Touch ID takes off in mobile banking
The most recent Mapa Research report on digital banking security looked at the viability of biometric solutions in mobile banking and examined some of the first movers in the industry. The report highlighted an appetite for fingerprint ID in particular, as a way of reducing the friction experienced in accessing mobile banking services. In the short time since the report was published, there has been a huge amount of activity in this space. And in our monthly digital bulletin (contact us for more information on this service), we recorded a number of additional banks that have incorporated Touch ID into their mobile banking apps.
American Express, Simple and Discover now allow customers to log in to their banking apps using Touch ID fingerprint recognition on iPhones. The Touch ID log in process for Simple and Discover are shown above.
And the adoption of this technology has not been limited to the US: Société Générale has just emerged as the first provider in France to utilise Touch ID in their app, allowing customers to view their account balance pre-login. Additionally, customers have the option to add Touch ID authentication, as an extra layer of security, to access their account balance, pending operations and previous transactions. However, customers cannot use fingerprint verification to log in to the app. Westpac has also just announced that it plans to roll out fingerprint sign-in at the start of 2015. Importantly, Westpac has stated that the technology will be available to supported Android devices in addition to iPhones.
The appeal of Touch ID is clear; it has the potential to be hugely beneficial to customers by significantly streamlining their user experience. At the moment, people are expected to remember so many different passwords, and are advised to make them complex and change them regularly. Fingerprint verification seems to offer a convenient alternative, by providing a secure process using unique authentication that cannot be forgotten or left behind. But, while some banks have embraced the technology whole heartedly, such as the US providers shown above, others seem to be taking a more cautious approach, using it an additional layer of security rather than the sole means of accessing the app, as with Société Générale. Other banks, such as NatWest, have indicated that they are looking into Touch ID but feel that they “need more time”.
There are a number of issues around Touch ID that may explain the initial hesitation of some banks in this area. Firstly, the technology is still in its infancy, and at the moment, it is not available on many phones. There have also been complaints over its usability – although, as with most new technologies, this is something that will likely improve in time. Secondly, there are a few security concerns that have been raised around the use of Touch ID. For example, banks may be reluctant to replace 2FA log in with Touch ID alone, which effectively removes a layer of authentication. Additionally, one way of keeping a high level of security is to periodically change a password, which clearly cannot be done with fingerprints. And it has already been demonstrated that fingerprints can be lifted and replicated to hack the Touch ID fingerprint sensor.
Despite these issues, Touch ID adoption is picking up quickly, and there are likely to be an increasing number of banks incorporating the technology in to their apps in the coming months. With security being a key concern in the adoption of the technology, many banks are take a combined approach, using both fingerprint ID and a second authentication factor, for the time being.