{"id":586,"date":"2015-02-18T15:29:29","date_gmt":"2015-02-18T15:29:29","guid":{"rendered":"http:\/\/blogs.kent.ac.uk\/unikentcomp-news\/?p=586"},"modified":"2017-11-23T11:21:21","modified_gmt":"2017-11-23T11:21:21","slug":"expert-response-to-banks-using-fingerprint-tech","status":"publish","type":"post","link":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/2015\/02\/18\/expert-response-to-banks-using-fingerprint-tech\/","title":{"rendered":"Expert response to banks using fingerprint technology"},"content":{"rendered":"<p>An article published on the <a href=\"http:\/\/www.bbc.co.uk\/news\/technology-31508932\" target=\"_blank\">BBC news website<\/a>\u00a0reports that two banks are allowing their customers to access accounts on their smartphones using fingerprint recognition technology. The\u00a0School of Computing\u2019s Eerke Boiten responds to the use of this technology:<\/p>\n<p>&#8216;If users &#8220;must <a href=\"http:\/\/www.rbs.com\/news\/2015\/february\/rbs-and-natwest-customers-get-mobile-banking-at-their-fingertips.html\" target=\"_blank\">activate the feature with their security\u00a0information<\/a>, but would only need to use Apple&#8217;s Touch ID thereafter&#8221;,\u00a0then there is some scope for worry.<\/p>\n<p>&#8216;Biometric sensors like fingerprint scanners need to tune their\u00a0acceptance criteria to balance false acceptance (the sensor says it is\u00a0the person, but really it isn&#8217;t) versus false rejection. Unavoidably,\u00a0one goes down when the other goes up.<\/p>\n<p>&#8216;People don&#8217;t want to be locked out of their own phones &#8211; so for this\u00a0kind of sensor, false rejection rates are set low, making false\u00a0acceptance rates relatively high. Apple don&#8217;t seem to have published\u00a0these rates, but there also aren&#8217;t reports out there of people unlocking<br \/>\nothers&#8217; iphones. Funnily enough, in this context it helps for iPhone\u00a0thieves to belong to a large criminal organisation: more fingers to try!<\/p>\n<p>&#8216;In theory, the sensor could be used in a 3-factor authentication system\u00a0for banking, requiring something people know (password), something they\u00a0own (the mobile), plus something they are (the fingerprint). That must\u00a0be more secure than just using the first two of those like many\u00a0electronic banking systems do currently.<\/p>\n<p>&#8216;However, the suggestion here is that the password would be no longer\u00a0necessary after first registration &#8211; that brings us down to 2 factors.\u00a0These iPhone fingerprint scanners were also <a href=\"http:\/\/www.scientificamerican.com\/article\/iphone-hack-shows-security-isnt-at-our-fingertips-just-yet\/\" target=\"_blank\">spoofed within weeks of\u00a0release<\/a>\u00a0so either spoofing or false acceptance rate will seriously undermine the\u00a0&#8220;something you are&#8221; factor once the mobile has been stolen.<\/p>\n<p>&#8216;All in all it looked like having a potential for increasing security,\u00a0but (presumably because of an emphasis on usability) it creates new\u00a0security risks of a different kind.<\/p>\n<p>&#8216;Aside: it is interesting that this would now be possible, as Apple were\u00a0originally saying they wouldn&#8217;t make this available for third party use.\u00a0It does erode Apple&#8217;s own iphone security by making it more financially\u00a0attractive for criminals to try to break TouchId.&#8217;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An article published on the BBC news website\u00a0reports that two banks are allowing their customers to access accounts on their smartphones using fingerprint recognition technology. &hellip; <a href=\"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/2015\/02\/18\/expert-response-to-banks-using-fingerprint-tech\/\">Read&nbsp;more<\/a><\/p>\n","protected":false},"author":5321,"featured_media":36,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[124,57908,122],"tags":[848,9644,37339,37411,57886,122],"_links":{"self":[{"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/posts\/586"}],"collection":[{"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/users\/5321"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/comments?post=586"}],"version-history":[{"count":4,"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/posts\/586\/revisions"}],"predecessor-version":[{"id":590,"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/posts\/586\/revisions\/590"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/media\/36"}],"wp:attachment":[{"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/media?parent=586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/categories?post=586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unikentcomp-news\/wp-json\/wp\/v2\/tags?post=586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}