We’ve known this day was coming ever since Apple acquired AuthenTec two years ago for $350 million. That was real money back in the pre-Beats/Nest/Oculus days.
Monday, Apple made it official at its annual developers’ conference: The fingerprint authentication system built into the iPhone 5S (Touch ID) will open to outside developers in the next iOS update (v8.0 expected in mid-September). That means that app publishers, including banks, credit unions & wallet providers, will be able to use it to provide initial authorization into a secure app.
The new feature was demonstrated on stage by logging in to Mint (see inset, screen cap tweeted by Bradley Leimer Monday). In the demo, Mint users are prompted to use the touchpad to open the app (the small type says, “Please authenticate in order to proceed”). Users are also given a password option.
Most likely, banks will use Touch ID, as well as other handset-resident biometric systems (note 1) to deliver “read-only” access to data. It’s an approach that’s been catching on around the world even before Apple’s biometric wizardry. Citibank is the most recent to provide a no-login glimpse in its mobile app (called SnapShot), rolling it out nationwide two weeks ago (press release). It’s also used at Westpac (NZ), Commonwealth (AU), Bank of the West, City Bank of Texas and many more (note 2).
For anything transactional, such as a wire transfer, banks will likely require additional authentication (see our Nine Circles of Security).
And of course, these security changes will generally need to be optional for customers until they become commonly accepted practices. Most users are still extremely wary of security on mobile phones, even though it is a marked improvement over the desktop (note 3).
While it’s too early to know if any financial institutions will have it enabled by September, one fintech payment provider, CardFlight, wasted no time, announcing support for Touch ID just a few hours after the Apple keynote (note 4).
1. Celent’s Jacob Jegher showed me his facial recognition login on his Android phone (Samsung?) at last month’s FinovateSpring. Very cool, though he doesn’t have it enabled since it slows up the login process just slightly.
2. Malauzai Software powers more than 90 credit unions and banks alone (post).
3. See our latest report on Mobile Security (March 2014, subscription) for more info.
4. Cardflight will be showing off its latest tools at our first developer event, FinDEVr, 30 Sep 2014, in San Francisco.