The Halifax bank is developing a system where customers can log into their accounts on a smartphone by using their heartbeat as proof of identity.
Instead of using a password or fingerprint, the app pairs over Bluetooth to a heart rate monitor worn on the customer's wrist. Once the gadget has an example of the customer's heartbeat rhythm recorded, it compares this to their current heartbeat each time they want to use the app.
Known as an electrocardiogram, or ECG, the rhythm of someone's heartbeat is unique to them and, unlike a fingerprint, very difficult to fake. Although considered more secure than a PIN or password, researchers have found ways of creating synthetic fingers to hack into print-protected smartphones, like the iPhone 6 and Samsung Galaxy S5; prints can be either lifted from objects touched by the target, or even created from a high-resolution photograph of their hand.
Halifax is using a Nymi Band for its trial, which pairs over Bluetooth with a companion app for Windows, Mac, iOS and Android, takes a reading when the user wears it on one wrist and presses a sensor on top of it with their opposite finger.
The technology is being developed by Toronto-based Nymi and has already been tested by the Royal Bank of Canada, where 250 bank staff and customers used the wristband to log into their online bank account. Halifax is the first UK bank to try out the technology, which remains a proof of concept for now, and there is no word on when it will be publicly available.
"The fundamental difference between a heartbeat pattern and fingerprint or iris scanning, is that a heartbeat pattern cannot be replicated fraudulently," Larc Lien, director of innovation and digital development at Halifax, told Wired.
"The closed security loop at the heart of this technology prevents fraudsters from being able to steal the pattern and use it to access services."