What is Fingerprint authentication?
Is Fingerprint sign in secure?
- Fingerprint sign in has the same high level security as all authentication methods for online and mobile banking. Both Google and Apple have a hardware backed chip on supported devices. When registering for Fingerprint authentication, we generate a RSA Public/ Private key that is stored and encrypted by that hardware chip. The only way it can be accessed is when the device Operating system authenticates the user through the fingerprint scanner. The private key never leaves the devices trust zone which is not accessible by software. The server has the public key. When signing in, a signature is created by the trust zone using the private key. This signature is sent to the server where it verifies its authenticity by comparing to the public key. This allows the user to login. This is also why any changes to items within this process require the user to re-enroll in this service. This includes when the user adds a new fingerprint, the app is re-installed or a change is made to the device OS that affects anything related to fingerprints on the device.
What smartphones devices are supported?
- The capability is available for Touch ID capable iOS devices and Android devices that have compatible fingerprint support running Android 6.0 or higher. Compatible Android devices are those that are using Android’s fingerprint support. Specific devices from Manufacturers that have created their own Fingerprint supported devices and are not using Google’s built-in support for Android, are not compatible. Examples of known devices that are not supported are the Samsung Galaxy S5 and Note 4. These devices use Samsung’s Fingerprint drivers, not Google’s Android.
Does my device need to be password protected to register?
- Yes. As per the operating system requirements, you will be required to password protect your device before you can set up fingerprint access.
Will a password be required when using Fingerprint Authentication?
- No. Once you are enrolled with fingerprint authentication, your fingerprint is the only required sign in credential.
If my fingerprint is not recognized, can I still log on to my account?
- Of course – you can always log on to the NSB’s Mobile Banking app using your account username and password.
I have a compatible device, but Fingerprint Login is not showing when I launch the app?
- Fingerprint Login will only display within the mobile banking app, if you have set it up in your device "Touch ID' settings and register the device.
What if my Fingerprint Authentication enabled phone is lost or stolen?
- If your mobile device is lost or stolen you can delete a device at any time by logging onto your account from a PC or another device and selecting the Fingerprint Device Management screen. You can delete the lost/ stolen device from the list of devices currently authorized. In addition, anytime a new fingerprint is added to the device, re-enrollment is required. So a lost device should not be able to access your account without your fingerprint or account username/ password.
Will my fingerprint be stored in the Mobile Banking app?
- No. Your fingerprints will never be stored in the Mobile Banking app or kept within Online Banking. North Shore Bank is relying on the device to authenticate the fingerprint and confirm or reject verification.
What happens when I buy a new phone?
- You will need to register your fingerprint on the new device, and then set up fingerprint sign in to access Mobile Banking using your fingerprint
How do I disable fingerprint sign in?
Within the North Shore Bank Mobile App, navigate to the Mobile Services menu > Manage Fingerprint > Fingerprint Enrollment > by selecting ‘Un-enroll’ that device will no longer be able to sign in with Fingerprint Authentication
Fingerprint Authentication can be disabled in a number of ways:
- By using the mobile app and navigating from the: Sign In page > Mobile Services > Manage Fingerprint > Fingerprint Enrollment > Click “Unenroll”.
- Using the mobile browser to Sign In into their accounts and navigate to the “Manage Fingerprint Devices” screen shown below or the Fingerprint Enrollment page.
- Using a PC and navigating to the desktop version of “Manage Fingerprint Devices” shown in the next section.
- If the end user deletes their device from the Mobile app using the Manage Fingerprint devices screen (Mobile Services > Manage Fingerprint > Manage Fingerprint Devices > Click the red ‘x’ in the delete column that corresponds to the device you wish to delete), the next time that device attempts to Sign back in, they will be unable to use the registered device fingerprint and must unenroll their device from the Fingerprint Enrollment screen.