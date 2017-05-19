Login | Sign up |Help
19 May 2017
Visit www.capgemini.com/worldreports
» View all news Next story »

HSBC biometrics breached by BBC reporter

1 hour ago  |  1528 views  |  1 HSBC sign

Voice recognition software launched last year by HSBC in order to speed up access for phone banking customers has been successfully bypassed by a BBC reporter and his non-identical twin brother.

Joe Simmons was able to mimic his reporter brother Dan's voice and gain access to his account, thereby raising questions about the software’s security.

The voice ID service was introduced as a way to bring more convenience to customers of First Direct, HSBC’s phone banking business, without sacrificing any security.

Uttering the phrase “my voice is my password” was supposed to be the method for customers to gain “easier and safer access” access to their own accounts and the service was advertised as such.

“Voice ID can analyse your voice in seconds - checking over 100 behavioural and physical vocal traits, including the size and shape of your mouth, how fast you talk and how you emphasise words,” stated the bank.

However, in light of the BBC report, the bank has now said it will increase the sensitivity of the software. “The security and safety of our customers’ accounts is of the utmost importance to us,” it told the BBC.

The bank also insisted that voice ID is a very secure method of authenticating customers despite the vulnerability to vocal genetics. "Twins do have a similar voiceprint, but the introduction of this technology has seen a significant reduction in fraud, and has proven to be more secure than Pins, passwords and memorable phrases."

The bank also added that while the software gives users access to their accounts, it only allows them to check their balance and move money between linked accounts and not to third parties.

HSBC is not the only high street bank in the UK to employ voice recognition software. Others include Barclays and Santander as well as digital-only bank Atom.

And despite the embarrassment of being fooled by a BBC reporter and his brother, security experts have defended the use of voice recognition as a means of secure authentication and a more effective method than traditional passwords.

“The BBC is certainly not the first to research ways to fool voice recognition systems or bypass fingerprint sensors, but this is no mean feat and depends on the quality of the original biometric imprint,” says Thomas Fischer, threat researcher and security advocate at Digital Guardian says that it is still a better means of defence than traditional passwords. “Brute force cracking weak passwords, on the other hand, can be done with relative ease.”

ChannelsRETAIL BANKINGMOBILE & ONLINESECURITY
KeywordsAUTHENTICATIONBIOMETRICSVOICE RECOGNITION/SPEECH VERIFICATION

Comments: (1)

Hitesh Thakkar
Hitesh Thakkar - FIS Payments Software and Services India - India | 19 May, 2017, 11:46

Biometric Authentication is the way forward to provide priviliedge to the user to transact his accounts. There are several forms of it and comes with it's own limitations and unique usage.d

It's good that HSBC has take it in right sense and fine tuned it but it shows that, speech verification has it's own vulnerabilities while implementing it. If more services need to be allowed than it's better to have multiple factors for authentication ( it may cost trade off with usability and convenience).

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Report
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

ANZ to use voice prints for mobile authentication

ANZ to use voice prints for mobile authentication

03 April 2017  |  4876 views  |  1 comments | 3 tweets | 10 linkedin
Voice biometrics prove a hit for Citi in Asia Paficic

Voice biometrics prove a hit for Citi in Asia Paficic

23 March 2017  |  5092 views  |  0 comments | 9 tweets | 20 linkedin
HSBC and Barclays customers hit by technical problems

HSBC and Barclays customers hit by technical problems

27 February 2017  |  8249 views  |  0 comments | 10 tweets | 8 linkedin
DBS to roll out voice authentication; OCBC to take biometrics nationwide

DBS to roll out voice authentication; OCBC to take biometrics nationwide

24 May 2016  |  6777 views  |  0 comments | 7 tweets | 12 linkedin
HSBC to cut 850 IT jobs in UK

HSBC to cut 850 IT jobs in UK

16 May 2016  |  8269 views  |  0 comments | 10 tweets | 13 linkedin
Santander launches 'voice banking' technology

Santander launches 'voice banking' technology

22 March 2016  |  15327 views  |  0 comments | 48 tweets | 53 linkedin
HSBC to roll out voice and Touch ID to 15 million UK customers

HSBC to roll out voice and Touch ID to 15 million UK customers

19 February 2016  |  10770 views  |  0 comments | 19 tweets | 25 linkedin
HSBC online and mobile services downed by cyber attack

HSBC online and mobile services downed by cyber attack

29 January 2016  |  10561 views  |  5 comments
Sorry start to the New Year for HSBC as online problems continue

Sorry start to the New Year for HSBC as online problems continue

05 January 2016  |  6266 views  |  1 comments | 7 tweets | 9 linkedin
Atom Bank to launch with face and voice biometrics

Atom Bank to launch with face and voice biometrics

16 December 2015  |  13809 views  |  0 comments | 35 tweets | 33 linkedin
HSBC tops UK bank social media customer service table

HSBC tops UK bank social media customer service table

27 September 2013  |  17092 views  |  0 comments | 28 tweets | 11 linkedin
More news »

Related company news

Banco Santander - all news
HSBC - all news
Atom Bank - all news
 

Related blogs

Create a blog about this story (membership required)
Visit www.capgemini.com/worldreportsvisit www.niceactimize.comvisit vasco.com/news/PSD2-compliant-solutions

Top topics

Most viewed Most shared
hands typing furiouslyEnterprise Ethereum Alliance: a blockchain...
10028 views 0 | 7 tweets | 8 linkedin
EBAday 2017: Towards full payments digitalisationEBAday 2017: Towards full payments digital...
8662 views comments | 5 tweets | 4 linkedin
Digital Identity – the ‘missing link’ in your DigiDigital Identity – the ‘missing link’ in y...
7150 views comments | 1 tweets
European banks lobby Commission to push ahead with screen scraping banEuropean banks lobby Commission to push ah...
6990 views comments | 26 tweets | 35 linkedin
UK consumers ready to swap banks for tech giantsUK consumers ready to swap banks for tech...
6489 views comments | 36 tweets | 45 linkedin

Featured job

Global Head of Sales - Trade Finance / Supply Chain Software - London

Six Figure Base + Commission + Stock Options
London

Find your next job

All jobs »

Finextra logo
© Finextra Research 2017

 
About Finextra
Community Rules
Terms of use
Privacy policy
Contact us
EditorialEditorial
Sales & MembershipSales and Membership
Follow us
LinkedInLinkedIn
TwitterTwitter

RSSRSS Feeds
newsletterDaily newsletter