David Divitt - VocaLink - London 11 June, 2009, 09:49 0 likes

"It merely closes just one of the many doors open to criminals."

Dean, are you saying banks should, instead, leave all the doors open and not bother?  Seems to me that closing any door possible is better than leaving it open.  Anything to lower the ROI for a fraudster is going to dissuade them from attacking you personally.

A Finextra member 11 June, 2009, 16:54 0 likes

Thanks for the comment David and I did agree it would be some use... even if only temporarily, going on past performance.

It does remind me of the 1950's - they used voice recognition then, only it was the lady at the bank who recognised your voice.

No physical security advisor would ever suggest you make your front door like a Mosler vault whilst leaving not even a flyscreen on the back door or window. Is this any different?

I also a fan of giving the customer the minimum processes to perform interactions and voice recognition is impractical for all but phone banking. Why not add voice recognition to your ATM's? POS terminals Why not use viop voice-rec for internet banking? It won't fly.

Let's be honest here, voice recognition is expensive, and a Titanic solution - the investment is worthless if it is breached, although I suspect there are minimal start up costs for the banks - the on-goings of voice recognition will become as draining as SMS.

It will provide no assurance that criminals won't come after these customers, nor is it likely to withstand attacks when they do come. The bank will no doubt try to automate the process over the phone and give opportunity for fraudsters to defeat it.

While every little effort helps, a piece-meal approach doesn't appear to work. Remember Chip an PIN. Billion plus? Savings? I suppose a breach of the voice recognition system is not going to happen (just like that little collapse of the financial system).

What's plan B?

There are are solutions which cannot be mass breached. There are solutions you can recover from even after, heaven forbid, a massive breach or individual compromise, without trashing your whole investment, and issuing a whole new solution and retraining your customers. This is not one of them.

This is not the mass media so we can use the spin dryer here and the customers and the board probably won't notice. Of course while these sort of patchwork approaches continue the banks are effectively allowing themselves to be divided and conquered. In the initial stages it's ok while there are many diversified methods, but as they're rolled out the criminals roll in.

The problem is bigger than one patchwork solution or bank. Banks are the little guys now. There are just more criminals than there are bankers, who don't even have a mechanism capable of catching virtually any of the criminals.

How embarrassing is the actual number of frauds - either attempted or successful - compared with the number of offenders caught and prosecuted? I don't think I can find a single comparison of such a bunch of losers in any field of endeavour in history.

To banks I say "Stick to your core business and get together as an industry to solve the fraud issues or face dis-intermediation, disappearing money and vanishing customers."

Better to get together and provide a practical solution to the problem which is not just the problem of banks before shareholders tire of the continuous spin cycle of new security failures, while they bear the costs.

I imagine after the chip and pin business there isn't much chance of that.

As for security, I have worked out that I am actually safer with one of my banks to not ever set up phone banking, because they won't let you change your account details or even get your account number from the bank over the phone unless you have phone banking set up. Voila no phone banking - no acount hijack -although it is not what the bank had in mind. I'll leave you to guess which bank.

That's the best account security I've seen so far and they did it accidentally.