Bank of Scotland streamlines app login

Bank of Scotland streamlines app login

Bank of Scotland has revamped its mobile app in a bid to make logging in a hassle-free three click process.

The first time that they use the new iPhone and Android apps, customers will be prompted to 'register' their device, linking them to their handset and the app.

Subsequently, they will only be required to enter three random characters from their 'memorable information' (MI) to log in. Bank of Scotland says that it can keep the process down to three clicks because each time they use the app customers will be asked for a different combination of characters from their MI.

Other banks, such as RBS, ask for a normal PIN at log in, requiring five characters. Lloyds asks users for a password and three characters from the customer's MI.

Robin Bulloch, MD, Bank of Scotland Community Bank, says: "We've listened to what our customers want from their mobile banking experience and are delighted to introduce the 'three click' login. Using this new next generation app, customers will find mobile banking faster, easier and very secure."

Mobile commerce firm Zapp recently revealed that it has been trying to get banks to simplify their log-in procedures. The VocaLink-owned outfit is set to launch a service which lets customers make payments from their bank apps but concedes that the current convoluted log-in procedures could put people off. BoS is not one of the banks signed up to Zapp.

Comments: (2)

A Finextra member
A Finextra member 24 January, 2014, 12:01Be the first to give this comment the thumbs up 0 likes

If number of log-in attempts is limited (and it should be) AND bank assumes that "secret information" has not been compromised, then even a 3-digit fixed PIN does the job. (Well, it's easier to shoulder-surf a short numeric PIN than a long alpha-numeric one, but that's another story.)

However, if phone's OS has been compromised by malware, than none of the options currently used by banks provide adequate security.

Banks seem to operate on the basis that OS allows for safe app use. In that case, a simpler user interaction makes sense.

Pat Carroll
Pat Carroll - ValidSoft - London 28 January, 2014, 13:01Be the first to give this comment the thumbs up 0 likes

It’s good to see the Bank of Scotland focussing on the mobile customer experience. Clearly they see this as a significant competitive advantage, and promoting it as such, whilst also highlighting the security features of their approach. With mobile, streamlining the login process,  enrolment and activation is key if banking apps and wallets are to achieve the adoption needed. When it comes to financial services, consumers want convenience. Mobile can deliver a strong value proposition but achieving the balance between a low friction customer experience and “behind the scenes” strong security is vital. What is clearly still lacking is consumer confidence in the security of the  mobile  environment,  and every high-profile attack on the payments industry further dents consumer confidence.  So it doesn’t help at all to read headlines such as “Personal banking apps leak info through the phone” coming rapidly on the back of some of the most high profile data breaches in history. Not scare-mongering – sadly fact.  

Fraudsters are relentless and evolve their methods constantly, and it’s easy to form an opinion that the war is over and they have won. However some reassurance can be derived from the amount of research and innovation that is being invested in the security sector. The evolution to mobile creates some of the greatest opportunities we have to reengineer process flows and remove traditional opportunities for fraud. Real-time checks carried out in parallel at the point of sale can be used to detect and prevent fraud yet without any apparent linkage of the process flows. Such capability creates very complex layered security models that are very difficult for the fraudster to hijack. And even if one or more layers are compromised, the integrity of the process can be preserved.

Alongside the application of such powerful multi-factor, multi-layered invisible technologies is the emergence of innovative low friction “visible” technologies such as Voice Biometrics, with Equal Error Rates low enough to ensure widespread mainstream adoption in both online and mobile banking. Speaking is intuitive and when speaking can be combined with voice recognition and voice biometrics, but in a totally intuitive and “command driven” perspective, in high-fidelity, over the data channel (no call placement required), and where no PINs or passwords or any form of pre-determined security information is necessary, then a paradigm shift has been achieved and mass adoption is inevitable.

Such fiction is in fact reality today, and the technologies are already available, and in the process of being deployed by the most advanced technology adopters on the planet. No bank wants to be on the “bleeding edge” of any technology, but in the race for competitive advantage, and the absolute need to counter the fraudsters, no bank can afford to not be on the “leading edge”.