Lloyds experiments with 'tap to bank' card tech for mobile authentication

Lloyds Bank customers may soon be able to use their contactless debit card as a way of securely authenticating their identity when setting up the mobile banking app on an NFC-enabled device.

  21 6 comments

Lloyds experiments with 'tap to bank' card tech for mobile authentication

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The ‘tap to bank’ technology has so far been tested on over 125 people, replacing the standard call-to-mobile procedure with a simple tap of the debit card. The bank says that in the future, the application could be extended to other tasks, such as authenticating new payments.

Director of innovation and digital development, Marc Lien says: “With the widespread take up of contactless cards and most new smartphones now having NFC technology, this tap to bank trial is developing enhancements to banking processes that many people could benefit from."

In a similar vein, the bank is replacing automated phone calls to authorise certain desktop banking transactions by a log into the mobile banking app to verify their requests.

This process is available for customers setting up new beneficiaries, setting up standing orders, making international payments and resetting passwords via their Internet Banking on desktop.

Lloyds says customer authentication on these transactions are a lot quicker than the current automated phone call, now taking less than 20 seconds to complete.

Lloyds Bank currently has around 2.5m active mobile banking customers - with over 1.5 million customers downloading the app - and over 10 million active online banking users. The bank recorded over one billion log ins to its online banking site in the past 12 months.

Sponsored [Webinar] PREDICT 2025: The Future of AI in the US

Comments: (6)

A Finextra member 

Interesting approach. Can anyone explain what sort of security this brings to the table?

A Finextra member 

Not sure how it brings in robust security features? And isn't one of the main purposes of digital / mobile transactions to get away from physical cards?

Dave Sanderson

Dave Sanderson Banking Services Consultant at YBS Group

My assumption is that the card acts in the way an RCA token would within two factor authentication. The first is the various passwords used to log in to the mobile app and the second is the card itself. There are a number of scenarios where a fraudster/criminal would have access to one of those things but rare that they would have both.

A Finextra member 

@Dave. A payment card releases static card data when challenged from the NFC reader. Once the card has been used the first time, malicious software can capture and reuse the card data, any time. Hopefully they are able to block malware from modifiying the app.

Dave Sanderson

Dave Sanderson Banking Services Consultant at YBS Group

@Bjorn -  of course, I hadn't even thought of that aspect of it. Probably a good thing I don't work in Financial Crime!

Thomas B. Normann

Thomas B. Normann CPO at MeaWallet

This sounds like a solution that's easy to hack. Are they using static or dynamic data from the card to authenticate? I really hope they're not using the static data - then your card data (easy to steal) gives full access to your account.

If they are using dynamic data it would be interesting to learn more about how they do this. Are they using session/transaction keys? Or are the cards running an additional applet for authentication purposes? 

[Webinar] Reaping the benefits of Hyper-Personalisation with AI and Application ModernisationFinextra Promoted[On-Demand Webinar] Reaping the benefits of Hyper-Personalisation with AI and Application Modernisation