Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Banks Turning to Voice Fingerprinting for Authentication

by Fox Van Allen on October 14, 2014

Man banking by phoneWhat’s the weakest link when it comes to protecting your bank balance, stock portfolio and other financial accounts? Chances are, it’s not your password – especially if you’ve taken the effort to choose a strong one. No, the real soft spot is likely your bank’s customer service phone line. When hackers stole millions of debit and credit card accounts from Home Depot and Target, some thieves were able to reset customers’ PINs and make fraudulent cash ATM withdrawals through social engineering and exploiting weaknesses in automated bank customer service lines.

Thankfully, banks are working to shore up their vulnerable phone lines to prevent these kinds of impersonations. And they’re turning to voice fingerprinting to do it. According to phys.org, companies across the world are collecting samples of your voice for identification purposes. At the Vanguard mutual fund company, customers are required to authenticate with their own voice, speaking the phrase “at Vanguard, my voice is my password” for access. English banking giant Barclays is rolling out voice authentication for all its 12 million customers following a successful test of the tech, as well.

Voice fingerprinting works because each person has a unique way of speaking. These systems analyze the way air moves up through your lungs, vocal cords and mouth, comparing your live sound to past recordings. Modern voice tech is smart enough to ID you even if your voice is altered due to a cold, just as its smart enough to be able to tell the difference between the speech patterns of identical twins.

There are some drawbacks to voice fingerprinting, though. First, there’s an issue of cost: Voice fingerprinting is more expensive for banks to use than traditional methods due to computing and storage requirements. Secondly, a person could theoretically record your voice and play it back later to trick an automated system. And, of course, an estimated 8 out of every 10,000 adults are mute and unable to use their voice at all.

Still, the benefits of voice fingerprinting appear to outweigh these drawbacks enough for the banking industry to move forward with it. There is currently an estimated 65 million voice fingerprints on file at public and private institutions around the globe. “The general feeling is that voice biometrics will be the de facto standard in the next two or three years,” confirms Iain Hanlon, an executive at Barclays.

[Man banking by phone via Shutterstock]


Topics

, News, Computers and Software, Computers & Accessories, Blog


Discussion loading

gravatar

From Hitoshi Anatomi on October 15, 2014 :: 2:00 am


Whether static or behavioral or electromagnetic, biometrics cannot be claimed to be an alternative to passwords UNTIL it stops relying on a password for self-rescue against the false rejection altogether while retaining the near-zero false acceptance in the real outdoor environment.

Biometrics can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction.  I would appreciate to hear if someone knows of a biometric product operated by (1).  The users of such products must have been notified that, when falsely rejected by the biometric sensor with the devices finally locked, they would have to see the device reset.  It is the same with the biometrics operated without passwords altogether.

Biometric products like Apple’s Touch ID are generally operated by (2) so that users can unlock the devices by passwords when falsely rejected by the biometric sensors.  This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y).  The sum (x + y - xy) is necessarily larger than the vulnerability of a password (y), say, the devices with Touch ID and other biometric sensors are less secure than the devices protected only by a password.

It is very worrying to see so many ICT people being indifferent to the difference between AND/conjunction and OR/disjunction when talking about “using two factors together”.

Reply

gravatar

From Josh Kirschner on October 15, 2014 :: 11:38 am


I would also be curious to know more about how easily biometric passwords - whether voice or otherwise - can be stolen via database hacks versus traditional passwords. We’ve seen a number of cases where hackers stole login information from unencrypted or poorly encrypted user databases. Would the same vulnerabilities hold true for biometric passwords help in poorly secured databases?

Reply

gravatar

From Hitoshi Anatomi on October 18, 2014 :: 10:44 pm


Biometrics vendors say that they do not have to store the whole biometric data, but only the characteristic feature points from which the original data cannot be recovered in view of the criticism that we cannot change our biometric features if stolen.

Also worryng is something like
http://mashable.com/2013/09/11/girl-fingerprint-scanner/

Anyway, I wonder how many people will keep using the biometric sensor while knowing that it is bringing down the security.

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.