Brit bank Barclays rolls out speech recognition for telephone banking UK high street bank Barclays is introducing voice recognition for users of its telephone banking service. The roll-out of the technology is designed to provide a more secure alternative to pass-codes and the answers to secrets questions as a means to authenticate consumers accessing telephone banking services. The retail bank …
Voice recognition (as opposed to speech) is really hard -particularly down a crappy noisy narrowband phone line with background noises. Sometimes I struggle to recognise close relatives on the phone.
How it would recognise one speech synthesizer from another I cannot see.
In a nice public place (Grand Central/Paddington) where everyone can hear the 16 digits of your account number.
I should equip myself with a nice microphone/recorder and standby. Shopping for goodies as I go. Wonderful!
Then they will raise my card fees to cover the added fraud that is BOUND to happen.
I don't think so!
Little known fact: Entering the number by keypad is much quicker and takes less compute power than voice recognition. Since it takes less time the costs of the call are less (the bank IS paying for it). So it is cheaper to use the keypad. Of course you don't get the prompts "tell me what you want to do?" that are so vague, you can never tell what it will accept.
p.s. The answer is "Deposit $1,000,000 please."
An organisation I deal with tried something similar. Doesn't work too well when phase distortion is introduced when using VOIP or satellite telephones.
Mind you, it's way more convenient than the HSBC concept of giving everyone a mini-password generator - which sometimes catch fire or they have premature battery failures. HSBC might think they are secure, as might their customers, but then almost every country, including the UK, use AT&T longlines and other global cable services and do their data handling in the USA.
This means that the GFCHQ and NSA can tap the cables, and anyone in the US government can access the data using the warrantless provisions of the US PATRIOT ACT.
Of course, this defeats the whole purpose of security.
It's true, Barclays are well known in the financial IT sector for being about the worst, even in a very conservative "if it works don't fix it" area of the industry. They have many legacy systems based around 1970's mainframe technologies, and their project failure rate is very high when it comes to upgrading them. I know many people on their contractor gravy train there who haven't got anything worthwhile achieved for years. So hopefully they've outsourced this particular implementation to somebody with any clue what they're doing as internally they're pretty third rate....
I fear for access to my money again if the Barclays implementation is as good as the one Yorkshire Building Society use. [I accept this is voice recognition of words/text rather than the voice print but same goes].
The YBS system has no "push the keys on your keypad" alternative and no "push ?? to speak to a person" so you're stuck hoping it will recognise your answers. After three failed attempts to recognise the first of three letters of my password ("J", did you say "G"; "J", did you say "K"; ad nauseum) it then threatened to reset all my authentication details. I hung up before it did so.
When I finally got through to a call centre droid I went ballistic and was told they hadn't had many complaints about it. See icon - I bet people couldn't get through to complain.
Halifax use this kind of system also but it is a "Say the answer or use your keypad" so at least it is optional - for now.
My diction is reasonable, and I didn't have a cold or a strong accent and still it failed. $DIETY help people who have a speech impediment.
My take on this is that with all the loss of information due to sound codecs, noisy environments, different phone models and such, the voice recognition can't be too picky. This tolerance* will in turn make it relatively easy to make a program that can change any voice sample to mimic any customer's voiceprint.
So if this tomfoolery ever catches on, miscreants will be cruising the streets and shopping malls with sound recorders**, in order to capture customers voices and -with a bit of luck- even the security codes themselves. Of course, this last part assumes that the bank asks for the security codes to be spoken aloud (suicidal), instead of being input through the keyboard and then giving the customer a random list of common words to be used in the voice biometrics part.
The next step is using stolen/imported/whatever phones and SIM cards to, probably with the aid of a fat laptop, fool the voice recognition system.
"4: Profit!"
* & **: These two points have been already made by several commentards in this thread.
Most of the comments are confusing Voice Recognition with Speech Recognition. Speech Recognition is where the system tries to understand WHAT the speaker says, or speech-to-text as another way of understanding it.
Voice Recognition, or more accuratley, SPEAKER VERIFICATION, is where the system identifies a caller by the biometric print of their voice. There are 2 types of Speaker Verification: Active detection and Passive detection. Active detection is when you pre-register a phrase with the system, and then repeat that same phrase when calling in so the system can verify you are who you say you are. In Passive detection, the system creates a voice biometric print by capturing your speech during an interaction with a call agent. When you subsequently call again, the system again takes your voice while you're speaking to an agent, and validates that against the stored print. It returns a probabilistic score to the agent, so they can verify you are who you say you are, without having to go through the usual "give me your name, address, postcode, mothers maiden name et al".
Active detection is far more accurate, with some vendors getting 99.9% accuracy (0.01% false negatives/false positives). Passive detection has about 95% accuracy. The normal implementation would be a traffic light system on the agents screen - green=high probability caller is not an imposter, red=high probability caller is an imposter, and amber=agent must ask a few security questions as the score is borderline.
So, going back to my main point, do not confuse this with speech recognition.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
