HSBC’s Voice Recognition Security can be Bypassed With Relative Ease

It is not entirely surprising to learn voice recognition is not necessarily a secure system. HSBC Bank found this out the hard way, as a BBC reporter was successfully able to bypass this security measure altogether. All of this goes to show voice ID authentication for banking services is not the best approach by any means.

BBC Reporter Tricks HSBC Voice Recognition Authentication

It has to be said, these are still the early days for voice recognition authentication. Although some people claim it is the future of banking security, HSBC may want to rethink their plan moving forward. Especially now that one BBC reporter and his twin were successful in bypassing the voice authentication system with relative ease. This is not a good sign for this type of security by any means, that much is certain.

To be more specific, HSBC claims this technology makes a lot of sense because everyone’s voice is unique. That is anything but the case, however, as it is possible to successfully mimic someone else’s voice. Moreover, there are a lot of people who sound virtually the same as someone else, rendering this statement of “unique voices” useless. In fact, one time the BBC reporter’s twin brother mimicked his voice, he successfully gained access to the HSBC bank account.

Thankfully, it appears HSBC has taken the necessary strides to revisit their voice ID authentication system and prevent this from happening in the future. It is unclear what can be done to improve this system, though, as voice authentication will never be a foolproof security measure. Finding the most secure solution to prevent unauthorized bank account access will be troubling, to say the least.

It is equally important to mention this “trick” did not allow the reporter’s twin to withdraw money. HSBC has set up its voice ID authentication system in such a way people can access balance and recent transactions. Unfortunately, it is also possible to transfer money between accounts, which is rather alarming. A lot of damage could be done by successfully bypassing the bank’s voice ID authentication, that much is evident.

That is not the only worrisome part, though. The reporter indicated how his brother had a total of eight tries to get the voice confirmation correct. It is strange to see HSBC not take the necessary precautions to limit the number of attempts to three. Giving people a virtually unlimited amount of tries should never even be a possibility in this day and age. It is possible this limit will be reduced in the future, though. A different report claims how someone was able to fail the authentication a total of 20 times without any repercussions.

All of this goes to show voice authentication should never be considered to be a proper security precaution by any means. While it is true a voice is far better than using a password or PIN code, systems should lock out failed attempts a lot more quickly. Two or three tries should be the absolute maximum at any given time.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.