Can Biometrics Enhance Security of Mobile Banking Apps - Modis

Can Biometrics Enhance Security of Mobile Banking Apps

Modis Posted 12 May 2016

Mobile banking apps or any mobile apps that involve the use of financial or private information are only as secure as your mobile device, whether notebook, laptop, or smartphone. Many of us own several mobile devices, but how secure are they?

If you plan to use your device for mobile banking, then you need a security checklist before biometric–based banking apps are even a consideration. The following is a recommended approach to securing your mobile device.

  1. Encrypt your device.
  2. Choose a password that is memorable, but not easily guessed by third parties, social engineering (from social media, for example), or by using brute force hacking techniques. Your partner's name and year of birth will not cut it.
  3. The use of KeePass or other software to generate and store 20-25 digit passwords (alphanumeric with special characters) is recommended. Note: Writing this password down and storing in your wallet for easy reference defeats this security attempt.
  4. Only install trusted apps and never jailbreak (Apple devices) or root (Android platforms) to gain 'improved' access to the core OS.
  5. Ensure a remote wipe feature is active and/or ensure an automatic wipe of the device if it is lost or stolen, an all-too-common occurrence.

Okay, your device is as secure as you can make it and your chosen bank has implemented a mobile banking solution that includes biometric features. At the time of writing, mobile banking apps are aimed at two primary biometrics technologies: voice and fingerprint authentication.

By the end of summer 2016, Hongkong and Shanghai Banking Corporation (HSBC) will complete the rollout of their biometric-based online banking solution to 15 million UK customers. Many other global banks have or plan to implement similar initiatives, but how effective are they? Will the elimination of passwords (long considered insecure) and introduction of biometrics make mobile banking more secure than before?

Unfortunately, hackers are a diligent bunch and are sure to find exploits. Biometrics will not allow users to relax - security awareness is still necessary to prevent loss of your financial information.

Keeping Your Voice ID Secure

Even in popular culture, speech recognition is mocked as a flawed technology and even industry-leading solutions such as Dragon Naturally Speaking from Nuance Communication require a training period to maximize accuracy during dictation. Regional accents, unknown acronyms and industry terms may cause problems initially but with careful training, upwards of 99 percent accuracy is possible. Nuance is still the industry leader and its technology is used by HSBC, Barclay's bank and many more when implementing speech recognition solutions.

Unfortunately, according to Network World, researchers from the University of Alabama, instigated successful voice impersonation attacks using just a few minutes of recorded voice samples, with readily available commercial voice morphing software. The researchers concluded that voice conversion poses a serious threat, being successful against verification processes in the majority of cases. What can we learn from this?

We will need to be very careful what we say in public, on phone calls and audio posts online. Once sufficient voice samples are gathered, they can be used against us to access anything that requires a voiceprint match.

Is fingerprint recognition any better?


Hacking Fingerprints

When setting up fingerprint recognition on any system, the user must register their fingers. Proven on the Galaxy S5 and on the iPhone 5S, in separate incidents, hackers and researchers were apple to print the acquired fingerprint and bypass biometric security on each device. It is worth mentioning that no high-tech equipment was required, the hackers used excess toner ink while printing and created a dummy print with wood glue while the researchers used a standard inkjet printer with silver conductive ink and AgIC paper. The ink and paper is readily available and used by hobbyists to print electronic circuits.

The Future of Biometric Security

While biometrics imply increased security, those with the inclination to hack that information can do so quite easily If nothing else, given that biometric adoption is on the increase, not only in financial tech but also in healthcare, employee management, premises security, mobile device access and the retail industry, we will need to be conscious of where we leave prints and voiceprint samples.

While retina-based security and facial recognition are two other options for biometric authentication, hackers will soon exploit those if they haven't already.

It is clear that biometrics has its limitations and what we may need is a new crop of experienced IT security experts who can develop a secure authentication method that works on all platforms. Opportunities are available in multiple industries for those with a keen interest in developing new and improved sensors, software and hardware that will secure our financial data and reduce the paranoia often associated with authentication processes.

Be advised, McAfee Labs has predicted that security threats from mobile banking apps are on the rise in 2016. In the meantime, being careful is essential.