The same iPhone feature that enables users to unlock the phone with a fingerprint scan may make it easier to access your bank account without typing in a long password or going through multi-step login processes.
At Apple’s (NASDAQ:AAPL) Worldwide Developers Conference in June, the company announced that it would open up Touch ID to all apps, extending its capability to enable quick unlocking of the phone and faster app downloads. TechCrunch reported at the time that Apple made the Touch ID API available for developers to use the fingerprint sensor to authenticate users or to add extra security measures. The expanded Touch ID system, which was originally introduced with the iPhone 5s, captures a user’s fingerprint and then uses the image to unlock a “keychain” of saved logins and passwords for a variety of apps.
The fingerprint data remains stored on the iPhone, and Apple says that it won’t be shared with third-party developers. Apple’s opening of Touch ID to developers could lead to the fingerprint sensor being used to give users quick access to things like their banking apps, and USA Today points out that Bank of America (NYSE:BAC), with 15 million active mobile accounts, could use the technology in their future iOS apps. With the introduction of HomeKit still fresh, TechCrunch also speculated that eventually Touch ID could be used to unlock your house, or to make purchases on Amazon (NASDAQ:AMZN) or via PayPal.
And Apple said that 83 percent of iPhone 5s owners use a fingerprint scan to unlock the phones — compared with the fewer than half who used a passcode before Apple introduced the fingerprint sensor. Though the convenience is attractive to users, the growing use of biometric data begs the question: with such frequent breaches and bugs, how will companies, banks, and other organizations keep users’ data secure?
It’s a question that consumers could ask of another big player in the mobile sphere, Samsung (SSNLF.PK), which also equips its devices with fingerprint scanners. Even beyond allowing a user to unlock a phone or eBay’s (NASDAQ:EBAY) PayPal app with a fingerprint scan, we can look at Samsung and its emphasis on wearable devices and realize how much personal, biometric information a phone is now able to collect. In May, Samsung announced that it would create a “data bank” of users’ health-related biometric data that developers could use to create health apps and services.
Forbes reported on the announcement, noting that “more mobile companies appear to be making the pivot towards health and biometrics,” including Apple itself, which unveiled its HealthKit platform shortly thereafter. The collection and use of consumers’ biometric data is growing, and while collecting and storing huge amounts of health-related information is very different from using a fingerprint to unlock a phone and apps, the parallel concept just highlights the fact that adding biometric identifiers to apps’ ecosystems necessitates a plan for how data will stored and transmitted.
USA Today also quoted Jennifer Lynch, a senior Electronic Frontier Foundation lawyer who writes about biometrics and privacy, explaining how collecting biometric data is different from collecting other, routinely shared personal information. That’s because unlike a password or a credit card number, you can’t change your fingerprint. “We need to push companies and the government to put policies into place that regulate collection and storage of biometric data.”
And biometric data could potentially unlock a lot more than a summary of your bank account; it’s been speculated that the expansion of the Touch ID recognition will spark new offerings in mobile payment apps, and possibly a new service by Apple itself. Forbes posits that Apple is likely to unveil a mobile payments system with the introduction of the iPhone 6, and other mobile payment providers, including PayPal and also Amazon, Authorize.Net, BrainTree, Citibank (NYSE:C), Digital River (NASDAQ:DRIV), HSBC (NYSE:HSBC), Square, Stripe, VeriFone (NYSE:PAY) — making it even more important for Touch ID to have solid security protocols in place.
Many people have noted that it’s important for the industry to come to a consensus on the secure use of biometric data, an issue that comes up equally as often in discussions of fingerprint scan authentication as in conversations around the rise of the health and fitness tracking platform. In the context of Apple’s Touch ID, it’s also worth asking whether fingerprint identification will really be the authentication of the future. USA Today reports that hackers have defeated Touch ID security with a photo of a fingerprint on glass, and while it isn’t easy or particularly common to fake fingerprints with today’s technology, it’s already possible.
The fact that fingerprint scanners have been used in banking and finance on and off since the 1990s also doesn’t bode well for the status of fingerprint identification as the biometric authentication of the future. However, that or any of the other privacy concerns raised so far don’t at all implicate Apple’s use of the technology as insecure — it just means that Apple needs demonstrate that it can protect users’ information. Securely storing the data on the phone, instead of relaying it to Apple or third-party developers, is an important step. And a concerted effort to put security protocols in place do so could introduce new standards to the world of mobile banking and mobile payments, which would be a great thing for consumers and for the industry.
It also remains to be seen if Apple bets solely on fingerprint identification as the authentication method of the future. Apple could introduce new sensors and new authentication methods on future iPhones, adding more security as mobile banking and mobile payments take off.