A BBC reporter is drawing attention to the vulnerabilities of HSBC’s voice authentication system for customer calls, asserting that his non-identical twin brother was able to gain access to his account by mimicking his voice.
Commenting on the matter, the reporter noted that the “really alarming” aspect of the fraud is that the system allowed his brother seven failed attempts before he was able to log in. Another BBC researchers found that the system allowed 20 failed login attempts over the course of 12 minutes.
Responding to the report, HSBC stood by the technology, asserting in a statement that voice authentication “has proven to be more secure than PINs, passwords and memorable phrases.” An unnamed HSBC official, quoted by The Guardian, also noted that a fraternal twin would also likely be able to overcome more traditional security obstacles with intimate knowledge of things like “mother’s maiden name, pet’s name and so on.”
The bank added that it had reviewed its voice authentication system and “made changes to make it even more secure.” Such reassurances could prove important in promoting the system in the US, where it launched last month.
May 29, 2017 – by Alex Perala