Is voice biometrics in banking secure enough?

Is voice biometrics in banking secure enough?

Generative AI voice cloning tools only need a minute of voice data–which is often scraped from social media–to create a result that is almost indistinguishable from the original

Apart from going into a branch, calling a bank feels more human for digital-shy consumers. For many, it is the first port of call for making account changes or moving large sums of money. But how safe is voice banking really, and what are the chances of someone using generative AI to fake a consumer’s voice and steal their available funds? As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.

Impersonation attacks continue to increase 

Impersonation is one of the predominant methods fraudsters use to rob consumers. Using identifying information such as personal details or AI-generated voice, criminals can access consumer bank accounts with impunity. According to the Southern African Fraud Prevention Service (SAFPS), impersonation attacks increased by 264% (https://apo-opa.co/3vRJHy3) for the first five months of 2022 compared to 2021.

Gur Geva, founder of iiDENTIfii, explains why. “The technology required to impersonate an individual has become cheaper, easier to use and more accessible. This means that it is simpler than ever before for a criminal to assume one aspect of a person’s identity.”

How voice impersonation works

Voice recognition systems in banking rely on a person saying something aloud, such as a unique catchphrase or password. This is vulnerable to exploitation because synthetic AI-generated voice technology has evolved to such an extent that it is indistinguishable from real voices. According to MIT (https://apo-opa.co/3vQzDW2) and Google (https://apo-opa.co/481DexW), generative AI voice cloning tools only need a minute of voice data–which is often scraped from social media–to create a result that is almost indistinguishable from the original.

The potential of this technology is vast. Microsoft, for example, has recently piloted an AI tool that, with a short sample of a person’s voice, can generate audio in a wide range of different languages. While this has not been released for public use, it illustrates how much voice as a medium can be manipulated.

The appeal of voice recognition in banking

Voice recognition has a multitude of benefits. It is accessible to a diverse range of consumers, who only need a phone line to perform banking tasks. Voice recognition programs can often pick up a voiceprint much faster than a person can type, which streamlines and reduces friction in the banking process for consumers without needing to enter complex passwords.

“Historically, voice biometrics has been seen as an intimate and infallible part of a person’s identity. For that reason, many businesses and financial institutions used it as a part of their identity verification toolbox,” says Geva.

Audio recognition technology has been an attractive security solution for financial services companies across the globe, with voice-based accounting enabling customers to deliver account instructions via verbal commands. Voice biometrics offers real-time authentication, which replaces the need for security questions or even PINs. One of the UK’s biggest banks, for example, integrated Siri to facilitate mobile banking payments without the need to open or log into the banking app. An Abu Dhabi based bank introduces a biometric voice and voice-based authentication platform for e-commerce which uses biometric sensors built into a standard smartphone.

“As voice-cloning becomes a viable threat, financial institutions need to be aware of the possibility of widespread fraud in voice-based interfaces. For example, a scammer could clone a consumer’s voice and transact on their behalf,” says Geva.

Do South African banks need to do away with voice authentication altogether?

Generative AI voice cloning tools only need a minute of voice data–which is often scraped from social media–to create a result that is almost indistinguishable from the original

Not necessarily. Thankfully, banks do not rely on a single form of authentication when performing a transaction. As the threat of cyber fraud grows, a rising number of local banks are investing in cutting-edge, multi-layered biometric authentication protocols.

Geva adds, “Our experience in mitigating fraud and our research into rising AI-enabled cybercrime trends has led us to believe that voice authentication can be made safer if it is bolstered by additional remote digital verification methods. We recommend to banking clients that they adopt multimodel identity verification, especially for sensitive transactions.”

In conclusion, voice biometrics in banking still serves several customers, particularly those who may need access to smartphone apps or in-person banking. While fraud risks abound, voice cloning is less of a threat to the public as it is difficult to roll out at scale as criminals would need to have access to substantial personal information for each target. AI voice cloning technology may be cheaper and more accurate, but, if banks employ up-to-date, enterprise-grade biometric authentication processes, they will be better protected.

Geva concludes, “While identity theft is growing in scale and sophistication, the tools we have at our disposal to prevent fraud are intelligent, scalable and up to the challenge. At iiDENTIFii, we believe that face biometrics remains the strongest form of biometrics, as the face can be matched against a government issued, trusted ID document, whereas a voice cannot. This approach is trusted by our clients, which include five of South Africa’s leading banks.”

We use our own and third-party cookies to enable and improve your browsing experience on our website. If you go on surfing, we will consider you accepting its use.