back to article Hello, Barclays? Why hello, John Smith. We meet again

Barclays is abolishing passwords for its telephone banking customers in favour of voice recognition. The UK high-street bank – which has been trialling voice recognition technology with a limited number of customers for three years since 2013 – said that technology that identifies a caller based solely on their voice is a “ …

Page:

  1. Flywheel

    Was it it tested with a DVR?

    They're cheap and the reproduction is great. I'd like to think they'd taken this into account.

    1. Anonymous Coward
      Anonymous Coward

      Re: Was it it tested with a DVR?

      "made up of over 100 characteristics based on the physical configuration of the speaker's mouth and throat."

      Presumably, a speech synthesiser program which has these 100 variables as parameters is relatively straightforward to create.

      In other words: if someone steals your vocal fingerprint, they'll easily be able to login to the bank and issue arbitrary commands. Even if it sounds like a robot, that doesn't matter as long as it convinces the computer at the other side.

      1. Anonymous Coward
        Meh

        Re: Was it it tested with a DVR?

        It's not just your voice, it's patterns and mannerisms as well, so no, cobbling recorded words together won't work.

        Would I trust it?

        Only as part of 2FA.

        1. Anonymous Coward
          Anonymous Coward

          Re: Was it it tested with a DVR?

          "Only as part of 2FA."

          Apparently the Barclays tech and management, team did not watch Star Trek, The Next Generation, where on the episode "Brothers" Commander Data mimics Picard's voice to take control of the ship. After this event, 2FA is implemented with access codes (passwords) on top of the voiceprint recognition.

          Life imitates art, indeed. This won't end well.

      2. Phil O'Sophical Silver badge

        Re: Was it it tested with a DVR?

        Presumably, a speech synthesiser program which has these 100 variables as parameters is relatively straightforward to create.

        It is, but these are variables, each can take a wide range of values, so the possible combinations are huge.

        Even so, it's a crap idea. Getting speech recognition to work over the compression and distortion of POTS or VoIP phone lines is non-trivial, and often involves substantial watering-down of algorithms, which makes faking the pattern easier.And as already pointed out, this is useful for recognizing the person (i.e. the equivalent of a username) but it should never be used for authentication (a password). If I had a Barclay's account I'd cancel the telephone banking service now.

        Anyone care to take bets on how long before the first exploit is published?

        1. AMBxx Silver badge
          Coat

          Anyone care to take bets on how long before the first exploit is published?

          Then we can look forward to voice recognition AND remembering a password!

          1. Captain DaFt

            Re: Anyone care to take bets on how long before the first exploit is published?

            "Then we can look forward to voice recognition AND remembering a password!"

            BVR:"Hello, Your voice identifies you as Captain DaFt. Please enter your password to continue."

            Me:" Uh.... Dammit, I can never remember that damned thing!"

            BVR:"Password confirmed as matching previous entries, you may continue."

            Me: "Whaa!?"

        2. Terry Cloth

          Bandwidth

          distortion of POTS or VoIP phone lines

          To say nothing of the 300--3k Hz limitation of the voice system. It would be interesting to know the fidelity of the equipment used to develop voice recognition.

    2. The Man Who Fell To Earth Silver badge
      FAIL

      Each person’s voice is as unique as their fingerprint...

      Which means once stolen, it remains stolen forever after.

      What could possibly go wrong?

    3. Anonymous Coward
      FAIL

      Re: Was it it tested with a DVR?

      I love how I get 2 down votes and people who have never seen this in action get the up votes for saying it will work with a DVR, which is utter bollocks

      Go to to a comms trade show and visit Nuance and see it in action.

      No I don't work for them and no I don't even use it. But I have seen it, tried it and tested it.

      But I still wouldn't make it the only method, no more than I would a single password.

  2. find users who cut cat tail

    Not again. Voice (as any biometrics) is for recognition, not authentication.

  3. Alfie Noakes
    FAIL

    Dangerous gimmick

    If compromised, you can change your password - but you can't change your voice!

    1. Anonymous Coward
      Anonymous Coward

      Re: Dangerous gimmick

      > but you can't change your voice!

      A kick in the nuts might disprove that one for about half the population. Any volunteers for testing this theory?

      1. Anonymous Coward
        Anonymous Coward

        Re: Dangerous gimmick

        A kick in the nuts might disprove that one for about half the population. Any volunteers for testing this theory?

        Could I volunteer the whole of HSBC's senior management? And can I help?

    2. TitterYeNot

      Re: Dangerous gimmick

      "but you can't change your voice"

      Interesting point - what happens if you phone up when you've got a cold?

      1. davidp231

        Re: Dangerous gimmick

        Or been on the helium.

      2. Anonymous Coward
        Anonymous Coward

        Re: Dangerous gimmick

        Judging by the voice control in my car, the same that happens when you don't have a cold - i.e. fuck all

        1. Lee D Silver badge

          Re: Dangerous gimmick

          Voice control in my 2016 Ford:

          I say: "Play "One Vision"."

          It hears: "Dial Elisa?"

          I gave up after that. It has a touchscreen so I just use that instead.

          And, no, the audio is crystal clear and the road-noise absolutely minimal (i.e. people think I'm in the office when I answer from the car using the same internal mic/speakers).

          The only audio command that I can "almost" get working is "USB - Play All", and that's got about a 90% success rate and the only reason I use it is when a passenger hits the wrong button and it goes onto radio, because it's a bark to get it back especially when you're trying to tell the passenger what to press to do so.

          Even then, I once had the following exchange:

          I say: "USB"

          It heard: "Navigate".

          I haven't even TRIED to get it to recognise Destination Home because it's so finicky on everything else and I've had little success. When you're training YOURSELF to the car system rather than the other way around, you know it's time to just press buttons instead.

          1. AndyS

            Re: Dangerous gimmick

            Ah yes, the Ford voice "recognition". Assuming it's the same style of system as in my 2014 Focus, it would make a decent random number generator for some highly sensitive encryption.

            Did you know the software is produced by Microsoft, incidentally?

            1. Not That Andrew

              Ford voice "recognition" (supplied by Microsoft)

              Probably the same as in their computers & phones, works adequately with a good microphone close to your face. But even then you find yourself training yourself to the software. I'll bet you anything (5p to be precise) Ford didn't bother to install the various regional voice recognition files.

          2. AndrueC Silver badge

            Re: Dangerous gimmick

            The VC in my Honda used to be horribly hit and miss. It could take several minutes of me getting increasingly irate before I finally got it to dial a number. Honda have fixed that in the latest version though.

            Now you can only dial using the touch screen or through phrases you have recorded and attached to contacts.

            But then their oh-so-wonderful infotainment unit has so many bugs that cutting out features seems a wise decision. It comes to something when you pay £18k for a car and sometimes it can't play music for ten minutes because it's struggling to boot.

            Never trust a hardware manufacturer to write software. In this case apparently the head unit is supplied by Pioneer.

          3. Anonymous Coward
            Happy

            Re: Dangerous gimmick

            My Hyundais is crap, just random guesses. But it's not an issue.

            "Phone Cortana."

            9/10 times that one works,

            from then on, happy days. Let the phone do the work.

      3. Wensleydale Cheese
        Unhappy

        Re: Dangerous gimmick

        "what happens if you phone up when you've got a cold?"

        It gives us the modern version of "The cheque's in the post"

        Now what you get to say is "I can't pay 'cos I've got a cold"

  4. Tom Chiverton 1
    Alert

    What could go wrong ?

    My voice is my passport. Verify me.

    1. WraithCadmus
      Happy

      Re: What could go wrong ?

      Now place your bets, is the above commentard a fan of Sneakers, Uplink, or both?

    2. Lyndon Hills 1

      Re: What could go wrong ?

      My voice is my passport. Verify me.

      Played Uplink?

  5. Anonymous Coward
    Anonymous Coward

    won't a recording do?

    It's reasonably easy to splice/dice voice recordings and replicate these steps.

    Reliance on this single metric to authenticate access to banking - and not even just a current balance seems to swing too far to convenience over security to me.

    1. Hollerithevo

      Re: won't a recording do?

      To counteract the chance of being asked something you haven' made a recording for, all you'd need to do is go through the process yourself, making mistakes and seeing what you were asked to say. Then record enough of your victim to get a supply of necessary words, use some cheap music-editing to splice up into responses and off you go.

  6. Anonymous Coward
    Anonymous Coward

    Not impressed with Barclays

    I've only been a Barclays customer for a couple of months and so far I'm not impressed. Features absent from their online service, Indian call centre staff saying "Sorry sir you can't do that online you will have to visit your branch". Long queues in the local branch, the clerk at the bank then not being able to handle my request so needing to make an appointment to see someone at the bank several days later. The clerk at the subsequent appointment having problems with her computer and having to process everything on paper instead and mail it to head office. Duff advice via their call centre from someone with a poor grasp of English and several weeks delay in anything happening resulting in me missing a critical financial deadline. Wonder if I can use voice recognition to tell them where to shove their account as I'm going to close it? They might want to consider investing in the basics of banking and customer service before investing in high-tech features of dubious reliability / security. Anon for obvious reasons.

    1. John P

      Re: Not impressed with Barclays

      Barclays are horrifically backwards in some senses.

      I signed up for an ISA a year ago and the information pack that came through informed me that I could only put money in to that ISA by visiting a branch.

      Screw that, I closed the ISA almost immediately.

    2. Ryan.T.Student

      Re: Not impressed with Barclays

      Barclays are absolute scum. My local branch replaced all their humans with some absolutely crappy machines. Thing is I'll trust a machine to scan my groceries, or to withdraw cash, but to do anything more complicated? No f*cking way. And if you want to talk to a person to do something instead the staff get really arsey about it. Terrible customer service, terrible bank.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not impressed with Barclays

        I've just phoned the person at Barclays we saw three weeks ago, using the number on her business card. The number leads to a nightmare telephone maze, and I ended up stuck in a queue so long that I used the option for them to call me back instead. Half an hour later someone phoned me from India who had to repeat everything several times so I could fathom what he was saying through his heavy accent. Predictably, he couldn't help me and eventually tried to transfer my call back from India to my local Barclays branch to the person who's business card number I'd actually phoned. Stuck waiting for five minutes listening to background music and finally he said all the lines are busy, try phoning them again in a couple of hours or go to my branch in person.

        I was assured my original request would take three days. Three weeks later and nothing, no response and virtually impossible to speak to anyone at Barclays to resolve this. So my options are to try via the nightmare telephone maze and Indian call centre again and have to explain everything from scratch again or to stand in a queue at my local branch for twenty minutes to see the cashier only to be told I need to make an appointment to come back again another day. Barclays bank sucks.

    3. Anonymous Coward
      Anonymous Coward

      Re: Not impressed with Barclays

      They really are a bunch of clown shoes...

      They don't support Google pay, because they think they can do better with their own system, and none of their ping-it, mobile banking apps will have anything to do with a rooted Android device (because "security!")... And then they introduce a daft system like this... Who's advising them on security issues? Some government "expert"?

      1. davidp231

        Re: Not impressed with Barclays

        Rename 'su' - they work fine after that. They identify the Android layer on Jolla phones as a rooted device - renaming or deleting su fixes it - and you use something like devel-su to get superuser access anyway on those so it's no biggy.

      2. Kebablog

        Re: Not impressed with Barclays

        It took a while for Apple Pay support - so maybe next year!

  7. Adrian 4

    "If a customer has forgotten their password, it takes two minutes on average to get through the alternative security measures. Voice Security will speed up this process significantly as well as being more secure, according to Barclays."

    The horror. Two minutes. How can they cope ?

    1. Anonymous Coward
      Anonymous Coward

      2 minutes, few thousand calls a day. Soon adds up.

  8. Chris G

    80]% of all consumers

    Have no feckin' idea what security actually is.

    I have a porcelain pig with a slot in its back and a cork up its arse that gives better banking service than Braclays Bonk!

  9. cmannett85

    "80 per cent of all consumers believe that biometric authentication is more secure than traditional registration"

    So fucking what.

    1. Throatwobbler Mangrove

      A pithy comment.

      1. Stevie

        Pithy

        Bad lisp you have there, Throatwobbler.

    2. VinceH

      I think they're saying that because 80 per cent of people believe it, that means only 20% will realise how stupid that statistic is. Or something.

    3. CustardGannet

      "80 per cent of all consumers believe..."

      "The opinion of 10,000 men is of no value, if none of them know anything about the subject."

      ~ Marcus Aurelius (Roman Emperor, 161-180 CE)

      1. Hollerithevo

        Re: "80 per cent of all consumers believe..."

        Or to quote my favorite 'Chinese' proverb: if a thousand people say a foolish thing, it is still a foolish thing.

        1. Stevie

          Re: "80 per cent of all consumers believe..."

          Maxim 43: If it's stupid and it works, it's still stupid and you're lucky.

        2. John Brown (no body) Silver badge

          Re: "80 per cent of all consumers believe..."

          "Or to quote my favorite 'Chinese' proverb: if a thousand people say a foolish thing, it is still a foolish thing."

          BREXIT!! BINGO!!!

      2. Anonymous Coward
        Happy

        Re: "80 per cent of all consumers believe..."

        also, eat poo as ten million flies can't be wrong

  10. Anonymous Coward
    Anonymous Coward

    This could end the scourge of "banking while drunk"

    Assuming it has as much trouble understanding Drunk Mongo as everyone else, it should mean less starting in outrage at bank statements (only to sadly admit their plausibility). Now if Amazon and Ebay enable it too then I'll have to fall back upon flea markets for cluttering up the house with ill -considered tat.

  11. splodge

    It's a good job a voice is just as unique as a fingerprint:

    https://www.nacdl.org/uploadedFiles/files/resource_center/topics/post_conviction/Cognitive_Issues_in_Fingerprint_Analysis.pdf

    1. Anonymous Coward
      Facepalm

      Perhaps they should use snowflakes? They are also unique. I have a few I collected last winter, in this water bottle for them to analyse... ;)

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like