RBC has improved its RBC Mobile App with a feature that combines client card and biometrics authentication with PIN verification.
Using this new security feature, Android users with the near-field communications (NFC) function enabled on their mobile device can tap their client card on the phone and input the PIN number to authenticate. On Apple iOS devices, users can use biometrics to authenticate and then input the PIN.
“The PIN is the added combination of an additional item that you know, and probably one of the most secure and least shared items that clients have,” said Rami Thabet, senior vice-president of Digital Sales and Advice at RBC. “We believe that combination of those together takes us to an absolutely next level of security and privacy.”
This extra layer of security will initially be used when customers change sensitive information, such as their online banking passwords. It will be scaled across RBC’s other applications in the coming months.
Although it sounds like a straightforward feature, Thabet emphasized that it was actually a tremendous engineering accomplishment to bring it to service.
“It is a very challenging and tough…digital technology challenge to solve [but] it adds a tremendous amount of value,” said Thabet.
This new feature is intended to prevent fraud, according to the bank. It cited that the Canadian Anti-Fraud Centre recorded C$379 million in reported losses from Canadians in 2021, up from C$160 million in 2020.
Thabet explained that adding the PIN into the security check increases the protection against fraud, including social engineering attacks. The attacker now not only would need to obtain physical access to the card, but also know the PIN as well as the answers to knowledge-based questions to compromise an account.
“The PIN is just much harder to social engineer, in the sense that you would have to ask for it quite overtly,” Thabet said.