Logging Into Your Bank in a Heartbeat
2 April 2015
Apple may not always come up with the idea in the first place, but by throwing their weight behind they can take the idea mainstream. Biometric authentication has existed for years, but it was Apple that really brought it to everyone's attention when it first launched TouchID, and subsequently demonstrated with Apple Pay how biometrics can be used to authenticate a payments transaction. Now financial institutions are looking for ways to use biometrics to authenticate customers for other things, such as logging into online and mobile banking. Everyone agrees that the situation where we all have to remember a plethora of passwords and PINs has become unmanageable and is now a serious security concern. In the UK, RBS and Natwest have announced in February
that their customers can now log into their mobile banking app with Apple's TouchID available on the iPhone 5s, 6 and 6 Plus. The critics of biometric authentication point to a number of shortcomings - for example, TouchID was hacked soon after launch by using a fake finger from a photograph of a fingerprint left on a glass surface. If your password gets stolen, you can change it; it is a lot worse if the record of your fingerprint is compromised. And the extreme scenarios bring up the Hollywood-style scenes of cut-off fingers and loose eye balls. True, no security is perfect, so layering and balancing is important. For example, even after the log-in, RBS and Natwest require further authentication for some payment transactions. You also might want more assurances if you are getting access to a private banking account with high balances. Some banks are also experimenting with more sophisticated biometrics technologies. Last year, Barclays have trialled
a special fingerprint scanner which uses infrared lights to scan blood flow in the veins of a person’s finger, and was planning to roll out the scanner to commercial customers. Incidentally, using the "vein profile" solves the "cut-off finger" challenge. Halifax, another UK bank, is trialling the technology
from a Canadian firm Bionym. The bracelet called "Nymi" measures the intricate "cardiac rhythms" unique to every person, which can be used not only to log into a mobile banking app, but also potentially for many other applications, such as gaining access to the office, unlocking a car, or even boarding the plane and crossing borders. As always with new technologies, there is lots to learn and work out. But it seems that the future of logging into your bank account with a heartbeat (quite literally!) is not that far away.