RBS Group introduces fingerprint security for mobile banking

NatWest and RBS become first UK banks to rollout biometric security to iPhone customers, but expert stresses need for two-stage authentication

The RBS Group has launched a service for customers of RBS and NatWest banks that allows them to protect their mobile banking apps through the use of fingerprint-based security.

RBS and NatWest will be the first UK banks to offer this service, but only to customers who own an Apple iPhone 5S, iPhone 6 or iPhone 6 running on iOS8.

The service uses Apple's Touch ID technology to recognise the fingerprint of the customer, meaning that they don't need to manually enter a password to access mobile online banking services.

According to figures released by RBS and NatWest, nearly half of the bank's 15 million customers use some type of online banking, with three million regularly using mobile banking apps. Of those, almost two million users access the mobile application via an iPhone.

RBS said that it's deploying the technology after consulting its online community forum, which revealed that users want to use the latest mobile app technology.

"There has been a revolution in banking, as more and more of our customers are using digital technology to bank with us," said Stuart Haire, managing director at RBS and NatWest Direct Bank.

"Adding Touch ID to our mobile banking app makes it even easier and more convenient for customers to manage their finances on the move and directly responds to their requests," he continued.

"Our aim is to be the number one bank for customer trust, service and advocacy so we want to continue adapting our service based on the valuable feedback we receive from our customers every day," Haire added.

But while fingerprint technology is generally viewed as more secure than passwords, it is not infallible. When the iPhone 5S was released with fingerprint security in September 2013, hackers were offered a cash prize if they could get past the phone's Touch ID security. The fingerprint sensor was hacked in days by the Chaos Computer Club.

That same organisation showed off its ability to clone fingerprints and access smartphones using only basic tools in December.

Roy Tobin, threat researcher at internet security firm Webroot, has warned that faith in fingerprint technology may be misplaced.

"With so many high-profile data breaches over the past 12 months banks should tread carefully when implementing biometric technology. Biometrics have a very useful application in certain areas. But fingerprint technology isn't the most reliable or secure method," he said.

"In security we are always tasked with making the technology easy to use, but as secure as possible. Unfortunately, these two goals are difficult enough on their own, let alone when combined," Tobin continued, going on to warn how "this data can relatively easily be compromised".

"The fact that the iPhone fingerprint scanner was hacked less than two days after its release doesn't inspire confidence in this type of verification," he said.

"We should not be looking for the simplest form of access, but the most secure - two-stage authentication with a strong password is the ideal security option," he added.

Jason Goode, managing director EMEA at single sign-on tool provider Ping Identity, welcomed the introduction of fingerprint-based mobile technology by the banking group.

"CIOs and IT managers should take note that while security is a top priority for online banking customers, so too is convenience. It should therefore come as no surprise that the banking industry is starting to embrace the next generation of application technology," he said.

"Biometric technology such as fingerprint recognition not only facilitates a faster service in our on-demand culture, but it also centres on the user's identity - a crucial aspect," Goode continued.

"By deploying systems that centre on a customer's identity and recognise returning customers to give them quick and easy access, banks can avoid any exodus and allow both their businesses and their customers to truly realise the benefits of secure online, mobile access to their finances," he added.

The fingerprint security login for RBS and NatWest mobile customers will be available from tomorrow.

While RBS and NatWest might be the first UK banks to deploy fingerprint-based security technology, they aren't the first in the country to use biometrics. Last year, Barclays unveiled finger-vein-reading authentication technology for corporate banking clients.