The Royal Bank of Scotland (RBS) and NatWest have announced updates to their iPhone apps, enabling the support of Touch ID authentication. Since the feature itself has been compromised in the past, unlocking the app using Touch ID will not grant access to all app features. Available to iPhone 5s, iPhone 6 and iPhone 6 Plus owners, access to fund transfers and other account tasks require additional verification.
Ben Schlabs, from German hacking think tank SRLabs, warned iPhone owners who hold accounts with these banks and wish to start using the feature:
The security implications are the same, it is just as dangerous... I think it has been shown that it is pretty easy to spoof it and the risks aren't fully understood. Just the fact that you are carrying the key around with you and leave copies of it exposed everywhere you go makes it a very different risk to something that is inside your brain. The risks are poorly understood.
Schlabs continued to explain that while there are security risks (as there are with any form of authentication), most consumers have little need to worry as there have been no reports (that he is currently aware of) of the iPhone sensor being used in crimes. It's certainly food for thought, though Apple has stated that Touch ID is not a complete replacement for traditional security measures and is simply available to provide convenience to consumers.
The bank states that the new feature for both apps will go live on February 19.