With little fanfare, JPMorgan Chase on Monday (Sept. 12) reversed its security position on its mobile app, removing the need to type in a password once a customer has already been authenticated by either Apple’s Touch ID or an Android biometric scan. Before Monday, Chase customers could log in using a biometric scan and see things such as balances but needed to authenticate themselves again with a password for transferring funds or making a payment. Now the biometric scan is sufficient for all bank functions.

This is the latest in the battle between security reality and security perception. From a pure security perspective, any decently implemented biometric authentication (fingerprint, in this case) is far more secure than most passwords. But because of the biometric scan’s ease and speed, some retailers and bankers feared that consumers might not perceive a transaction as secure unless the app also forced the typing of a password.

To read this article in full or to leave a comment, please click here