Halifax, the High Street bank owed by Lloyds Banking Group, has trialled technology which uses a customer’s heartbeat as security authentication for its digital financial services.
Under the proof-of-concept trial, Halifax has experimented with the use of the Nymi Band – a wrist-based wearable technology that monitors and records the user’s heart rate – which then sees the user’s heartbeat used as authentication to gain access to banking services.
According to Halifax – part of the Lloyds Banking Group – the use of electrocardiogram (ECG) “naturally provides strong protection against intrusions and falsification” and according to director of innovation and digital development, Marc Lien, could bring major benefits to customers.
“Exploring innovative technology that will help deliver for our customers and enhance our overall capabilities is a real focus for us at the bank,” he said.
“We are in the very early stages of exploring potential uses for the Nymi Band and wearable technology more widely which will help us further understand how we can serve our customers in the way that best appeals to their needs,” Lein added.
While Halifax’s use of heartbeat monitoring for security technology is a first of its kind in the UK, it isn’t the first time a bank has considered biometrics to provide further security to digital and mobile customers.
Just last month, RBS Group launched a service for customers of RBS and NatWest banks that enables them to protect their mobile banking apps through the use of fingerprint-based security.
Barclays unveiled blood-reading authentication technology for corporate banking clients in September last year. Nationwide, meanwhile, trialled and rejected iris recognition as a means of authenticating customers at cash machines.
Geoff Webb, senior director, at global software firm NetIQ argued that as mobile becomes a more common way of accessing banking, then financial instructions are going to look at deploying new technologies to ensure security.
“Mobile is all about convenience and ease of use, but entering passwords or mandating multi-factor authentication on mobile devices can be inconvenient, so naturally banks are looking to streamline the authentication process as a key part of that user experience,” he said, going onto claim that “passwords aren’t working in this context.”
They’re a pain for customers who have to create and remember complex strings of letters and numbers, and they’re far too easy for hackers to steal,” he continued, adding “We’re quickly reaching the end of their useful lifespan and this is why we’re seeing banks like Halifax looking to shift to biometric-based methods of authentication.”
“The objective here is to make it as hard as possible for a criminal to impersonate the customer,” said Webb. “Heartbeat or ECG scanning would certainly raise the bar in terms of complexity even beyond some other forms of biometric authentication such as fingerprints,” he concluded.
Nonetheless, while biometric authentication technology is generally viewed as more secure than passwords, it is not infallible. When the iPhone 5S was released with fingerprint security in September 2013, hackers were offered a cash prize if they could get past the phone’s Touch ID security. The fingerprint sensor was hacked in days by the Chaos Computer Club.
That same organisation showed off its ability to clone fingerprints and access smartphones using only basic tools in December.