Clarification on newsitem in "VTM Nieuws"
KBC Mobile Banking app security using fingerprint recognition
Sunday, May 15, 2016 — Following a VTM Nieuws-news item on Saturday 14 May, KBC wishes to clarify a number of points concerning the use of fingerprint recognition as a means of securing its Mobile Banking app.
The KBC Mobile Banking app is available for iPhone, Android, Windows devices.
Fingerprint recognition only works on the last two generations of iPhones (iPhone 5S or later).
At present, the KBC Mobile Banking app has roughly 500 000 users who appreciate its ease of use.
About 15 000 clients use fingerprint recognition (which has been available since the start of April 2016) to activate their KBC Mobile Banking app even more quickly and conveniently using their iPhone (5S generation or later). All the other clients activate their KBC Mobile Banking app by means of a five-digit PIN of their own choosing.
Clients themselves are free to decide whether or not they want to activate their Mobile Banking app using fingerprint technology. If they no longer want to use it, they are able to revert back to their five-digit PIN at any time.
The amounts that can be transferred are limited in size.
To date, KBC has not received a single complaint or any indication that there has been any misuse arising from the method shown in the VTM news item.
Misuse of this kind implies
- that the fraudster manages to make a usable fingerprint,
- and succeeds in getting access to the user's iPhone (last two generations),
- that the device has the KBC Mobile Banking app on it
- and also uses fingerprint recognition.
If all these criteria are met, the fraudster will in fact also have access to all other apps and data on that device (for instance, e-mail, phone, social media, etc.).
KBC fully understands the questions this news report might have raised for users of its KBC Mobile Banking app, especially those who have chosen fingerprint recognition as their security verification method. Consequently, KBC wishes to stress that the security of its online apps is guaranteed. Security was, is – and always will be – a top priority for KBC. It is continually investing the requisite people and resources in security and active monitoring. KBC advises its clients at regular intervals and provides tips on how they too can guarantee the security of their apps.
However, should any irregularities occur in the period ahead, KBC will immediately deactivate fingerprint recognition for its Mobile Banking app. Clients would then go back to using their five-digit PIN.
In the unlikely event of clients falling victim to irregularities arising from the technique highlighted by VTM and have money taken from their account without authorising it, KBC will accept full responsibility and compensate the individuals concerned. Needless to say, in such case KBC will join the criminal proceedings initiated by the client to seek the prosecution and punishment of the perpetrators. Potential fraudsters are therefore taking a big risk for a relatively small reward.