4 unseen areas of risk when integrating Touch ID into your mobile banking app, and how to avoid them

Tom Dubois, December 16, 2015

Biometrics - specifically the use of fingerprints, iris scans and facial recognition as a means of authentication - increasingly has become an accepted part of daily life. Several governments, including the United States, Canada and United Kingdom, have adopted biometrics, as the technology continues to improve.

In 2013, Apple introduced Touch ID, a fingerprint scanning technology embedded in the company’s new (at the time) iPhone 5s. Touch ID signaled the beginning of a new era by bringing convenient fingerprint recognition to a mass consumer audience. In addition, Apple supplied third parties with Touch ID APIs, so that outside developers could integrate the technology into their own apps and services.

Banks in particular have gravitated to Touch ID technology because it provides them with a device-based technology they may leverage to secure the mobile banking platform, and, in turn reduce their costs in deploying and supporting such services.

At the same time, this push to quickly adopt Touch ID led some banks to implement it in ways that were inherently insecure, resulting in 4 big security challenges:

  1. Risk of storing server passwords locally
  2. Linking fingerprint to an unsecure static password
  3. Multi-device synchronization issues
  4. Lack of device control by the bank

So how can you avoid these 4 risk areas?

VASCO’s DIGIPASS for APPs solution establishes a secure bridge between local authentication (what a user expects) and remote authentication (what a bank requires). It offers developers a rigorous security feature-set that they may integrate into their mobile banking apps.

Download the Biometrics in Banking paper, and discover how to integrate Touch ID into your mobile banking app the right way.

WHITE PAPER

Biometrics in Banking: How to Integrate Touch ID into your Mobile Banking Application the Right Way

Learn the adoption of Touch ID as a banking authentication tool, and the benefits of Touch ID, as well as the risks of deploying it incorrectly.

Download Now

I’m an international marketer with over 15 years of experience in the ICT-sector.

I’m passionate about new technologies, social media and application security.

If I’m not working, you’ll find me climbing a wall somewhere, slack-lining in the park or cruising on my motorbike.

Enjoyably