back to article Hello, Barclays? Why hello, John Smith. We meet again

Barclays is abolishing passwords for its telephone banking customers in favour of voice recognition. The UK high-street bank – which has been trialling voice recognition technology with a limited number of customers for three years since 2013 – said that technology that identifies a caller based solely on their voice is a “ …

  1. Flywheel

    Was it it tested with a DVR?

    They're cheap and the reproduction is great. I'd like to think they'd taken this into account.

    1. Anonymous Coward
      Anonymous Coward

      Re: Was it it tested with a DVR?

      "made up of over 100 characteristics based on the physical configuration of the speaker's mouth and throat."

      Presumably, a speech synthesiser program which has these 100 variables as parameters is relatively straightforward to create.

      In other words: if someone steals your vocal fingerprint, they'll easily be able to login to the bank and issue arbitrary commands. Even if it sounds like a robot, that doesn't matter as long as it convinces the computer at the other side.

      1. Anonymous Coward
        Meh

        Re: Was it it tested with a DVR?

        It's not just your voice, it's patterns and mannerisms as well, so no, cobbling recorded words together won't work.

        Would I trust it?

        Only as part of 2FA.

        1. Anonymous Coward
          Anonymous Coward

          Re: Was it it tested with a DVR?

          "Only as part of 2FA."

          Apparently the Barclays tech and management, team did not watch Star Trek, The Next Generation, where on the episode "Brothers" Commander Data mimics Picard's voice to take control of the ship. After this event, 2FA is implemented with access codes (passwords) on top of the voiceprint recognition.

          Life imitates art, indeed. This won't end well.

      2. Phil O'Sophical Silver badge

        Re: Was it it tested with a DVR?

        Presumably, a speech synthesiser program which has these 100 variables as parameters is relatively straightforward to create.

        It is, but these are variables, each can take a wide range of values, so the possible combinations are huge.

        Even so, it's a crap idea. Getting speech recognition to work over the compression and distortion of POTS or VoIP phone lines is non-trivial, and often involves substantial watering-down of algorithms, which makes faking the pattern easier.And as already pointed out, this is useful for recognizing the person (i.e. the equivalent of a username) but it should never be used for authentication (a password). If I had a Barclay's account I'd cancel the telephone banking service now.

        Anyone care to take bets on how long before the first exploit is published?

        1. AMBxx Silver badge
          Coat

          Anyone care to take bets on how long before the first exploit is published?

          Then we can look forward to voice recognition AND remembering a password!

          1. Captain DaFt

            Re: Anyone care to take bets on how long before the first exploit is published?

            "Then we can look forward to voice recognition AND remembering a password!"

            BVR:"Hello, Your voice identifies you as Captain DaFt. Please enter your password to continue."

            Me:" Uh.... Dammit, I can never remember that damned thing!"

            BVR:"Password confirmed as matching previous entries, you may continue."

            Me: "Whaa!?"

        2. Terry Cloth

          Bandwidth

          distortion of POTS or VoIP phone lines

          To say nothing of the 300--3k Hz limitation of the voice system. It would be interesting to know the fidelity of the equipment used to develop voice recognition.

    2. The Man Who Fell To Earth Silver badge
      FAIL

      Each person’s voice is as unique as their fingerprint...

      Which means once stolen, it remains stolen forever after.

      What could possibly go wrong?

    3. Anonymous Coward
      FAIL

      Re: Was it it tested with a DVR?

      I love how I get 2 down votes and people who have never seen this in action get the up votes for saying it will work with a DVR, which is utter bollocks

      Go to to a comms trade show and visit Nuance and see it in action.

      No I don't work for them and no I don't even use it. But I have seen it, tried it and tested it.

      But I still wouldn't make it the only method, no more than I would a single password.

  2. find users who cut cat tail

    Not again. Voice (as any biometrics) is for recognition, not authentication.

  3. Alfie Noakes
    FAIL

    Dangerous gimmick

    If compromised, you can change your password - but you can't change your voice!

    1. Anonymous Coward
      Anonymous Coward

      Re: Dangerous gimmick

      > but you can't change your voice!

      A kick in the nuts might disprove that one for about half the population. Any volunteers for testing this theory?

      1. Anonymous Coward
        Anonymous Coward

        Re: Dangerous gimmick

        A kick in the nuts might disprove that one for about half the population. Any volunteers for testing this theory?

        Could I volunteer the whole of HSBC's senior management? And can I help?

    2. TitterYeNot

      Re: Dangerous gimmick

      "but you can't change your voice"

      Interesting point - what happens if you phone up when you've got a cold?

      1. davidp231

        Re: Dangerous gimmick

        Or been on the helium.

      2. Anonymous Coward
        Anonymous Coward

        Re: Dangerous gimmick

        Judging by the voice control in my car, the same that happens when you don't have a cold - i.e. fuck all

        1. Lee D Silver badge

          Re: Dangerous gimmick

          Voice control in my 2016 Ford:

          I say: "Play "One Vision"."

          It hears: "Dial Elisa?"

          I gave up after that. It has a touchscreen so I just use that instead.

          And, no, the audio is crystal clear and the road-noise absolutely minimal (i.e. people think I'm in the office when I answer from the car using the same internal mic/speakers).

          The only audio command that I can "almost" get working is "USB - Play All", and that's got about a 90% success rate and the only reason I use it is when a passenger hits the wrong button and it goes onto radio, because it's a bark to get it back especially when you're trying to tell the passenger what to press to do so.

          Even then, I once had the following exchange:

          I say: "USB"

          It heard: "Navigate".

          I haven't even TRIED to get it to recognise Destination Home because it's so finicky on everything else and I've had little success. When you're training YOURSELF to the car system rather than the other way around, you know it's time to just press buttons instead.

          1. AndyS

            Re: Dangerous gimmick

            Ah yes, the Ford voice "recognition". Assuming it's the same style of system as in my 2014 Focus, it would make a decent random number generator for some highly sensitive encryption.

            Did you know the software is produced by Microsoft, incidentally?

            1. Not That Andrew

              Ford voice "recognition" (supplied by Microsoft)

              Probably the same as in their computers & phones, works adequately with a good microphone close to your face. But even then you find yourself training yourself to the software. I'll bet you anything (5p to be precise) Ford didn't bother to install the various regional voice recognition files.

          2. AndrueC Silver badge

            Re: Dangerous gimmick

            The VC in my Honda used to be horribly hit and miss. It could take several minutes of me getting increasingly irate before I finally got it to dial a number. Honda have fixed that in the latest version though.

            Now you can only dial using the touch screen or through phrases you have recorded and attached to contacts.

            But then their oh-so-wonderful infotainment unit has so many bugs that cutting out features seems a wise decision. It comes to something when you pay £18k for a car and sometimes it can't play music for ten minutes because it's struggling to boot.

            Never trust a hardware manufacturer to write software. In this case apparently the head unit is supplied by Pioneer.

          3. Anonymous Coward
            Happy

            Re: Dangerous gimmick

            My Hyundais is crap, just random guesses. But it's not an issue.

            "Phone Cortana."

            9/10 times that one works,

            from then on, happy days. Let the phone do the work.

      3. Wensleydale Cheese
        Unhappy

        Re: Dangerous gimmick

        "what happens if you phone up when you've got a cold?"

        It gives us the modern version of "The cheque's in the post"

        Now what you get to say is "I can't pay 'cos I've got a cold"

  4. Tom Chiverton 1
    Alert

    What could go wrong ?

    My voice is my passport. Verify me.

    1. WraithCadmus
      Happy

      Re: What could go wrong ?

      Now place your bets, is the above commentard a fan of Sneakers, Uplink, or both?

    2. Lyndon Hills 1

      Re: What could go wrong ?

      My voice is my passport. Verify me.

      Played Uplink?

  5. Anonymous Coward
    Anonymous Coward

    won't a recording do?

    It's reasonably easy to splice/dice voice recordings and replicate these steps.

    Reliance on this single metric to authenticate access to banking - and not even just a current balance seems to swing too far to convenience over security to me.

    1. Hollerithevo

      Re: won't a recording do?

      To counteract the chance of being asked something you haven' made a recording for, all you'd need to do is go through the process yourself, making mistakes and seeing what you were asked to say. Then record enough of your victim to get a supply of necessary words, use some cheap music-editing to splice up into responses and off you go.

  6. Anonymous Coward
    Anonymous Coward

    Not impressed with Barclays

    I've only been a Barclays customer for a couple of months and so far I'm not impressed. Features absent from their online service, Indian call centre staff saying "Sorry sir you can't do that online you will have to visit your branch". Long queues in the local branch, the clerk at the bank then not being able to handle my request so needing to make an appointment to see someone at the bank several days later. The clerk at the subsequent appointment having problems with her computer and having to process everything on paper instead and mail it to head office. Duff advice via their call centre from someone with a poor grasp of English and several weeks delay in anything happening resulting in me missing a critical financial deadline. Wonder if I can use voice recognition to tell them where to shove their account as I'm going to close it? They might want to consider investing in the basics of banking and customer service before investing in high-tech features of dubious reliability / security. Anon for obvious reasons.

    1. John P

      Re: Not impressed with Barclays

      Barclays are horrifically backwards in some senses.

      I signed up for an ISA a year ago and the information pack that came through informed me that I could only put money in to that ISA by visiting a branch.

      Screw that, I closed the ISA almost immediately.

    2. Ryan.T.Student

      Re: Not impressed with Barclays

      Barclays are absolute scum. My local branch replaced all their humans with some absolutely crappy machines. Thing is I'll trust a machine to scan my groceries, or to withdraw cash, but to do anything more complicated? No f*cking way. And if you want to talk to a person to do something instead the staff get really arsey about it. Terrible customer service, terrible bank.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not impressed with Barclays

        I've just phoned the person at Barclays we saw three weeks ago, using the number on her business card. The number leads to a nightmare telephone maze, and I ended up stuck in a queue so long that I used the option for them to call me back instead. Half an hour later someone phoned me from India who had to repeat everything several times so I could fathom what he was saying through his heavy accent. Predictably, he couldn't help me and eventually tried to transfer my call back from India to my local Barclays branch to the person who's business card number I'd actually phoned. Stuck waiting for five minutes listening to background music and finally he said all the lines are busy, try phoning them again in a couple of hours or go to my branch in person.

        I was assured my original request would take three days. Three weeks later and nothing, no response and virtually impossible to speak to anyone at Barclays to resolve this. So my options are to try via the nightmare telephone maze and Indian call centre again and have to explain everything from scratch again or to stand in a queue at my local branch for twenty minutes to see the cashier only to be told I need to make an appointment to come back again another day. Barclays bank sucks.

    3. Anonymous Coward
      Anonymous Coward

      Re: Not impressed with Barclays

      They really are a bunch of clown shoes...

      They don't support Google pay, because they think they can do better with their own system, and none of their ping-it, mobile banking apps will have anything to do with a rooted Android device (because "security!")... And then they introduce a daft system like this... Who's advising them on security issues? Some government "expert"?

      1. davidp231

        Re: Not impressed with Barclays

        Rename 'su' - they work fine after that. They identify the Android layer on Jolla phones as a rooted device - renaming or deleting su fixes it - and you use something like devel-su to get superuser access anyway on those so it's no biggy.

      2. Kebablog

        Re: Not impressed with Barclays

        It took a while for Apple Pay support - so maybe next year!

  7. Adrian 4

    "If a customer has forgotten their password, it takes two minutes on average to get through the alternative security measures. Voice Security will speed up this process significantly as well as being more secure, according to Barclays."

    The horror. Two minutes. How can they cope ?

    1. Anonymous Coward
      Anonymous Coward

      2 minutes, few thousand calls a day. Soon adds up.

  8. Chris G

    80]% of all consumers

    Have no feckin' idea what security actually is.

    I have a porcelain pig with a slot in its back and a cork up its arse that gives better banking service than Braclays Bonk!

  9. cmannett85

    "80 per cent of all consumers believe that biometric authentication is more secure than traditional registration"

    So fucking what.

    1. Throatwobbler Mangrove

      A pithy comment.

      1. Stevie

        Pithy

        Bad lisp you have there, Throatwobbler.

    2. VinceH

      I think they're saying that because 80 per cent of people believe it, that means only 20% will realise how stupid that statistic is. Or something.

    3. CustardGannet

      "80 per cent of all consumers believe..."

      "The opinion of 10,000 men is of no value, if none of them know anything about the subject."

      ~ Marcus Aurelius (Roman Emperor, 161-180 CE)

      1. Hollerithevo

        Re: "80 per cent of all consumers believe..."

        Or to quote my favorite 'Chinese' proverb: if a thousand people say a foolish thing, it is still a foolish thing.

        1. Stevie

          Re: "80 per cent of all consumers believe..."

          Maxim 43: If it's stupid and it works, it's still stupid and you're lucky.

        2. John Brown (no body) Silver badge

          Re: "80 per cent of all consumers believe..."

          "Or to quote my favorite 'Chinese' proverb: if a thousand people say a foolish thing, it is still a foolish thing."

          BREXIT!! BINGO!!!

      2. Anonymous Coward
        Happy

        Re: "80 per cent of all consumers believe..."

        also, eat poo as ten million flies can't be wrong

  10. Anonymous Coward
    Anonymous Coward

    This could end the scourge of "banking while drunk"

    Assuming it has as much trouble understanding Drunk Mongo as everyone else, it should mean less starting in outrage at bank statements (only to sadly admit their plausibility). Now if Amazon and Ebay enable it too then I'll have to fall back upon flea markets for cluttering up the house with ill -considered tat.

  11. splodge

    It's a good job a voice is just as unique as a fingerprint:

    https://www.nacdl.org/uploadedFiles/files/resource_center/topics/post_conviction/Cognitive_Issues_in_Fingerprint_Analysis.pdf

    1. Anonymous Coward
      Facepalm

      Perhaps they should use snowflakes? They are also unique. I have a few I collected last winter, in this water bottle for them to analyse... ;)

  12. KroSha

    Wrong biometeric

    Nationwide have added TouchID to their iOS app. Touch isn't great and at least this is an alternative to the usual PIN. But voice just seems the most variable biometric to choose. What if you've a cold. Or it's windy, Or you're on a train. Or haven't good signal. Or are in a car...

    1. Ryan.T.Student

      Re: Wrong biometeric

      Not to mention the sound quality on a typical phone call is piss-poor.

  13. Stevie

    Bah!

    But gosh, didn't that Jason Bourne chap defeat just such a system with only a pocket voice recorder?

    1. Locky

      Re: Bah!

      Borne? Pah

      Ferris Bueller had this sorted back in the 80's. And then took the day off

  14. israel_hands

    So much bullshit in that article. A pity the only "expert opinions" are from people who make money out of biometrics. Should have sought opinions from people who a) know something about security and b) don't have a dog in the fight.

    As to the claim that people have over 100 passwords for different accounts, that's straight up bullshit. He needs to justify that ridiculous statement with some actual evidence. Most people I know probably have about 3 passwords across maybe 20 accounts/devices.

    The biggest problem with this is that biometrics are the equivalent of a username, not a password, and yet time and again these companies insist on getting that point wrong.

    The big danger here is that as this becomes more and more routine everyone starts using it. At which point all I've got to do is hack the server at Tony's Kebab Hut which is poor securely and unencrypted because they bought some off-the-shelf system from a cheap provider. At that point the venn diagram of kebab fans and Barclays customers becomes very useful for side-channel attacks.

    It used to be said that defending your data was a full-time thing and the attackers only had to get lucky once. As idiot companies jump on the shiny bandwagon of biometrics that's still true, but after the attackers get lucky once, you're compromised forever.

  15. Mike Shepherd
    Happy

    Cheered up my day

    "Each person's voice is as unique as their fingerprint...Therefore, when a customer calls up...the technology will be able to identify them...".

    "Barclays voice recognition technology...has been "fully tested".

    You couldn't make this stuff up. Do you think they really believe it?

  16. Anonymous Coward
    Holmes

    So this goes live

    ... and suddenly becomes a great big target. That'll be when it gets real testing. I think my adult male family members (dad, brothers, older nephew) could easily be confused with me and/or each other over the 'phone. Lots of characteristic mannerisms in the upbringing.

    Any trained Thespians here? Your perspective would be interesting: how much can a trained voice do over and above the rest of us?

  17. Anonymous Coward
    Anonymous Coward

    If it works as well as the voice control on my car or iPhone (which is to say with a 95-99% failure rate) I can see this being a great step.

    Of course I gave up on Barclays about 20 years ago because of their complete ineptitude, so it make no difference to me.

    What the hell is wrong with proper 2FA like every other secure service in the damn world?

  18. Lee D Silver badge

    Abandoned Barclays years ago.

    In fact, I've been through most of the High Street banks. I've had run-ins with NatWest, Barclays, HSBC, etc. They just don't want my money, I can tell.

    But Barclays was an especial "piss off" on several occasions.

    A Barclays cheque, in my name, sent to my uni for my grant, from a government Barclays account, trying to put it into my Barclays account, in the in-university branch of Barclays (to the exclusion of all other banks because they'd obviously "bought" the uni). And they refused. Apparently I'd need ID to do that. And wait a week for clearance (I tell you what, I won't ID, you put it in and if in a week's time it's not been bounced, we'll call it okay, yes?).

    I blacklisted them after that.

    The hoops I've had to jump through for Internet banking for them (same reason I scrapped NatWest who at the time only supported IE4/5/6 and not Netscape at all - shows my age - because "it's more secure"!). And I wouldn't touch them because of the Android Pay refusal and the issues my colleague has with them trying to get into their account (You'd think an IT guy would be able to login without forgetting passwords, passcodes, etc.? Maybe it's just your system, and the four-day "go to your branch" debacle every time he needs it reset because it doesn't work).

    Sorry, but if I had an account with them, I'd be removing it for this stupidity. Voice recognition may shortcut the "who are you" but it cannot ever provide the "prove it" section of actual authentication. And, hell, state-of-the-art voice recognition systems in the latest gadgets, on the bank phone lines and other places can't get my name right 5 times out of 10, barely understand one-word requests from a list of options, and have no idea how to interpret Cockney accents, run-on sentences, or even slight noise on the line. The false-positives must be unbelievable. Let alone trying to identify WHO I am. Hell, half my work colleagues that see me day in, day out can't do that - my colleague and I are constantly answering the phone and people think they are talking to the other one of us.

    I'm honestly considering moving my account again at the moment because an online savings account I set up has been so wonderfully simple and easy to use, even online, even with smartphone apps, etc. that I'm that impressed I want to give them my money over the current idiots. But that's mainly because the current idiots talked me in circles when I lost their secure login keypad thing and told me to "just go onto online banking, log in (with the keypad I don't have) and order a new one". Now why didn't I think of that?!

    But Barclays? Wow, they were on the blacklist before I even left university. Not quite as bad as HSBC who literally laughed in my wife-at-the-time's face when we asked for a mortgage. So we went next door to the branch where a guy sold us one at a better rate with no faffing at all and we paid every month, on-time, in full and when we sold that house, the increase in value paid that sucker off in full - with all the interest, and some profit. Amazing what non-shite customer service can do for your business.

    1. Anonymous Coward
      Anonymous Coward

      "Abandoned Barclays years ago....

      ....In fact, I've been through most of the High Street banks. I've had run-ins with NatWest, Barclays, HSBC, etc"

      You've still no clue what the common denominator might be then?

      1. Lee D Silver badge

        Re: "Abandoned Barclays years ago....

        Are you suggesting me?

        Apparently banks no longer want me to put all my salary into their accounts, spend 90% of it on bills that I pay every month, never ring them, never bother them, don't even use ATMs (don't use cash at all), never visit a branch (I do everything online), never phone them (waste of time and I can do what I want online when it works), don't care about interest on my savings or any such restrictive pittance and will quite happily pay a reasonable monthly fee to achieve this? Quite where are they expecting to get money from then, as a high street bank? Hell, I don't even want them to print anything out. I just want them to hold a number and then send fractions of that number to other banks as required.

        Honestly, all I want is my wages in, my bills out, be able to edit the bill's account number and amount and add new ones, and a card that works in most shops and online (which I can get for a pittance on a PAYG basis with any card company you can name). I don't see that's asking a lot from a bank, like it's never been.

        I'd like to do that without being a) literally laughed out of the branch for asking for a mortgage that I was given in the next shop along without question, b) treated like a moron when it comes to simple things (contesting a £50 fee because they deliberately withheld paying a cheque (the ONLY cheque that was ever delayed in processing to the full extent they allow) to let a £10 transaction go through and charge me £50 for doing that. I'd rather they just refused the £10 transaction entirely), c) treated like a influent foreigner every time I phone up my own bank to ask about something out of the ordinary, d) treated like a criminal every time I want to log in and their system is down so I have to jump through the security hoops, e) treated like a robot every time I visit a branch and made to stand in line to press buttons on a machine that I could have done from home.

        Hell, my current bank STILL send me a letter every month congratulating me on choosing paperless billing. On paper. In an envelope. Franked and posted. Every month. For the last three years.

        I'd pay good money to have a bank that was just a bank and really didn't care. I don't ask for credit. I don't phone up and cause lots of hassle. I don't cash cheques, or withdraw cash from ATMs, or do complicated investments and share portfolios. I just want a Visa / Mastercard that works, that takes the numbers off my account, that takes my salary and puts the numbers back on my account, and that lets me log into a website to see the numbers. I don't think that's a lot to ask for, but apparently almost every bank I've ever had can't manage that with any consistency.

        1. Anonymous Coward
          Anonymous Coward

          Re: Lee D

          You hit the nail on the head. They do not want to provide a service. There is no[t enough] money in that. They wish to sell you. Not even sell a product to you any more, they just want all your money in their pockets. If there is a guise of a product, then perhaps they may suggest one, but if they can get it through other means, they will try.

        2. John Brown (no body) Silver badge

          Re: "Abandoned Barclays years ago....

          " I don't ask for credit."

          There's your problem. You don't earn them enough money. Salary in, bills out, no debt. That's all the signs of the worst possible customer to the big high street banks. The WANT you to be in debt and taking their credit and paying them interest. This is why they are all trying their damnedest to get customers to "upgrade" their free current accounts for new, "better" current accounts that include silly and pointless extras such has low grade travel insurance and memberships of wine clubs etc, all for a low, low monthly fee.

      2. Not That Andrew

        Re:common denominator

        They are all high street banks? Perhaps the slightly non crap one was still a building society until recently?

    2. Hollerithevo

      Co-op

      I find the Co-op to be pretty good. They did send me a device, but I don't need this to log in and do basic banking, only to set up new direct debits and such-like which I can have them do by calling up their very pleasant UK call-centre staff. Everything gets done in a jiffy on the phone. I do not work for them, I am just a satisfied customer.

  19. You aint sin me, roit

    Isn't the whole point of smartphone banking...

    ... that you don't have to talk to anybody?

  20. Bob Dole (tm)
    Mushroom

    bad bad idea

    I worked at a telephony shop not that long ago. We tested using voice identification, instead of using passwords, just on our internal voice mail system.

    During the time we tested it, I was able to get access to every single C- level execs voice mail simply by mimicking their voice. When I demonstrated this during a meeting the whole concept was quickly dumped. Now, it only worked about 6 out of 10 attempts but that degree of success is incredibly high and certainly high enough to make the attempts worthwhile. To be clear, that's 6 out of 10 times of attempting to imitate Bob.

    I'm not an "impressionist" by any stretch of the imagination. However, it doesn't take an Einstein to realize that there are probably quite a few people with those skills...

    Personally, I think biometrics in general is a bad idea. Although I can certainly understand our desire to uniquely identify a single person, the fact is that these things can be faked with a high degree of confidence and shouldn't be used in a vacuum.

  21. James Wheeler

    Whoa now, fellow commentards

    If Barclays have been testing this for several years before deciding to roll it out, then give them a little credit for having cause to believe it will work. An authentication session that takes two minutes might well require the customer to repeat random phrases, so DVR recordings of subject being spoofed would be useless.

    As for voiceprint corruption from VOIP losses, etc: Even if this does turn out to be a problem, the effect will be a false negative, and worst case you'll have to authenticate some less convenient way.

    I for one am quite interested in hearing of alternatives to passwords. If this does actually work, we'll probably see a lot more of it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Whoa now, fellow commentards

      The time spent and Barclays claims have zero effect on reality. The proof is in the pudding.

      I won't downvote you, but if this is used for anything more than identification (and even then that is risky) then it is very dangerous and error prone.

      As posted lower down, even the Banks suggest not using such systems internally and externally in their own training material.

    2. John Brown (no body) Silver badge

      Re: Whoa now, fellow commentards

      "An authentication session that takes two minutes might well require the customer to repeat random phrases, "

      The two minutes refers to how long it takes a phone banking customer who's forgotten their password to get through the alternative security protocols.

      In fact, in the article, Barclays says "the technology will be able to identify them simply from the first few words that are spoken,", so possibly less than a second or two to authenticate by voice.

    3. sabroni Silver badge

      Re: Even if this does turn out to be a problem, the effect will be a false negative

      Will it? What makes you believe that?

      This will never be an alternative to a password, it's an alternative to a user name. That's the fundamental problem with this approach.

  22. Baldy1138

    I hope crooks don't have access to some kind of crazy voice-recording technology.

    1. Dan 55 Silver badge

      And don't, say, ring you up pretending to be your bank or something.

      They would never do that.

      1. Anonymous Coward
        Anonymous Coward

        Wow, that is a massive security risk... I can think of a method right this second.

  23. Number6

    Recognition?

    So this is recognition as in identifying who you are, not recognition as in understanding what you're saying? I hate systems that attempt the latter, they don't like my voice at all. Contrast this with my wife, who breezed through the whole thing after I failed repeated attempts.

    I think it was UFO where they had voice recognition in the room-lift that took people down to SHADO HQ and I think it was Foster who never bothered giving his name for the voice ID but quoted a bit of poetry.

  24. Anonymous Coward
    Facepalm

    Security 101

    I'm not sure if this post will be buried under all the others, but since the day dot of telephone banking, security training has been "don't go by voice recognition alone".

    Even Mr Mannering may have demonstrated how Mr/Miss Smith Jr sounds an awful lot like Mr/Mrs Smith Sr!

    The best part of those calls, was waiting until the end to catch them and asking "Thank you Mr Smith, can I please have your Dad's card number for security..." With the response "Yes, his number is... oh **** [sound of phone being slammed down]!"

  25. Chris G

    A little light reading

    http://resources.infosecinstitute.com/security-vulnerabilities-of-voice-recognition-technologies/

    From the article at Infosec:

    " The users of voice recognition software, such as “Siri” or “Google Now”, can easily enhance their own security by regularly removing the headphones from their devices and creating own custom words that can be used for launching their software."

    Sooo, something like passwords!

  26. Anonymous Coward
    Meh

    Barclays Bank

    I had no problem with that Bank, but as a vanilla wage slave with no business add ons / and a tendency not to use telephone banking, pingit or similar systems I suppose I wouldn't.

    However, when the ISA I had with them ceased to provide a return against even the low inflation now existing the method of removal was so... that I ended leaving £1 in it and walked away - I probably owe them money now. if I could be bothered to check.

  27. Cab
    Flame

    I don't hate my family so I won't use Barclays

    Barclays are bastards. Yeah I know all banks have their problems but we've (my family) been unfortunate to have a couple of deaths in the family over the last couple of years and every other bank we've dealt with (Natwest, Co-op, Lloyds) have been professional and at least shown some human decency but not Barclays. Barclays do not deal with deaths in branch offices face to face you have to ring up a call centre. They emptied my brother's partner's account as they had an unsecured loan with them (no Barclays, you do not get paid before HMRC), took months to give account information, delayed payment for funeral expenses, only reversed actions that were illegal when threatened with the banking ombudsman and were generally as utterly obnoxious to deal with as they could possibly be.

    1. Jsullo27

      Re: I don't hate my family so I won't use Barclays

      Sadly, Barclays in its wisdom made all the staff redundant back in the 90/2000 who actually could be classed as bankers.there is no.one in the branches today who have general banking knowledge to pass on. But hey, does Barclays or any other bank care. Of course not. It's all about TheMoney. But as we read daily, the amount of fines paid by Barclays and the other High Street banks for the incompetence of the staff it now employs is proof that a little bit of knowledge is a dangerous thing,but training and experience keeps the customers happy.

  28. JaitcH
    FAIL

    HSBC had it in place years ago, and they still think my P.A. is me

    Like all good techs, and university professors, they like to toot their horn and praise their technical prowess.

    So it was with HSBC when they started pulling e-mail addresses and pushing voice calls. I chatted with one of their operators and she said they were experimenting with 'voice id' instead of the lists of questions.

    Anyone who has used Nuance Dragon software are very familiar with what can go wrong.

    It is possible to emulate another persons voice, borrowing from the Moog synthesiser crowd, and now my PA, a female, is able to impersonate me very well, electronically. On one test we started off with my voice and over a period of 2-3 minutes we slowly morphed from my simulated voice to her natural voice.

    Eventually something clicked at the HSBC end and she said "But you are not ..." at which point we flicked back to the simulation. The woman said there is something very wrong because "our equipment is 'infallible'!"

    Voice ID suffers from all the usual imperfections of distortion, phase distortion, clicks, etc. You name it.

    The real danger is the banks will start saying their equipment is PERFECT and the person who sucked your account dry was YOU! And then they will try to stick you with the losses.

  29. Jsullo27

    I worked for Barclays from 1967 -2000. We always used voice recognition. We knew our customers!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like