Banks Are Offering Voice-Recognition Technology to Replace Passwords

Customers unlock their account by talking to their Amazon Echo and mobile device

24 October 2017

“Alexa: Ask U.S. Bank, ‘What is my balance?’”

More and more banks are offering their customers the option to use voice-activated digital assistants to conduct their banking business.

Last month U.S. Bank became the one of the first to allow customers the ability to use Amazon Echo to access their account. They can ask it to check their balance, obtain the transaction history, and make credit-card payments.

“We’ve all become accustomed to speaking to our devices for simple things, like getting directions to a restaurant or placing a call,” Gareth Gaston, head of omnichannel banking at U.S. Bank, said in a news release. “Now voice services such as Amazon’s Alexa are making it easy to check an account balance or hear a payment-due date without picking up a phone or logging in to Internet banking.”

Computer company NCR announced this month that it would partner with Town and Country Federal Credit Union to create an Amazon Echo skill, an application that lets users securely manage their bank account from the device.

Multinational banks are among the financial institutions experimenting with voice-activated technology to replace passwords.

YOUR VOICE IS YOUR PASSWORD

Barclays Bank customers use their “voiceprint” for identity verification via their mobile device. To verify identity, the service creates a digital profile of the customer’s voice, using data gathered during the course of three phone calls, according to an article in Newsweek.

Mimicking the voice of another person couldn’t trick the system, according to Steven Cooper, head of personal banking at Barclays, who said each person’s voice is unique, like a fingerprint.

When customers call to use the bank’s services, the technology can identify them from the first few words they speak, Cooper said.

Using voice recognition also can speed up the log-in process, eliminating the need to remember a password.

Santander this year updated its SmartBank voiceprint app, according to a news release. Customers now use the voice-recognition technology to make payments and transfer money, and to report lost or stolen ATM and credit cards. The app can read back previous transactions within a certain time frame or from a specific retailer.

“This pioneering technology has a huge potential to become an integral part of the future banking experience, playing a transformational role in the industry and redefining how customers choose to manage their money,” Ed Metzger, Santander’s head of technology and operations in the United Kingdom, told The Telegraph.

THE DOWNSIDES

Although voice recognition might be more secure than a password-based system, it’s not perfect.

HSBC’s banking app allows customers to log in by giving their birthdate and account details and then saying “My voice is my password” into the mobile device. The company says it gauges 100 different characteristics of the human voice to verify a user’s identity.

To test the app’s limits, a customer’s fraternal twin mimicked his brother’s voice and was able to access his accounts. Although the system didn’t let the twin withdraw money, he was able to access balances and transfer money between accounts.

HSBC gives customers multiple attempts to get their voiceprint correct. In the case of the twins, the man tried seven times before gaining access. Researchers from BBC television program Click studied how hackers might breach the app. The app kept letting them try to access an account after they deliberately failed on 20 separate occasions over 12 minutes.

HSBC, which told the BBC it is updating its voice-recognition software, claims the app is still more secure than traditional PINs and passwords.

But unlike with basic authentication, if your biometric password is hacked—whether voice, fingerprint, or facial recognition—it can’t be changed.

NBC News reports that an estimated 22 million people have had their biometric data stolen. For example, a Rand privacy expert’s personal information was stolen at the Office of Personnel Management in 2014, including her 10 fingerprints.

“You can always get a new credit card. You can always create a new password. [It’s] really hard to get new fingers,” IEEE Member Marc Goodman, an advisor to Interpol and the FBI, said in an interview with NBC News. “You only have 10 of them, and once that information leaks, it’s out and there’s nothing you can do.”

Learn More