Voice recognition software introduced last year by HSBC to provide phone banking customers with faster access has been successfully bypassed in the UK by a BBC reporter and his non-identical twin brother.
The voice ID service was launched by First Direct, HSBC’s phone banking business and was promoted as offering customers greater convenience without any loss of security. However, the BBC’s Joe Simmons successfully mimicked his brother Dan’s voice and access his account, thereby raising questions about the software’s security.
At its launch, the service was promoted with the phrase “my voice is my password” as the method by which customers would gain “easier and safer access” access to their own accounts.
“Voice ID can analyse your voice in seconds – checking over 100 behavioural and physical vocal traits, including the size and shape of your mouth, how fast you talk and how you emphasise words,” stated the bank.
First Direct responded to the BBC report by promising to strengthen the sensitivity of the software. “The security and safety of our customers’ accounts is of the utmost importance to us,” it commented.
The bank maintains that voice ID is a very secure method of authenticating customers despite the vulnerability to vocal genetics. “Twins do have a similar voiceprint, but the introduction of this technology has seen a significant reduction in fraud, and has proven to be more secure than personal identification numbers (PINs), passwords and memorable phrases,” it stressed.
First Direct added that while the software gives customers access to their accounts, it only allows them to check their balance and move money between linked accounts and not to third parties.
Tom Harwood, chief product officer at voice security specialist Aeriandi commented: “Biometrics technology has been widely shown to significantly reduce fraud, but it’s not the whole solution. As this experiment has illustrated no security technology is 100% fool-proof. Technology advances have shown that it is now possible to cheat voice recognition systems.
“Voice synthesiser technology is a great example. It makes it possible to take an audio recording and alter it to include words and phrases the original speaker never spoke. The good news is that there is a way to protect against phone fraud beyond biometrics – and that’s fraud detection technology. Fraud detection on voice looks at more than the voice print of the user; it considers a whole host of other parameters. For example, is the phone number being used legitimate? Increasing phone fraud attacks on UK banks come from overseas. Voice Fraud technology has been proven to protect against this as well as domestic threats.”
Thomas Fischer, threat researcher and security advocate at for data protection platform Digital Guardian, said: “It’s really hard to remember a hundred different, complex passwords and so biometrics have been widely accepted as a strong step towards better security and a way to make it easier for consumers.
“After all, it’s far more difficult to spoof someone’s voice, face or fingerprint than it is to guess their weak password. The BBC is certainly not the first to research ways to fool voice recognition systems or bypass fingerprint sensors, but this is no mean feat and depends on the quality of the original biometric imprint.
“Brute force cracking weak passwords, on the other hand, can be done with relative ease. Biometrics are certainly not perfect, but anything we can do to make it more difficult for attackers to win and easier for consumers has to be a good move.”
Far and away, the largest financial market on the planet is the foreign exchange currencies market, where on average individuals and organisations trade more than $5 trillion daily. In the FX world, the ability to master the market isn't considered a luxury for treasury officers–it's a necessity.
Apps are a critical part of treasury's shift into mobile banking as 67% of treasury and corporate finance professionals said mobile banking services are of particular interest to them in a recent survey.
The fact that the world’s biggest technology firms are branching out into the physical world is a huge opportunity for traditional business models, said inspirational speaker Laurent Haug told treasurers at the BNP Paribas Cash Management University.
It’s no secret that technology is rapidly changing the face of treasury. Joseph Reger, fellow and chief technical officer in EMEIA at Fujitsu, believes that 2018 will be a coming of age for both artificial intelligence and the Internet of Things (IoT).