Banks kill biometric support for Samsung Galaxy phones
Nationwide and Natwest among several banks taking action after a fingerprint glitch was revealed last week
Major UK banks have withdrawn biometric support for their apps on Samsung Galaxy S10s after reports of a glitch in its fingerprint sensor.
Nationwide Building Society and Natwest have taken action to minimise risk to S10 users after Samsung confirmed its in-screen fingerprint sensor could recognise fingerprints from any users on certain third-party screen protectors. This issue affects the Samsung Galaxy S10, S10+, S10 5G, as well as Note10 and 10+.
In the absence of a patch, Natwest has removed the app from the Google Play Store for users with the affected handsets, while users who already have the app installed are finding the fingerprint login option has been disabled.
"We've removed the app from the Play Store for customers with Samsung S10 devices," a distributed customer support message said, that Natwest confirmed with IT Pro was genuine. "This is due to reports that there are security concerns regarding these devices. We hope to have our app available again shortly once the issue has been resolved."
Nationwide, meanwhile, is still allowing users to access its banking app but is recommending that the fingerprints authentication option is removed.
This is in addition to a host of international banks that have also taken similar action, according to reports from Reddit.
IT Pro also approached Nationwide for comment.
Support for biometric authentication has been dropped in the context of legacy UK banks aiming to become more digitally-savvy in the modern era.
Natwest and RBS, launched a biometric-enabled debit card trial earlier this year, in which customers can use their fingerprint when paying for goods valued at more than 30.
Although many users may see the move to temporarily cut biometric support as an overreaction, cyber security specialist with ESET Jake Moore has labelled the decision as an "excellent response".
"It may sound a bit hasty but banks must look after their customers where they can, and being aware of the most current threats shows that they are on point," he said.
"However, with regards to any apps related to financial or sensitive personal data, two-factor authentication (2FA) should be in place by default to add extra security.
"Passwords plus another form of verification will prevail against the majority of attacks and customers need to recognize this. Encouraging users into 2FA is the best way of introducing this extra layer of protection quickly."
This isn't the first time the Samsung Galaxy S10 fingerprint reader has run into difficulties, with reports earlier this year suggesting the in-screen scanner could be unlocked using a 3D-printed fingerprint.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now