News & Blog

Mobile Banking Iris-Scanning

By Francis West on 26th July 2017

This September, TSB customers will just have to look at their phone’s camera to access mobile banking services thanks to the introduction of iris-scanning authentication.

Iris-Scanning Access

TSB customers with Samsung Galaxy S8 or S8+ will be the first in Europe to use iris-scanning technology to unlock their TSB banking app. As always, users will be required to register their biometric data within the app first, and then use it in lieu of passwords and personal identification numbers.

Authentication Most Secure

Carlos Abarca, TSB’s CIO, is reported to be all for a more customer-friendly approach to identification and authentication and, aside from reducing the time spent on keying in your PIN, iris recognition is believed by many to be the most secure method of verifying a customer’s identity because no two irises are the same.

Iris-Scanning On the Go

Airports and other establishments have been using iris-scanning technology for quite some time now e.g. airport automated passport checks.

Having the technology in handheld devices is (if it actually works consistently well) likely to provide value-adding convenience and immediacy for bank customers.

Hack-Free?

Many thought that iris-scanning technology was totally secure and fool-proof until a group of German hackers claimed that they were able to bypass Samsung’s iris scanner. They used a 3D print out of an eye that matches photos taken from the web of the account user; these photos were in high definition, enough to capture the iris. Samsung dismissed this claim as not possible.

Although it would be impossible for TSB to say that iris-scanning is hack-proof, the bank has re-assuringly said that it is potentially more secure than using fingerprints for authentication because fingerprint scanning uses 40 characteristics whereas iris scanning uses 266. Some critics have said however, that using a fingerprint may be slightly more convenient for customers than holding a phone to their eye.

Voice Recognition Fail

Not all biometric methods have been successfully introduced. Many people may remember how, back in May this year, BBC reporter Dan Simmons was able to fool HSBC’s biometric voice recognition system by passing his brother’s voice off as his own in an experiment that was filmed for the BBC Click technology digest TV programme.

TSB Optimistic

While creating a fake eyeball is a possibility, it is likely to be exceptionally hard to do. Hacking the iris scanner in the phone will could also prove to be a real challenge because aside from the biometrics, TSB is also relying on the digital certificate on the mobile phone. TSB is confident that this project will be successful among its customers, especially those tech-savvy ‘early adopters’ who want the latest innovation in their banking experience.

What Does This Mean For Your Business?

Banks are keen to move away from password technology, which has been shown to be relatively lacking in security (e.g. passwords can be stolen) and move into the more secure world of biometrics. Finding a practical workable technology that maximises security and convenience is in the interest of all of us, and such systems (if affordable) could have applications in many businesses outside of banking.

Although iris-scanning / iris recognition technology looks very promising, organisations looking to introduce biometrics (particularly on a large scale) face two major challenges in the minds of their customers - worries about privacy and worries about safety. Customers want to know that their data is secure, and that the biometric system can't be hacked or fooled. Back in August last year, a study from YouGov and commissioned by e-mail provider GMX shows that the UK people surveyed had trust concerns about biometrics ranging from concerns about the providers to the technology itself. More than 40% of those surveyed didn’t want companies to have any access to their biometric information, and one-third said they were afraid that their biometric information could fall into the hands of criminals. In fact, only 5% of those surveyed thought that there is no risk associated with biometric logins.

With wider knowledge in the market about the safety aspects of these systems backed up by falling fraud figures (fraud figures are still too high in the UK), the industry establishing benchmarks for best practice, and maximum convenience for customers using them, biometric systems may be more trusted and more widely accepted and used in future.

Comments