People have been stealing money since Jesus wore short pants. While originally this involved little more than sticking your hand in someone’s pocket while they weren’t looking, technological advances have meant that the face of theft has very much changed. Payments on mobile devices are expected to make up 30% of all online retail sales by 2018, so it’s likely that mobile will become the next primary target. The methods employed to prevent theft have also adapted throughout history though, and banks are introducing a range of innovations to keep pace with crime, with mixed success.
RBS and NatWest, for example, now allow customers to log in using TouchID on their Apple phones - a move that has been roundly condemned by security experts for being too easy to hack. German hacker Starbug - whose real name is Jan Krissler - cracked the software just a day after Apple launched it by replicating the last fingerprint that had touched the glass iPhone surface using just a scanner, a printer, and a bit of glue.
Other attempts are equally dubious. Mastercard recently began testing a smartphone app that uses facial recognition to verify online purchases, appealing to the millennial’s love of selfies. Again, there are a number of flaws, with someone realizing that you could simply present the camera with a photo of the individual to trick it into thinking it was them trying to log in. Mastercard has attempted to combat this by making app users blink to prove they’re human, but this is still easily circumvented, with people simply taking photographs, drawing eyelids on, and animating them.
Those that have seen the most success have integrated biometrics into their software. Last year, Barclays announced the introduction of personal biometric scanners that make an infra-red scan of the unique vein pattern that lies just below the skin surface of everyone's fingers. Users of the device only have to plug the device into their computer and insert their finger in the hole to be granted instant access to their account. The main advantage of the finger vein reader is that only a live finger with blood coursing through its veins will work, as opposed to a fingerprint reader which will work with a severed finger. Vein patterns are also extremely difficult to spoof or replicate, it is notably quicker than fingerprint reading technology, and it is allegedly impervious to human shedding
First Internet Bank in Indianapolis also this month announced the introduction of an app that customers can use to log in to mobile banking with a picture of their eyes. The software, which was developed by EyeVerify in conjunction with digital-banking partner Digital Insight, measures the length and pattern of the veins in customers' eyes and uses that data to identify them.
These methods may seem like a marketing gimmick, an attempt by banks to appear futuristic and cool but only providing customers with the veil of genuine account security. If used in tandem with more traditional security methods, however, it is likely that they will provide an effective additional layer of security. While banks may not want to make logging in more clunky for users, they would probably prefer not having to pay out thousands to customers whose accounts have been emptied.