Reconciling TouchID with Bank T&Cs
"Banks have warned customers that if they store other people's fingerprints on their iPhones they will be treated as if they have failed to keep their personal details safe.
This means the bank can decline to refund disputed transactions or refuse to help where customers claim they have been victims of fraud."
According to the paper, "the banks' position is typically buried in the detail of bank account Ts & Cs", something as we all know that most people accept without reading in detail. I can appreciate the banks' concerns, but I wonder if they are somewhat overblown. Although this will change in time, most of Apple Pay transactions in the UK are still capped at the contactless limit (£30). Any of my family members today can take my contactless card and use it as contactless without any PIN. I haven't heard too many suggestions that I should keep my card locked away from my family members. However, if this were to happen, I should be prepared to accept my family's transactions and not report them as fraud. I am no legal expert, but it doesn't feel like inserting protective statements within T&Cs is the way forward. First, it's not very transparent. Second, if the issue were to arise, it is something that would not be easy for banks to prove. Could consumers just delete all the other fingerprints in case of a dispute? Finally, it's just poor customer service. Instead, banks should invest into educating consumers about digital technologies and how to use them safely and responsibly. Even if it's as basic as, "don't allow strangers to register their fingerprints on your phone" and "be prepared to accept your family's transactions and not dispute them as fraud." As the value of Apple Pay transactions grows, banks ought to consider deploying additional techniques, such as behavioural analysis to authenticate the users and minimise fraud. As with most security, multi-layered approach is likely to work best.