Natwest and RBS allow access to apps using TouchID

The group has announced that iPhone users will be able to access banking apps using TouchID, despite security concerns over the fingerprint tech

RBS and Natwest have incorporated Apple’s fingerprint recognition technology into their apps; an industry first for the UK.

The technology, available on the iPhone 5S, iPhone 6 and iPhone 6 Plus, will enable customers to access their banking services without the need for a password.

"There has been a revolution in banking, as more and more of our customers are using digital technology to bank with us,” said Stuart Haire, managing director, RBS and NatWest Direct Bank. "Adding TouchID to our mobile banking app makes it even easier and more convenient for customers to manage their finances on the move and directly responds to their requests."

A recent study found that roughly 5.7m transactions were processed each day using internet-enabled devices. Nearly 50% of Natwest and RBS customers now use online banking and around 3 million access their accounts via an app each week.

Concerns over the security implications have already begun to surface. Jan Krissler is a member of the Chaos Computer Club and was one of the first to bypass TouchID, using only a scanner, basic software, the print left behind on the surface of a phone and some glue.

Krissler, who operates under the pseudonym Starbug, has since demonstrated that it is possible to recreate a fingerprint without physical access to a print, using only a high resolution photograph.

Writing In a blog post, Marc Rogers, chief security researcher at Lookout Mobile Security, said that the fact that fingerprints can be lifted was never really up for debate.

“CSI technicians have been doing it for decades. The big question with TouchID was whether or not Apple could implement a design that would resist attacks using lifted fingerprints, or whether they would join the long line of manufacturers who had tried but failed to implement a completely secure solution,” Rogers wrote.

Despite the inherent flaws, the security expert believes that fingerprint hacks remain unlikely.

“Practically, an attack is still a little bit in the realm of a John le Carré novel. It is certainly not something your average street thief would be able to do,” he said, adding, “TouchID is not a ‘strong’ security control. It is a ‘convenient’ security control.”

Read more on Identity Management Solutions and Services