Halifax trials heartbeat authentication for mobile banking security

Trial 'will help us further understand how we can serve our customers in the way that best appeals to their needs,' claims bank

Halifax, the high street bank owned by Lloyds Banking Group, has trialled technology which uses a customer's heartbeat as security authentication for its digital financial services.

Under the proof-of-concept trial, Halifax has experimented with the use of the Nymi Band – a wrist-based wearable technology that monitors and records the user's heart rate – which sees that heartbeat used as authentication to gain access to banking services.

The use of electrocardiograms (ECG) "naturally provides strong protection against intrusions and falsification" and could bring major benefits to customers, said director of innovation and digital development, Marc Lien.

"Exploring innovative technology that will help deliver for our customers and enhance our overall capabilities is a real focus for us at the bank," he said.

"We are in the very early stages of exploring potential uses for the Nymi Band and wearable technology more widely, which will help us further understand how we can serve our customers in the way that best appeals to their needs," Lein added.

While Halifax's use of heartbeat monitoring for security is the first of its kind in the UK, it is not the first time a bank has considered employing biometrics to provide further security to digital and mobile customers.

Just last month, RBS Group launched a service for RBS and NatWest bank customers that enables them to protect their mobile banking apps through the use of fingerprint-based security.

Barclays unveiled blood-reading authentication technology for corporate banking clients in September last year. Nationwide, meanwhile, trialled and rejected iris recognition as a means of authenticating customers at cash machines.

Geoff Webb, senior director at global software firm NetIQ, argued that as mobile becomes a more common way of accessing banking, financial instructions will look at deploying new technologies to ensure security.

"Mobile is all about convenience and ease of use, but entering passwords or mandating multi-factor authentication on mobile devices can be inconvenient, so naturally banks are looking to streamline the authentication process as a key part of that user experience," he said, adding that "passwords are not working in this context."

"They're a pain for customers who have to create and remember complex strings of letters and numbers, and they're far too easy for hackers to steal," he continued. "We're quickly reaching the end of their useful lifespan and this is why we're seeing banks such as Halifax looking to shift to biometric-based methods of authentication."

"The objective here is to make it as hard as possible for a criminal to impersonate the customer," said Webb. "Heartbeat or ECG scanning would certainly raise the bar in terms of complexity even beyond some other forms of biometric authentication such as fingerprints."

Nonetheless, while biometric authentication technology is generally viewed as more secure than passwords, it is not infallible. When the iPhone 5S was released with fingerprint security in September 2013, hackers were offered a cash prize if they could get past the phone's Touch ID security. The fingerprint sensor was hacked in days by the Chaos Computer Club.

That same organisation showed off its ability to clone fingerprints and access smartphones using only basic tools in December.