4 unseen areas of risk when integrating Touch ID into your mobile banking app, and how to avoid them
Biometrics - specifically the use of fingerprints, iris scans and facial recognition as a means of authentication - increasingly has become an accepted part of daily life. Several governments, including the United States, Canada and United Kingdom, have adopted biometrics, as the technology continues to improve.
In 2013, Apple introduced Touch ID, a fingerprint scanning technology embedded in the company’s new (at the time) iPhone 5s. Touch ID signaled the beginning of a new era by bringing convenient fingerprint recognition to a mass consumer audience. In addition, Apple supplied third parties with Touch ID APIs, so that outside developers could integrate the technology into their own apps and services.
Banks in particular have gravitated to Touch ID technology because it provides them with a device-based technology they may leverage to secure the mobile banking platform, and, in turn reduce their costs in deploying and supporting such services.
At the same time, this push to quickly adopt Touch ID led some banks to implement it in ways that were inherently insecure, resulting in 4 big security challenges:
- Risk of storing server passwords locally
- Linking fingerprint to an unsecure static password
- Multi-device synchronization issues
- Lack of device control by the bank
So how can you avoid these 4 risk areas?
VASCO’s DIGIPASS for APPs solution establishes a secure bridge between local authentication (what a user expects) and remote authentication (what a bank requires). It offers developers a rigorous security feature-set that they may integrate into their mobile banking apps.
Download the Biometrics in Banking paper, and discover how to integrate Touch ID into your mobile banking app the right way.