Is Biometric Security Good Enough For A Bank Card?

RBS is banking on its new fingerprint tech to lead the way.

Royal Bank of Scotland is piloting a bank card with a built-in fingerprint reader. The card, made by digital security firm Gemalto, will enable customers to make payments that exceed the £30 contactless limit, without them having to enter their PIN. But is such biometric security safe enough to be used for something so important?

No doubt, this question will be one of many that RBS will be looking to answer as it conducts its three-month trial of the cards, involving 200 RBS and NatWest customers. However, if there are any problems with the technology, it’s possible they wouldn’t be discovered until adoption was more widespread.

We can, therefore, only make an educated guess, based on what we know about biometric security already.

Advantages Of Biometric Security

There are some great reasons why banks are looking toward biometric security and why they’ll probably end up implementing it on a wide scale. The following apply not only to fingerprint readers, but also other biometric security measures such as iris scanners and facial recognition.

• Only you possess your biometric data.
• Biometric security is quick and convenient.
• You can’t forget your biometric data like you can a password or PIN.
• You always have your biometric data with you.
• It’s difficult to steal biometric data.
• Biometric data can’t be guessed.
• Biometric data can be used as part of a multi-factor authentication system.

The convenience and speed are perhaps the most important features, from a customer perspective, but there are also clear security advantages too. It’s disheartening, then, that some of the most significant drawbacks of biometric security are also related to their effectiveness in this area.

Disadvantages Of Biometric Security

No technology is perfect, and despite the many advantages of biometric security, it does have some weaknesses.

• You can’t change your biometric security data.
• Although biometric data is difficult to steal, it is possible – and potentially gory.
• Biometric data can be cloned or spoofed.
• Using biometric security could lead to complacency about other security measures.
• Injury and illness could make biometric data invalid or unavailable.
• Implementing biometric security can be expensive, because it usually requires special hardware.

Is Biometric Security Good Enough?

It might be a cop-out to say this, but it depends. In the case of the RBS card, the fingerprint offers no advantage compared to a PIN if you lose the card. Either way, the finder will only be able to make purchases under £30, using contactless.

The fingerprint reader does, however, protect the user from shoulder-surfers, who can steal PIN numbers simply by watching people enter them in card machines and ATMs.

But there are ways to trick fingerprint readers, including ‘master prints’ and copies made using common glue. Realistically, though, these kind of techniques are too involved to be used by petty criminals. It would probably be easier to just force the victim into putting their thumb on the card or to – gulp – remove the digit in question and go on a spending spree.

Aside from the fact that thieves might be reluctant to go to such extremes, a semi-conscious victim or a dismembered finger might not be that useful anyway. Assuming these scanners aren’t going to be used at cashpoints, the criminals would only be able to use them at tills. Even at a self-checkout counter, it’s likely someone is going to notice if a shopper tries to pay for their expensive purchase with a hostage in tow. And, thankfully, fingerprint scanners that are impervious to dead fingers and fake prints have existed for years. Even the iPhone 5S can tell the difference between a finger that’s attached to its owner and one that’s not.

It’s also important to remember that not all biometric security is made equal. Facial recognition, for example, can be tricked simply by holding up a photo in front of a camera, and voice recognition can be fooled by a recording.

To get the most out of biometric security, you need to understand not only its plus points but also its limitations. You need to choose the right technology for your needs, and you need to decide whether it would be better to use it as part of a multi-factor authentication system or forget about it and stick to good, old-fashioned passwords and PINs. However, the very fact that RBS has created a card with a fingerprint reader on it at all shows just how far this technology has come.

Did you know you can use your fingerprints or facial recognition to log into Windows? With Windows Hello, it’s quick and easy – and you can still use your PIN and password whenever you want. If you’d like more information about setting this up in your business or about any other element of enterprise cyber security, give TMB a call on 0333 900 9050.