The BBC have managed to shoot holes in HSBC's claims that their voice recognition system is secure.
BBC Click reporter Dan Simmons set up an HSBC account and signed up to the bank's voice ID authentication service.
HSBC says the system is secure because each person's voice is "unique".
However, HSBC let Dan Simmons' non-identical twin, Joe, access the account via the telephone after he mimicked his brother's voice.
The bank said it would "review" ways to make the ID system more sensitive following the BBC investigation.
HSBC introduced the voice-based security in 2016, saying it measured 100 different characteristics of the human voice to verify a user's identity.
Customers simply give their account details and date of birth and then say: "My voice is my password".
Although the breach did not allow Joe Simmons to withdraw money, he was able to access balances and recent transactions, and was offered the chance to transfer money between accounts.
To add insult to inury, HSBC allowed him seven attempts to mimic his brother's voiceprint and get it wrong, before he got in at the eighth time of trying!
No comments:
Post a Comment