Banks kill biometric support for Samsung Galaxy phones

Nationwide and Natwest among several banks taking action after a fingerprint glitch was revealed last week

Major UK banks have withdrawn biometric support for their apps on Samsung Galaxy S10s after reports of a glitch in its fingerprint sensor.

Nationwide Building Society and Natwest have taken action to minimise risk to S10 users after Samsung confirmed its in-screen fingerprint sensor could recognise fingerprints from any users on certain third-party screen protectors. This issue affects the Samsung Galaxy S10, S10+, S10 5G, as well as Note10 and 10+.

In the absence of a patch, Natwest has removed the app from the Google Play Store for users with the affected handsets, while users who already have the app installed are finding the fingerprint login option has been disabled.

"We've removed the app from the Play Store for customers with Samsung S10 devices," a distributed customer support message said, that Natwest confirmed with IT Pro was genuine. "This is due to reports that there are security concerns regarding these devices. We hope to have our app available again shortly once the issue has been resolved."

Nationwide, meanwhile, is still allowing users to access its banking app but is recommending that the fingerprints authentication option is removed.

This is in addition to a host of international banks that have also taken similar action, according to reports from Reddit.

IT Pro also approached Nationwide for comment.

Support for biometric authentication has been dropped in the context of legacy UK banks aiming to become more digitally-savvy in the modern era.

Natwest and RBS, launched a biometric-enabled debit card trial earlier this year, in which customers can use their fingerprint when paying for goods valued at more than 30.

Although many users may see the move to temporarily cut biometric support as an overreaction, cyber security specialist with ESET Jake Moore has labelled the decision as an "excellent response".

"It may sound a bit hasty but banks must look after their customers where they can, and being aware of the most current threats shows that they are on point," he said.

"However, with regards to any apps related to financial or sensitive personal data, two-factor authentication (2FA) should be in place by default to add extra security.

"Passwords plus another form of verification will prevail against the majority of attacks and customers need to recognize this. Encouraging users into 2FA is the best way of introducing this extra layer of protection quickly."

This isn't the first time the Samsung Galaxy S10 fingerprint reader has run into difficulties, with reports earlier this year suggesting the in-screen scanner could be unlocked using a 3D-printed fingerprint.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021