The Commonwealth Bank of Australia is first in the nation to allow customers to switch from fingerprint logins to facial recognition. But security concerns remain.
Australia's Commonwealth Bank (CBA) is now the nation's first to allow customers to access their accounts using the facial recognition technology built into Apple's iPhone X, the bank announced Friday.
All iPhone X users can now use Face ID to securely login to the CommBank app.
"Our customers use secure fingerprint logins on the CommBank App about 30 million times a month," Pete Steel, Commonwealth Bank's executive general manager of digital, said in a press release. "Extending that functionality to Face ID is part of our ongoing work to provide a better banking experience to our customers through simple, easy and secure features."
Face ID performs in-depth mapping of a person's face using more than 30,000 points of reference—making it one of the most secure ways to log into an account, according to the bank.
SEE: Enterprise IoT Research 2017: Benefits, Trends, and Security Concerns (Tech Pro Research)
"While we strive towards convenience and ease of use, we don't implement new technology without being able to guarantee security for customers," Steel said in the release.
The question remains: Is this truly secure? The answer: Yes—with caveats.
"Authenticating to a banking website using facial recognition from a registered phone is much more secure than using a password, which is the most common method used amongst online banks," said Gartner analyst Avivah Litan. "CBA is wise to take advantage of the iPhone's enabling biometric authentication capabilities."
The big caveat is that CBA must make sure the process they use to enroll their customers in Face ID is airtight, Litan said. "It's not up to Apple to certify that the user using their iPhone is the user CBA expects him or her to be. That's up to CBA," she said. "The enrollment process is the easiest way for criminals to circumvent biometric authentication from a smartphone. The criminal can just pretend to be someone else when they register for the CBA banking application (and biometric authentication)."
But assuming the enrollment process is secure, using facial recognition to log into a bank from a registered iPhone is much more secure—and potentially more convenient—than using a password, Litan said.
The system would also likely be safe because the face template always resides on a secure chip in the iPhone, and is never transmitted outside the phone, according to Anil K. Jain, a Michigan State University professor who researches biometrics. "For telebanking, the only information that is being communicated to the bank server is whether a customer trying to access an account is indeed the true owner of the account, verified by the Face ID," Jain said.
Many banks currently use Touch ID for mobile authentication. Any apps that previously used Touch ID will now be able to support Face ID as well, and the new method is much more secure according to Apple. It's likely that we'll continue to see other banks and businesses begin using this technology. However, gaining trust from customers may be the largest hurdle to facial recognition adoption, as CNET's Alfred Ng reported.
The 3 big takeaways for TechRepublic readers
1. Australia's Commonwealth Bank is now the nation's first to allow customers to access their accounts using the facial recognition technology built into Apple's iPhone X.
2. Logging in to a bank account with facial recognition is more secure than using a password, experts say, so long as the process the bank uses to enroll their customers in Face ID is completely secure.
3. It's likely that many businesses that were using Touch ID will now use Face ID.
- Apple's Face ID: Everything iPhone X users need to know (TechRepublic)
- Commonwealth Bank launches facial recognition login for iPhone X (ZDNet)
- How to disable Face ID on your iPhone X: Just squeeze it? (TechRepublic)
- Is Biometric Authentication For You? (Download) (TechRepublic)
- Identity management: Hot and getting hotter (Tech Pro Research)