Electronic Aura Could Solve Password Problems
RBS and NatWest customers can log into their iPhone banking app using their fingerprint with Touch IDReuters

British banks RBS and NatWest are to allow their customers to use the iPhone's Touch ID fingerprint scanner to access their accounts, instead of entering a passcode.

Customers must first enter their security information as normal, but once activated they need only press their thumb or finger against the Touch ID sensor to login thereafter.

Touch ID first appeared on the iPhone 5s as a quick way of unlocking the handset and paying for content on the App and iTunes Stores.

With the introduction of iOS 8 a year later, Apple opened up Touch ID so it could be used by third party app developers, like banks, on the iPhone 5s, 6 and 6 Plus, as well as the iPad Air 2 and iPad mini 3.

For the RBS and NatWest apps, if logging in via Touch ID fails three times in a row, the user must re-enter their passcode. The apps' new feature works with Touch ID sensors on the iPhone 5s, 6 and 6 Plus - the banks, both part of the Royal Bank of Scotland Group, said around 880,000 of their customers use their apps on the three Apple handsets.

But Touch ID can only be used to gain access to customer accounts. Some features used to pay money require additional verification, such as a password, as does setting up payments to a new person or business.

Just as dangerous

Although easier, quicker and seemingly safer than using a PIN or passcode, fingerprint technology has its drawbacks. Ben Schlabs, of German hacking think tank SRLabs, told the BBC: "The security implications are the same, it is just as dangerous...I think it has been shown that it is pretty easy to spoof it and the risks aren't fully understood."

Fingerprint security systems on both the iPhone range and the Samsung Galaxy S5 have been compromised by hackers using synthetic fingerprints, created from scans or photographs of the owner's print, then transferred onto a rubber pad and pressed against the sensor.

Schlabs add: "Just the fact that you are carrying the key around with you and leave copies or if exposed everywhere you go makes it a very different risk to something that is inside your brain. The risks are poorly understood."

However, despite the flaw being successfully demonstrated in hacking labs, Schlabs admits: "There have not been any reports that I know of with the iPhone sensor of actual crimes being enabled by it."

Stuart Haire, managing director, RBS and NatWest Direct Bank, said: "There has been a revolution in banking, as more and more of our customers are using digital technology to bank with us.

"Adding TouchID to our mobile banking app makes it even easier and more convenient for customers to manage their finances on the move and directly responds to their requests."