Competitor update

A group of hackers managed to get around TouchID only a day after the launch by making a fake finger from a photograph of a fingerprint left on a glass surface.

Apple said TouchID “was not a total replacement for traditional security measures” and was meant to make unlocking the phone more convenient.

Ben Schlabs, of SRLabs, a German hacking think tank, said: “The security implications are the same, it is just as dangerous… I think it has been shown that it is pretty easy to spoof it and the risks aren’t fully understood.” He said using TouchID alone to gain access to a banking app introduced dangers that were not present when using passwords or Pins. "Just the fact that you are carrying the key around with you and leave copies of it exposed everywhere you go makes it a very different risk to something that is inside your brain. The risks are poorly understood.

I use a couple of the apps for the main high street banks and this is cutting edge versus what I get from them currently… Whenever they roll out updates it just seems to be to add some vague stylistic changes as opposed to anything feature driven.

Not to say that I’d be entirely happy about giving over access to my accounts to just a fingerprint though… it’s more about just the idea of features in general tbh.

Also, re: main thread, Atom have been fairly active about sending me some emails to inform me of the Android release.

I assume this down to the new owners having a different approach. They don’t have TouchID in their app in Spain either

I think that it’s healthy to have a definite level of paranoia about digital security in general, doubly so when it comes to banking.

So it’s useful to have white hat types pointing out the vulnerabilities, for sure.

agree with you on other banks…it is often just a change of fonts or a slight tweek in layout.

as for Atom, after emailing an announcement about their new Android app they followed it up 24 hours later with a mailing to a block of their waiting list including a code to activate/sign-in to their app

It’s fun to try and breach security measures like this. But I don’t buy into the fear that fingerprint verification is less secure than a passcode at all.

A thief is going to have to steal your phone, find that fingerprint & have a way to capture & format your fingerprint so that it’s useable. Obviously it’s doable if someone specifically targets you and spends enough time around you, to access your phone and your fingerprint but that approach isn’t going to work for your common opportunistic thief.

Compare that challenge to being able to try to hack into your phone an infinite number of times via phishing or Wi-Fi exploits etc. though and I’m confident that fingerprint verification is the better option, even if it’s not perfect.

Fair enough, my frustration was actually the speed of implementation + the fact that this adopting tool which has been provided by Apple, is the biggest change - in terms of improving the UX - that Lloyds have made to their app in as long as I can remember.

I know that the big banks have to overcome some significant obstacles (of their own making) when adopting new technology. But this is why I really want :mondo: to succeed because the pace of change & innovation is so much greater.

Agree, it deters opportunists. Only real pros with targetted individuals will fake fingerprints or have equipment for reading metalic strips without touching a card (it is now possible to skim from a distance info off the metalic strip of a non contactless card). I think biggest risk is still down to gullible people being scammed by phishing emails or poor security on websites leading to users passwords being stolen.

1 Like

Yep Monzo has to succeed. Old banks can only tack on new tech to old systems via some interface, what they need is to replace all their systems but the practicalities of doing that while still operating/trading and processing transactions for their scale of customers means this is highly improbable. If old banks introduce new tech it is highly likely to take them time introducing it, they can’t even cope with their exisiting tech (as evidenced by day long outages in last year or two)

We’re straying a bit from the topic here but it’s important to remember that Touch ID is not itself an authentication method, it is simply authorising the use of an item in an already unlocked keychain that is secured by a key derived from the passcode/password that you use for your device.

2 Likes

I’ve had to explain that to people so many times before :laughing:

Well… About that … Their IT systems are still provided by LBG.

Ah… Know there was a recent ish online update which changed the look away from LBG. Just assumed (incorrectly :disappointed:) they moved away.

There isn’t a lot I can say but their new owners are keen to move away from the LBG based systems. :relieved:

I can understand their keen to move away if LBG think its okay to use the Halifax blue against that orange and purple… That designer must be colour blind :mask:

If you saw Banco Sabadell (TSB owner) own website it not anything like the quality of the website TSB have…looks like designer was not only colour blind but still in primary school

It’s a very fair point - creating a culture and an infrastructure that is hugely adaptable and quick to implement changes will be such a refreshing change to typical banking experiences.

But then again, I’d hope that’s why we’re all here!

2 Likes

Who doesn’t love the Halifax blue. I love it. But back to tsb , they just give LBG a colour scheme and they apply it.

App news.

Monese now have both Android and Apple apps.

Fidor still have no proper banking app. A balance checker app for iOS that has not been updated, and no sign even of a beta Android app.

The Atom Android beta users have been getting emails thru with codes to activate their apps. First come first served basis, so longstanding applicants got them first but others still waiting.

Card colours.

We have a topic about Monzo card colour so it is interesting to see changes elsewhere.

Monese used to have a bright light blue colour of distinctive shade but have changed it to some dark navy or burgundy sort of colour to look more serious so now it looks like any other bank’s card.

Lets hope Monzo keep coral IMHO

2 Likes