Posted February 23, 2015 by Bex in Announcements

Is the new Natwest and RBS fingerprint recognition technology secure?

Four days ago, RBS and Natwest rolled out their new finger print recognition technology allowing those customers with an iPhone 5S, iPhone 6 or iPhone 6 plus to be able to access their mobile banking app within seconds using just their fingers.

touch_id-250x390They are the first UK banks to offer their customers this service and it means that there is no longer the need to remember passwords when logging into your account. However, can we be completely sure that this method is secure? Security experts would argue that no, this technology isn’t entirely foolproof. Sarah Francis, who is the money laundering reporting officer and compliance director at PPRO, explains that “whilst this announcement may be welcomed by some, many may still be concerned with the possibility of security and fraud. It should be remembered that fingerprints are publicly available and could be cloned, with different levels of effort. Therefore deploying biometric technology should be considered as part of a multi-factor authentication strategy by industry”.

Also expressing a concern over the use of biometric technology is Roy Tobin, a threat researcher at security software firm Webroot. “Biometrics have a very useful application in certain areas. But fingerprint technology isn’t the most reliable or secure method. In security we are always tasked with making the technology easy to use, but as secure as possible. Unfortunately, these two goals are difficult enough on their own, let alone when combined”. He also makes reference to the trouble that ensued after the release of the iPhone 6 last September explaining that, “the sheer amount of prints the average individual leaves behind day-to-day means that this data can relatively easily be compromised. There are a vast issues around data protection; who can access these fingerprints and how that data can be used are all real concerns. Add in the fact that the iPhone fingerprint scanner was hacked less than two days after its release, doesn’t restore faith in this type of verification”. He concludes that “we should not be looking for the simplest form of access, but the most secure – two-stage authentication with a strong password is the ideal security option,”.  So why have RBS and Natwest decided to go with this technology, when it seems as though what they had before was arguably more secure?

touchid-2With half of the banks’ 15 million customers already actively using online banking and with over 3 million customers using the mobile app every week, managing director, Stuart Haire explains that “adding Touch ID to our mobile banking app makes it even easier and more convenient for customers to manage their finances on the move and directly responds to their requests”. The mobile banking app uses Apple’s Touch ID fingerprint recognition, but customers must first activate the feature with their security information.

Clearly, it is the way forward for online banking as according to a British Banking Association report, banking apps have been downloaded more than 12.4 million times in Britain. But what do you think? Would you be happy knowing that the ‘key’ to your bank account could be so easily cloned and consequently your account could be so easily compromised?