Heartbeat technology – a love affair for banking customers?

Author: Simon Cadbury

Halifax trial Nymi – a heartbeat ID authentication

It has certainly been an exciting few months of security developments in the financial services industry.

Biometric security options

Last year, our research revealed that an overwhelming majority of banking customers (79%) wanted to ditch passwords, in favour of biometric security measures. Since then, several leading providers have been exploring various biometric authentication options.

For example, in September, Barclays launched finger vein scanning identification for its corporate customers. Just last month, RBS and NatWest became the first providers to allow customers to access mobile banking apps via Touch ID, Apple’s fingerprint scanning system.

Halifax’s Nymi

Most recently, this week, Halifax announced it is trialling heartbeat ID technology. This works using an electronic wrist band, called Nymi, which authenticates the customer by identifying the unique electrical signals emitted by the user’s heart.

The band is paired with a smartphone, using a banking app and Bluetooth, so whenever the wristband is worn by the user, it automatically connects with their phone. To log in to their digital banking, the customer wears the band on one wrist, while touching the top sensor with the opposite hand. If the heartbeat is not recognised, the device shuts down.

Eliminating the need for passwords?

Halifax has described this method as “superior” to other biometric systems, explaining it is more secure than fingerprint or iris authentication, claiming it could eliminate the need for passwords, memorable words or other more complicated log in systems.

Should more providers be focusing on heartbeat technology?

While biometrics can certainly provide security and usability benefits, there have still been security concerns. For example, hackers may find a way to steal biometric files. For fingerprint scanning to work, the computer has to have a biometric file on record that it compares with the user’s scanned fingerprint. If someone hacks a password, it can be changed, but fingerprints cannot. This is why, until now, biometrics have been best regarded as an extra layer of authentication for more complex banking needs, alongside other security measures.

However, heartbeat authentication could mark a turning point. As a Halifax spokesperson explains, this technology “naturally provides a strong protection against intrusions and falsification”. It is not possible to fake someone’s heartbeat, making this system more secure and fail proof than other methods such as fingerprint scanning.

Increased demand for wearables

This also means that it has the potential to make digital banking much more convenient, potentially eliminating the need for passwords or card readers completely. In addition, an increasing consumer appetite for wearables, which will be further fuelled by the upcoming launch of the Apple Watch next month, will provide banks with more scope to incorporate this technology into customers’ everyday lives. It will be interesting to see how this method progresses past trial stages, into mainstream use.  

07 Apr 2015

Author: Simon Cadbury

Halifax trial Nymi – a heartbeat ID authentication

It has certainly been an exciting few months of security developments in the financial services industry.

Biometric security options

Last year, our research revealed that an overwhelming majority of banking customers (79%) wanted to ditch passwords, in favour of biometric security measures. Since then, several leading providers have been exploring various biometric authentication options.

For example, in September, Barclays launched finger vein scanning identification for its corporate customers. Just last month, RBS and NatWest became the first providers to allow customers to access mobile banking apps via Touch ID, Apple’s fingerprint scanning system.

Halifax’s Nymi

Most recently, this week, Halifax announced it is trialling heartbeat ID technology. This works using an electronic wrist band, called Nymi, which authenticates the customer by identifying the unique electrical signals emitted by the user’s heart.

The band is paired with a smartphone, using a banking app and Bluetooth, so whenever the wristband is worn by the user, it automatically connects with their phone. To log in to their digital banking, the customer wears the band on one wrist, while touching the top sensor with the opposite hand. If the heartbeat is not recognised, the device shuts down.

Eliminating the need for passwords?

Halifax has described this method as “superior” to other biometric systems, explaining it is more secure than fingerprint or iris authentication, claiming it could eliminate the need for passwords, memorable words or other more complicated log in systems.

Should more providers be focusing on heartbeat technology?

While biometrics can certainly provide security and usability benefits, there have still been security concerns. For example, hackers may find a way to steal biometric files. For fingerprint scanning to work, the computer has to have a biometric file on record that it compares with the user’s scanned fingerprint. If someone hacks a password, it can be changed, but fingerprints cannot. This is why, until now, biometrics have been best regarded as an extra layer of authentication for more complex banking needs, alongside other security measures.

However, heartbeat authentication could mark a turning point. As a Halifax spokesperson explains, this technology “naturally provides a strong protection against intrusions and falsification”. It is not possible to fake someone’s heartbeat, making this system more secure and fail proof than other methods such as fingerprint scanning.

Increased demand for wearables

This also means that it has the potential to make digital banking much more convenient, potentially eliminating the need for passwords or card readers completely. In addition, an increasing consumer appetite for wearables, which will be further fuelled by the upcoming launch of the Apple Watch next month, will provide banks with more scope to incorporate this technology into customers’ everyday lives. It will be interesting to see how this method progresses past trial stages, into mainstream use.