Britain.
Stuart Haire, managing director, RBS and NatWest Direct Bank, said: “There has been a revolution in banking, as more and more of our customers are using digital technology to bank with us. Adding Touch ID to our mobile banking app makes it even easier and more convenient for customers to manage their finances on the move and directly responds to their requests.”