Barclays is to introduce voice recognition for users of its telephone banking service.
In a new effort to move away from the use of passwords, the voice recognition system will verify customers based on their speech patterns and will be offered initially to Barclay’s Wealth customers, and then to its 12 million customers early next year, according to the Telegraph.
The system stores a recording of a customer’s “voiceprint” and future calls will involve a brief conversation with a customer service agent, during which time the voice biometrics will be verified. According to Computer World, the technology uses the FreeSpeech voice biometrics system from Nuance.
In an email to IT Security Guru, Tony Seymour from Sestus said that biometric data is generally very secure and a person’s voice is very difficult to impersonate, so from a user/ client perspective this could be an excellent way of accessing banking details.
He said: “However this seems to be a solution that will work successfully in a private environment, i.e. your home, but not so successfully on the mainline train. Do you want everyone to hear your conversation with Barclays however obscure it might be?
“Also, this solution is only as good as the underlying security at Barclays. The information used to identify the biometric and the associated systems must be kept 100 per cent secure. Whilst it is relatively easy to change your password and Pin, it is not at all easy to change your voice biometric details. Will Barclays assure its customers that its systems are 100 per cent secure? Once your voice biometric is stolen then it is gone forever.”
Jason Hart, VP of cloud solutions at SafeNet, said: “While biometrics can provide a convenient and alternative security mechanism, it should not be used as a single-factor authentication solution. This is partly because of the fact that biometrics are not based on secrets. Your voice, your image and your fingerprint are not a secret. You leave them everywhere and they can be spoofed, with different levels of effort. So it’s important that they are used as part of a multi-factor authentication strategy.”
Chris England, director at Okta, said: “The move to abolish passwords will no doubt be welcomed by customers. Today we have so many passwords to remember, all of which have different requirements and expiration cycles. As a result, most of us suffer from ‘password fatigue’ where we use obvious or reused passwords often written down on Post-it notes or saved in Excel files on laptops.”
“We’ve reached a point where usernames and passwords alone are no longer good enough. We’ve long had single sign-on technologies to remove the complexity of remembering multiple passwords, but what if someone else gets a hold of that single username and password? Not surprisingly, multi-factor authentication– which requires two or more factors to verify legitimacy of the user – has taken off and evolved pretty substantially in the past decade and we’re now seeing authentication methods becoming as personalised and specific to the individual as the experiences they’re trying to access.”