Lloyds experiments with 'tap to bank' card tech for mobile authentication

Lloyds experiments with 'tap to bank' card tech for mobile authentication

Lloyds Bank customers may soon be able to use their contactless debit card as a way of securely authenticating their identity when setting up the mobile banking app on an NFC-enabled device.

The ‘tap to bank’ technology has so far been tested on over 125 people, replacing the standard call-to-mobile procedure with a simple tap of the debit card. The bank says that in the future, the application could be extended to other tasks, such as authenticating new payments.

Director of innovation and digital development, Marc Lien says: “With the widespread take up of contactless cards and most new smartphones now having NFC technology, this tap to bank trial is developing enhancements to banking processes that many people could benefit from."

In a similar vein, the bank is replacing automated phone calls to authorise certain desktop banking transactions by a log into the mobile banking app to verify their requests.

This process is available for customers setting up new beneficiaries, setting up standing orders, making international payments and resetting passwords via their Internet Banking on desktop.

Lloyds says customer authentication on these transactions are a lot quicker than the current automated phone call, now taking less than 20 seconds to complete.

Lloyds Bank currently has around 2.5m active mobile banking customers - with over 1.5 million customers downloading the app - and over 10 million active online banking users. The bank recorded over one billion log ins to its online banking site in the past 12 months.

Comments: (6)

A Finextra member
A Finextra member 06 July, 2015, 12:18Be the first to give this comment the thumbs up 0 likes

Interesting approach. Can anyone explain what sort of security this brings to the table?

Seeva Selliah
Seeva Selliah - Leading European Bank - chennai 07 July, 2015, 06:15Be the first to give this comment the thumbs up 0 likes

Not sure how it brings in robust security features? And isn't one of the main purposes of digital / mobile transactions to get away from physical cards?

Dave Sanderson
Dave Sanderson - YBS Group - Bradford/Leeds - UK 07 July, 2015, 08:23Be the first to give this comment the thumbs up 0 likes

My assumption is that the card acts in the way an RCA token would within two factor authentication. The first is the various passwords used to log in to the mobile app and the second is the card itself. There are a number of scenarios where a fraudster/criminal would have access to one of those things but rare that they would have both.

A Finextra member
A Finextra member 07 July, 2015, 09:14Be the first to give this comment the thumbs up 0 likes

@Dave. A payment card releases static card data when challenged from the NFC reader. Once the card has been used the first time, malicious software can capture and reuse the card data, any time. Hopefully they are able to block malware from modifiying the app.

Dave Sanderson
Dave Sanderson - YBS Group - Bradford/Leeds - UK 07 July, 2015, 09:231 like 1 like

@Bjorn -  of course, I hadn't even thought of that aspect of it. Probably a good thing I don't work in Financial Crime!

Thomas B. Normann
Thomas B. Normann - MeaWallet - Sandvika 08 July, 2015, 12:14Be the first to give this comment the thumbs up 0 likes

This sounds like a solution that's easy to hack. Are they using static or dynamic data from the card to authenticate? I really hope they're not using the static data - then your card data (easy to steal) gives full access to your account.

If they are using dynamic data it would be interesting to learn more about how they do this. Are they using session/transaction keys? Or are the cards running an additional applet for authentication purposes? 

Featured Job
All Jobs »