Biometrics: More Ways to Access Your Bank, More Problems Staying Unhacked

By Gary Cutlack on at

RBS and NatWest are yielding to Apple's world domination plans by letting customers access their bank accounts using a Touch ID sensor alone, opening up new ways for our besieged accounts to be hacked by clever people.

Once activated through the app, RBS and NatWest users will then be able to access a limited selection of mobile banking features, without having to waste valuable seconds inputting the third and sixth characters of a long-forgotten special dog's name.

The fact that it has to be limited shows we're not ready for, or trusted with, this kind of easy-access power to our own money. As is the way with many current mobile banking apps, if you want to do anything proper, you have to access the full web site using the last-generation password system.

The banks think we're so stupid we're likely to lose our bags, phones, and the pieces of paper we keep our banking passcodes written on, granting instant access to our money to whoever rescues our leather satchels from the bag of the pub chair we hung them over.

Fail three times to swipe your fingerprint using Touch ID and you have to input all the security data again, which could at least be good news for the hand hygiene of the nation, but adding another security method is not the answer to keeping things safe. Teaching school kids not to click on links in spam emails would have more of an effect on the security of the nation than this headline-grabbing security feature.

If our reward for being good and activating enhanced security methods is fewer features, there's literally no point in doing anything about it. Jump through some additional security hoops to get it working, then get a hobbled selection of features in return? Thanks, but I'll carry on accessing your site through the mobile browser using "password" as my password if that's how you're going to treat me.

And hackers are falling over themselves to shout about how breakable Touch ID is, with amateurs also happily spoofing it with photos of fingers and plasticine fingers and sausages with lines drawn on them. Even if the risk of being hacked is being exaggerated, why introduce a new way of potentially having accounts compromised to the mix? [BBC]