Security Today

0

HSBC’s voice recognition security breached by customer’s brother

web-post May 24, 2017

HSBC’s voice recognition software – launched last year and hailed as highly secure – has been successfully foiled by the brother of one of its customers. HSBC’s systems wrongly accepted the voice as proof of the account holder’s identity and permitted access to the account. The investigation was carried out by a BBC reporter and his non-identical twin. The discovery has raised questions about the safety of “biometric” banking security systems.
HSBC has responded by saying the “sensitivity” of its voice recognition testing will be increased.

The voice ID processes were introduced to help speed up phone-banking users’ access to their accounts. By saying the phrase “my voice is my password”, customers can access account information and move money between accounts. Both HSBC and its offshoot First Direct use the technology,  boasting that it is “easier and safer access to your account”. Advertising by the bank claims that “your voice is unique”. HSBC says: “Voice ID can analyse your voice in seconds – checking over 100 behavioural and physical vocal traits, including the size and shape of your mouth, how fast you talk and how you emphasise words.”

However, when non-identical twin Joe Simmons used his voice to mimic his brother Dan’s, he was granted access to Dan’s accounts. HSBC’s system allowed him eight attempts to get the voiceprint correct. HSBC said it has increased the sensitivity on its voice recognition system after the discovery of the breach. An HSBC spokesman told the BBC: “The security and safety of our customers’ accounts is of the utmost importance to us. Voice ID is a very secure method of authenticating customers. “Twins do have a similar voiceprint, but the introduction of this technology has seen a significant reduction in fraud, and has proven to be more secure than Pins, passwords and memorable phrases.” Using the voice recognition system gives customers access to balance information and lets them move money between linked accounts. It does not permit them to move money to third party accounts.

Tagged with: ,

Leave a Comment

Sorry You Are Not A Registered Subscriber

To View Full Magazine.

Login to your account

View Full Magazine after login.
OR

New Online Subscription?

Buy an Online Subscription to SECURITY TODAY which allows you to view full magazine online.
BUY HERE

Login to your account

Can't remember your Password ?

Register for this site!

loading