Pins, patterns and passcodes may have been revolutionary a few years ago, but we’re now starting to see the next generation of smartphone security and it’s all based around biometrics – using biological traits, such as fingerprints, to verify our identities. But how safe are they? And is there anything you need to be concerned about when it comes to your mobile banking security?
The odds of someone else gaining access to your phone using Face ID is 1 in 1,000,000.
In a nutshell, you don’t need to worry. Smartphone companies have invested a huge amount of time and effort into security. Biometrics actually make our lives easier and safer; rather than having to remember a multitude of PINs and passwords, you can just use yourself.
Biometrics, security and shopping
Whether you’re an Apple, Samsung or Android advocate, the chances are you’re using your mobile phone for secure transactions. From mobile banking to in-app and online purchases, smartphones are changing the way we manage our money, and biometrics are changing the way we manage our security.
Each type of device has a slightly different set of features, but the general principles are the same.
Apple Pay, Samsung Pay and Android Pay all give you the ability to use your smartphone for contactless payments in-store, in-app or on participating websites, using tokenisation systems (which substitute your data for a random number) so your card details are never shared with the merchant.
Biometric authentication is the latest way to verify your identity when making these payments, as well as when logging into secure apps, such as our mobile banking app. Alongside other good security practices such as never making payments on unsecured web pages, this is a sensible addition to your digital security toolkit.
Let’s take a look at what you need to know about the latest options on the market.
Apple’s new technologies
The recently-launched iPhone X showcases Apple’s latest innovation in phone security, Face ID. Simply put, this means using your face to verify your identity.
The camera analyses your face and eyes using 30,000 invisible dots to create a precise map of your face. You can then use this to unlock your iPhone, use Apple Pay or to log into secure apps such as mobile banking. The technology is so sophisticated that it won’t accept a photo – it recognises textures and contours – but will still know you if you wear makeup, grow facial hair, put on a hat or use it at night time. And, as your eyes need to be open and looking at the iPhone, it also can’t be accessed without your knowledge while you’re asleep.
Apple’s other biometric standard is Touch ID, which is fingerprint recognition. It works by taking high-resolution images from the layers beneath your skin (subepidermal), known as capacitive scanning, categorising your fingerprint as a whorl, loop or arch and capturing details that are too small to be visible to the human eye.
Apple’s security credentials
Both Face ID and Touch ID store biometric data in the depths of your iPhone, in a tamper-resistant chip called the Secure Enclave, and it isn’t shared anywhere else. This means no one can hack your phone and use this data to pretend to be you. As an added security measure, you can only enter your details incorrectly five times before being asked to enter your PIN. If you enter this incorrectly six times, your device will be disabled. And if your device is lost or stolen, you can use Find My iPhone to locate it, lock it or erase all your data remotely.
Samsung’s new technologies
As well as the usual choice of PIN, password or pattern, Samsung showcases its latest security updates in Samsung Pass. Multi-biometric authentication options – iris, fingerprint and face recognition – give you access to different features on your phone. And if you’re using your phone to access secure apps or make payments using Samsung Pay, then these are the safest options.
Samsung’s most recent models have the latest and safest forms of iris recognition, which uses a dedicated scanner to map the complex pattern of your eye – one of the most unique features of the human body. Fingerprint recognition has been standard since the Samsung Galaxy S5; much like the iPhone technology, it uses capacitive scanning to map the ridges and valleys of your print in detail.
Samsung’s security credentials
Samsung claims “ defense grade” security for your Samsung Pass biometric data. It’s encrypted and secured, and needs valid authentication by anyone wanting access to your phone. They don’t store or back up your details on their server, so you know it can’t get into anyone else’s hands. You can only enter your details incorrectly 10 times before your Samsung Pass account becomes inactive, and your payment details aren’t stored on your phone. If your phone is lost or stolen you can use Find My Mobile to locate it, lock it or delete all the data remotely.
Google’s smartphone technology and security credentials
Although fingerprint recognition is common on many Android phones, Google’s latest – the Pixel 2 – claims to have the world’s fastest fingerprint sensor. Again, using capacitive scanning technology, it stores your biometric data in a Trusted Execution Environment, which is an isolated and inaccessible area in the phone’s hardware, making it one of the most secure setups on the market.
Android phones also offer face recognition (known as ‘Trusted face’), as well as PINs and passcodes to protect your phone, apps and payments through Android Pay.
Finally, if your phone is lost or stolen, you can use Find My Device to locate, lock or erase it remotely.
Biometric data looks to be the future of smartphone security, and will become increasingly sophisticated as it continues to evolve. Using your unique markers to access features on your phone is already more secure than the standard four-digit PIN. It’s quick, convenient and safe. If you’ve not tried it yet, what are you waiting for?