OMPI Blog

OMPI Blog

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Touch ID for banking apps: not quite the end of passwords just yet

Fingerprints have been used as an authentication method for ages.

In ancient Babylon in the second millennium BC, parties to a legal contract would impress their fingerprints into a clay tablet to protect the contract against forgery. One can’t help but wonder the levels of trust in the Babylonian society where fingerprints that were not even forensically analyzed, were adequate to certify agreement.

Fast forward to 2014, and we have increasingly complicated the need for authentication for everything that we do and transact in a digitally-enabled world. How many times do people decide against an online purchase or transaction simply because they can’t remember a password or an identification number? Often we have to go through two, three, sometimes more identification steps. In e-commerce terms this is called ‘friction’; anything that is more difficult than using cash or a card deters buyers from making their purchase through mobile channels.

Not to mention passwords are terrible. Many of us use very simple passwords (according to survey results published by Splashdata , the most common password in 2013 was ‘123456’) or use the same one for all their passwords. Experts have found that humans are not very good at picking and remembering safe passwords, and yet we face increasingly complex requirements every time we set up a new one..
(https://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd)

So what’s this TouchID, and could it change this passwords game?

TouchID works by reading your fingerprint and matching it to a numerical representation previously recorded and stored on a device. If the images match, it’s done.

Now imagine a world where you’re only one touch away from making a payment online or making a transaction from your banking app. With Apple opening up its Touch ID technology to third-party developers , fingerprints might transform the way we identify ourselves for online transactions, as PayPal and some US banks have already announced they were looking to integrate this technology in their mobile portals. So it really does look like Apple has opened the door to a much simpler world, and banking and payment apps are an obvious development.

Before we all start rejoicing at the idea of erasing our passwords from our memories, let’s examine the reasons why banks seem to be taking their time before taking the leap.

1. Security

Firstly, in the world of passwords, one way of maintaining a high level of security is to change them regularly. Annoying, but easy. Changing your fingerprint… well, you get the idea. Secondly, fingerprints have been historically used for criminal investigations. Is it possible that this would make them more attractive to steal than passwords? "You only have one set of biometric data, and we need to decide, as an industry, how to make sure that biometrics are introduced correctly," said Anuj Nayar, PayPal's senior director of global initiatives.
(http://www.usatoday.com/story/money/personalfinance/2014/06/29/banking-apple-biometric/11504139/)

Also, it may be disappointing but, it’s a fact – the TouchID technology has officially already been hacked. However security professionals are confident that the hassle it takes to lift and exploit a fingerprint is too significant to worry the average customer.

It might take a little bit more testing and proofing before banks take the leap, but industry leaders say that such worries will subside over the next couple of years, notably helped by the development of new smartphones.

The fact is, even your iPhone5s still relies on your password in certain circumstances (after restarting your phone, or when you haven’t unlocked it in the past 48 hours).

2. Practicality and sustainability

The practicality of TouchID is undeniable, however Apple received a large amount of complaints on TouchID. These customers claimed that the service started deteriorating after a while, and that they had to re-upload their fingerprint frequently.

OK, so TouchID is not 100% perfect - yet.

What does it mean for mobile banking app identification today? It looks like we’re going towards a multi-identification model.

Bank of America reports to have 15 million mobile users , and has recently announced that it was interested in integrating the TouchID capability in their new mobile app. But even Bank of America is only talking about combining TouchID with other ways of verifying your identity, rather than relying only on it.

“We are constantly exploring options to help drive a frictionless user experience and those options include working within established consortiums as well as emerging capabilities such as Touch ID integration. As discussed, customer security is a top priority and thus balancing the above with flexibility around levels of authentication to safeguard access is a key part of our strategy”. (Hari Gopalkrishnan, e-commerce, architecture and segment technology executive at Bank of America).

Biometrics, with TouchID as the flagship technology within banking, seems to be having its moment in the sun with banks this year. However, it looks like ‘mobile transaction as easy as one touch’ is not there yet. More than drastic disruptors in identification channels, we should think about TouchID and other technologies as a way to simplify and secure this process. At least for the next couple of years…

Clearly modernity has transformed the way we live and do things, but looking at the Babylonian world, one wonders how much we have progressed. What was trustworthy in those ages (physical fingerprints) clearly isn’t today. Unfortunate but true, while technology has advanced, trust has gone down and we are constantly looking at new ways of proving ourselves to be ourselves. The question is, how long will this go on and how far will it take us?

About the author

Christine Chanier
Christine Chanier
Christine is a senior consultant in the Operating Model & Performance Improvement capability of Capgemini Consulting UK. She has five years of consulting experience across sectors (public sector, finance, CPR) and specialises in operating model design. Before joining Capgemini Christine worked for one year for Societe Generale as an equity research intern for the banking sector.

Leave a comment

Your email address will not be published. Required fields are marked *.