Remember the time BBC journalist Dan Simmons got his twin brother to log into his HSBC account using voice recognition? Or the time a photographer took a long range photograph of the German Defence Minister and cloned her thumbprint? The one thing in common between the two instances is that they both made it painfully clear that biometric security isn't really secure or, in many cases, fit for purpose.
Samsung introduced iris recognition software on their newest smartphone, the Galaxy S8 but it didn't take members of the German hacking group the Chaos Computer Club long to unlock a phone using a dummy/pretend eye. Amidst all this furore, Samsung pulled the feature off the phone. It is meant to be reintroduced in September 2017 with more robust security features onboard.
However, TSB have today rolled out iris recognition tech for its customers who have Samsung's Galaxy S8 or S8 Plus smartphone. Due to be launched in September, customers will be able to unlock their TSB banking app with just a cold hard stare.
HSBC's voice ID authentication glitch raises questions on biometric security
Commenting at the launch, TSB's chief information officer Carlos Abaca told BBC: "Iris recognition takes advantage of 266 different characteristics, compared with 40 for fingerprints. It's extremely fast - it takes less than a second to get in - and the gesture is very natural. And you don't have to remember secret numbers or passwords."
“The general perception is that biometric security – iris scans, fingerprints and voice recognition – is inherently secure because it’s taking something you are, something that never changes, and using it as a means to access your accounts to verify your identity. While this is significantly more secure than using passwords which has been shown to be a very poor form of authentication, a few caveats apply. The person using the authentication data has a big responsibility to store the data in a secure fashion. If we think about a ‘normal’ breach, for example when a password is hacked, it’s easy to reset your password or change the security settings. It’s also relatively easy to recover from one of these threats. If you’ve lost money from your online bank account at the hands of opportunistic cyber criminals, it’s likely you’ll be able to claim it back from your bank," said Etienne Greeff, CTO and Co-Founder, SecureData
Those worried about using biometric security for their mobile banking can stick to traditional methods of logging in like passwords and PIN.
Cybersecurity Travel Tips When Going Abroad
Richard Parris, CEO, Intercede said: “Biometric security is no longer the stuff of sci-fi films; as consumers flock to scan their faces to unlock their phones, or use their fingerprints to pay for items in a shop, both the individual and the consumer need to ask the question – ‘can I be hacked right now?’ The onus is on the business to provide the appropriate security to protect the customer and the consumer needs to be aware of the data they are sharing and how they can better protect themselves from the prying eyes of cyber criminals.”
This isn't the wildest cyber security solution in banking that we've heard of recently, though. Intelligent Environments recently developed the first emoji log in system, which lets people log into their accounts using emoji rather than numbers. Given there are 480 times more permutations using emojis over traditional four digit passcodes, this security technology has been proven to be mathematically more secure as well as easier to remember!
More entertaining too!