Was it it tested with a DVR?
They're cheap and the reproduction is great. I'd like to think they'd taken this into account.
Barclays is abolishing passwords for its telephone banking customers in favour of voice recognition. The UK high-street bank – which has been trialling voice recognition technology with a limited number of customers for three years since 2013 – said that technology that identifies a caller based solely on their voice is a “ …
"made up of over 100 characteristics based on the physical configuration of the speaker's mouth and throat."
Presumably, a speech synthesiser program which has these 100 variables as parameters is relatively straightforward to create.
In other words: if someone steals your vocal fingerprint, they'll easily be able to login to the bank and issue arbitrary commands. Even if it sounds like a robot, that doesn't matter as long as it convinces the computer at the other side.
"Only as part of 2FA."
Apparently the Barclays tech and management, team did not watch Star Trek, The Next Generation, where on the episode "Brothers" Commander Data mimics Picard's voice to take control of the ship. After this event, 2FA is implemented with access codes (passwords) on top of the voiceprint recognition.
Life imitates art, indeed. This won't end well.
Presumably, a speech synthesiser program which has these 100 variables as parameters is relatively straightforward to create.
It is, but these are variables, each can take a wide range of values, so the possible combinations are huge.
Even so, it's a crap idea. Getting speech recognition to work over the compression and distortion of POTS or VoIP phone lines is non-trivial, and often involves substantial watering-down of algorithms, which makes faking the pattern easier.And as already pointed out, this is useful for recognizing the person (i.e. the equivalent of a username) but it should never be used for authentication (a password). If I had a Barclay's account I'd cancel the telephone banking service now.
Anyone care to take bets on how long before the first exploit is published?
"Then we can look forward to voice recognition AND remembering a password!"
BVR:"Hello, Your voice identifies you as Captain DaFt. Please enter your password to continue."
Me:" Uh.... Dammit, I can never remember that damned thing!"
BVR:"Password confirmed as matching previous entries, you may continue."
Me: "Whaa!?"
I love how I get 2 down votes and people who have never seen this in action get the up votes for saying it will work with a DVR, which is utter bollocks
Go to to a comms trade show and visit Nuance and see it in action.
No I don't work for them and no I don't even use it. But I have seen it, tried it and tested it.
But I still wouldn't make it the only method, no more than I would a single password.
Voice control in my 2016 Ford:
I say: "Play "One Vision"."
It hears: "Dial Elisa?"
I gave up after that. It has a touchscreen so I just use that instead.
And, no, the audio is crystal clear and the road-noise absolutely minimal (i.e. people think I'm in the office when I answer from the car using the same internal mic/speakers).
The only audio command that I can "almost" get working is "USB - Play All", and that's got about a 90% success rate and the only reason I use it is when a passenger hits the wrong button and it goes onto radio, because it's a bark to get it back especially when you're trying to tell the passenger what to press to do so.
Even then, I once had the following exchange:
I say: "USB"
It heard: "Navigate".
I haven't even TRIED to get it to recognise Destination Home because it's so finicky on everything else and I've had little success. When you're training YOURSELF to the car system rather than the other way around, you know it's time to just press buttons instead.
Probably the same as in their computers & phones, works adequately with a good microphone close to your face. But even then you find yourself training yourself to the software. I'll bet you anything (5p to be precise) Ford didn't bother to install the various regional voice recognition files.
The VC in my Honda used to be horribly hit and miss. It could take several minutes of me getting increasingly irate before I finally got it to dial a number. Honda have fixed that in the latest version though.
Now you can only dial using the touch screen or through phrases you have recorded and attached to contacts.
But then their oh-so-wonderful infotainment unit has so many bugs that cutting out features seems a wise decision. It comes to something when you pay £18k for a car and sometimes it can't play music for ten minutes because it's struggling to boot.
Never trust a hardware manufacturer to write software. In this case apparently the head unit is supplied by Pioneer.
To counteract the chance of being asked something you haven' made a recording for, all you'd need to do is go through the process yourself, making mistakes and seeing what you were asked to say. Then record enough of your victim to get a supply of necessary words, use some cheap music-editing to splice up into responses and off you go.
I've only been a Barclays customer for a couple of months and so far I'm not impressed. Features absent from their online service, Indian call centre staff saying "Sorry sir you can't do that online you will have to visit your branch". Long queues in the local branch, the clerk at the bank then not being able to handle my request so needing to make an appointment to see someone at the bank several days later. The clerk at the subsequent appointment having problems with her computer and having to process everything on paper instead and mail it to head office. Duff advice via their call centre from someone with a poor grasp of English and several weeks delay in anything happening resulting in me missing a critical financial deadline. Wonder if I can use voice recognition to tell them where to shove their account as I'm going to close it? They might want to consider investing in the basics of banking and customer service before investing in high-tech features of dubious reliability / security. Anon for obvious reasons.
Barclays are absolute scum. My local branch replaced all their humans with some absolutely crappy machines. Thing is I'll trust a machine to scan my groceries, or to withdraw cash, but to do anything more complicated? No f*cking way. And if you want to talk to a person to do something instead the staff get really arsey about it. Terrible customer service, terrible bank.
I've just phoned the person at Barclays we saw three weeks ago, using the number on her business card. The number leads to a nightmare telephone maze, and I ended up stuck in a queue so long that I used the option for them to call me back instead. Half an hour later someone phoned me from India who had to repeat everything several times so I could fathom what he was saying through his heavy accent. Predictably, he couldn't help me and eventually tried to transfer my call back from India to my local Barclays branch to the person who's business card number I'd actually phoned. Stuck waiting for five minutes listening to background music and finally he said all the lines are busy, try phoning them again in a couple of hours or go to my branch in person.
I was assured my original request would take three days. Three weeks later and nothing, no response and virtually impossible to speak to anyone at Barclays to resolve this. So my options are to try via the nightmare telephone maze and Indian call centre again and have to explain everything from scratch again or to stand in a queue at my local branch for twenty minutes to see the cashier only to be told I need to make an appointment to come back again another day. Barclays bank sucks.
They really are a bunch of clown shoes...
They don't support Google pay, because they think they can do better with their own system, and none of their ping-it, mobile banking apps will have anything to do with a rooted Android device (because "security!")... And then they introduce a daft system like this... Who's advising them on security issues? Some government "expert"?
Assuming it has as much trouble understanding Drunk Mongo as everyone else, it should mean less starting in outrage at bank statements (only to sadly admit their plausibility). Now if Amazon and Ebay enable it too then I'll have to fall back upon flea markets for cluttering up the house with ill -considered tat.