Innovation in banking is shifting at warp speed with the latest smartphones bringing biometrics into the mainstream and a new wave of mobile-only banks gaining traction. But, does technology make us feel safer – or more vulnerable?
Nearly half (45%) of Which? members say they would consider opening a digital current account managed via an app, yet only 14% would switch to a new provider purely because it had better technology.
This will be music to the ears of the big banks facing competition from mobile-only providers Starling and Monzo, both of which offer current accounts with smart security features such as instant spending notifications and the ability to freeze your card temporarily in-app.
Read our guide to challenger and mobile banks for more on these providers as well as rivals Revolut, Atom and Loot.
Tech that could make banking safer
While fighting fraud seems like an endless game of cat and mouse, technology does have the potential to transform the industry.
This short video demonstrates some of the latest innovations. Read below for further details on these and other developments in banking security.
Swedish company Behaviosec has developed technology that analyses the unique way you hit the keyboard, move your mouse or touch your smartphone screen. Unlike most biometrics, where you might use your finger or voice, behavioural biometrics sits invisibly on top of existing bank security.
Its algorithms generate a ‘behaviour score’ which, together with other information such as your computer’s IP address, can determine whether someone else is trying to access your account. Metro Bank, RBS and Nationwide are all experimenting with behavioural biometrics.
Dynamic CVV codes
Potentially wiping out ‘card-not-present’ fraud (where thieves use stolen details to pay online, over the phone or by mail order), the static three-digit security code printed on the back of your card could one day be replaced with a digital screen that generates a new random code every hour.
French bank Société Générale currently offers this ‘MotionCode’ technology to customers for €12 a year.
Next-generation contactless cards
Mastercard has developed contactless cards with embedded fingerprint sensors (the data and the scanner are on the same card), doing away with the need to enter your Pin.
If the biometrics match, the payment can be approved with your thumb. These are being trialled in Bulgaria and South Africa.
Entering your card details online is always a risk, but PayWithPrivacy.com lets you generate single-use, disposable ‘burner’ cards on sites you’re not sure about. These virtual cards work once only, rendering them useless to hackers. They’re only available in the US for now.
RBS and NatWest customers can already withdraw money without a physical card by generating a Pin within their banking app.
Barclays is also piloting contactless cash machines allowing customers to withdraw money by tapping their Android smartphones or contactless debit card. The bank says this removes the risk of card skimming (fraudsters copying card details at the ATM).
Confirmation of payee
By 2020, a new system will prevent you from sending payments to the wrong bank account by allowing you to check the name of the account holder before you press send. If the name isn’t right, you’ll know something is wrong.
Biometrics in banking
Biometrics are tipped as the future of digital security.
All of the big banks let you use Apple Touch ID or Android Fingerprint to access their mobile apps, while Barclays, First Direct and HSBC have incorporated voice-recognition into telephone banking.
Since August, Barclays customers can Apple’s virtual assistant Siri to make payments, while its corporate customers can identify themselves by scanning finger veins. Not to be outdone, iris recognition technology launched at TSB a few weeks ago.
Biometrics could make banking safer and more convenient – but they are vulnerable if used in isolation.
Cyber security and biometrics expert Dr Carol Buttle believes that none of these are totally secure: ‘Fingerprints can be copied, voices mimicked and iris scans can be replicated. Of these, iris scanning is more secure by nature of the fact it uses far more physical characteristics than the other two.’
Which? has long pushed for multifactor authentication where biometrics are used as one factor among three: possession (smartphone or tablet), knowledge (password, Pin or security question) and inherence (fingerprint, voice or iris scan).
Banks must ensure that this technology offers additional security, not the sole means of authentication.