Banks to allow account access using fingerprint tech By Kevin Rawlinson

BBC News Published duration 18 February 2015

image copyright Getty Images image caption Apple's TouchID, now to be used to access banking apps, was criticised after hackers managed to breach it

Two banks are allowing their customers to access accounts on their smartphones using fingerprint recognition technology, in a UK industry first.

RBS and NatWest customers must activate the feature with their security information, but would only need to use Apple's Touch ID thereafter.

The banks said that, after three failed login attempts, customers would have to re-enter their passcodes.

But a security expert expressed concern that Touch ID is not secure enough.

The banks, both part of the Royal Bank of Scotland Group, said that the feature would be available on the iPhone 5s, 6 and 6 Plus. Customers would have to enable the feature using their existing login details.

Some of the in-app features used to pay money that required additional verification would continue to do so and limits were set on new payments, the banks said.

image copyright Getty Images image caption RBS, along with NatWest, is allowing customers to access their accounts using the fingerprint recognition technology on iPhones

They said that around 880,000 of their customers currently use the apps on those handsets.

The feature, which uses fingerprint recognition to grant access to iPhones, was criticised soon after it was introduced with the launch of the iPhone 5 in 2013.

A group of hackers managed to get around it only a day after the launch by making a fake finger from a photograph of a fingerprint left on a glass surface.

'Easy to spoof'

While Apple insisted that TouchID was secure, it said it was not a total replacement for traditional security measures and was meant to make unlocking the phone more convenient. In a similar vein, the banks have now said they wanted to make it "even easier and more convenient for customers".

Ben Schlabs, of SRLabs, a German hacking think tank, told the BBC: "The security implications are the same, it is just as dangerous... I think it has been shown that it is pretty easy to spoof it and the risks aren't fully understood."

He said that using TouchID alone to gain access to a banking app introduced dangers that were not present when using passwords or Pins.

"Just the fact that you are carrying the key around with you and leave copies of it exposed everywhere you go makes it a very different risk to something that is inside your brain. The risks are poorly understood."

However, he said that most people would have little need to worry, adding: "There have not been any reports that I know of with the iPhone sensor of actual crimes being enabled by it".

'Revolution'

According to a British Banking Association report, banking apps have been downloaded more than 12.4 million times in Britain.

The Way We Bank Now study, which was released last June, showed that people were making "around 5.7 million transactions each day using smartphones and other internet-enabled technology".

According to the banks, nearly 50% of their combined customer base of 15 million people used online banking and that around three million accessed their accounts via an app each week.

Stuart Haire, managing director, RBS and NatWest Direct Bank, said: "There has been a revolution in banking, as more and more of our customers are using digital technology to bank with us.