Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Tuesday August 02 2016, @01:10PM   Printer-friendly
from the don't-get-a-cold dept.

Barclays will start identifying customers with voice recognition technology this week, slashing the need for customers to answer a series of questions to gain access to their accounts on the telephone.

The move represents the latest step in the industry to abolish passwords, moving to technologies which banks believe are more convenient for customers as well as more secure.

First Direct took a similar step earlier this year, while Lloyds Banking Group has experimented with a system online which can recognise customers' typing patterns to deny fraudsters access to accounts.

Source: The Telegraph


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by theluggage on Tuesday August 02 2016, @02:18PM

    by theluggage (1797) on Tuesday August 02 2016, @02:18PM (#383139)

    But how would the scammers get a recording of your voice.... unless...

    Ring! Ring! Click "Hello?"

    "Hello, this is Barclays. Pleasing could you be confirms your name?"

    "Er, Fred Blogs..."

    "And pleasing could you be confirms your full e-banking password..."

    "Oh yeah? Really? Honestly, you stupid scammers do you really think I was born yesterday? You could at least learn to speak bloody English properly before calling - anyway, Barclays aren't using passwords any more they've got this clever new voice recog... aw, shit!"

    Bzzt... "Thankings you. Voice sample completed. Be having nice days..."

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Funny) by art guerrilla on Tuesday August 02 2016, @05:34PM

    by art guerrilla (3082) on Tuesday August 02 2016, @05:34PM (#383215)

    aha! fooled you, i used my dog barking as the passphrase ! !!
    fido ?
    um, fido, are you okay, fella ?
    uh, speak, fido, speak !

  • (Score: 3, Informative) by bob_super on Tuesday August 02 2016, @07:42PM

    by bob_super (1357) on Tuesday August 02 2016, @07:42PM (#383279)

    Why would they call you?
    You are always carrying a poorly-secured microphone which is always listening.

  • (Score: 2) by TheRaven on Wednesday August 03 2016, @09:43AM

    by TheRaven (270) on Wednesday August 03 2016, @09:43AM (#383548) Journal

    "Hello, this is Barclays. Pleasing could you be confirms your name?"

    For anyone who is wondering, yes Barclays does cold call their customers and has no mechanism in place for the customer to verify that it really is Barclays that is calling, until after the customer has provided verification information to whoever calls and claims to be from Barclays. And they seem surprised every time when you ask a random stranger on the other end of a telephone line to provide some evidence that they actually are employed by your bank.

    --
    sudo mod me up
    • (Score: 2) by theluggage on Wednesday August 03 2016, @01:20PM

      by theluggage (1797) on Wednesday August 03 2016, @01:20PM (#383582)

      For anyone who is wondering, yes Barclays does cold call their customers and has no mechanism in place for the customer to verify that it really is Barclays that is calling,

      Buh...buh..but they're currently running TV adverts in the UK saying that they won't ever do this :-)

      I don't use Barclays, but I've had this with other banks. Technically, they won't ask you for your full PIN or password - but they don't seem to comprehend the possibility of any sort of "social engineering" attack less blatant than asking for your full password/PIN. If my mobile rings when I'm in the middle of something else I don't even trust myself to win a mental gymnastics competition against a scammer - and I'm hardly the most gullible customer out there.

      The only unsolicited message you should ever receive from your bank is "Please call us back using the number on your bank statement" - and everybody with an account should have been forced to read that and sign it.... but, oh my, that might stop them phoning you up with important marketing messages...

      Other things - like making sure the URL, the name on the SSL certificate and the extended ID on their web page actually look like they belong to the same bank - also seem to elude them.

      Mind you, my employer still sends round emails saying (approximately) "We have been informed about phishing emails asking you to confirm your login details. If you have responded to one of these please [click here] to reset your password." Seriously. How can anybody even type that without their brain melting?

      Also, can we please ban sites from collecting "personal insecurity questions" like "What was the maiden name of your grandmother's first car"? Do I risk using easily-discoverable true information, or should I have to record 6 extra custom answers for every entry in my password manager? Implement proper two-factor authentication you lazy gits - and if I'm careless enough to forget my password you have my permission to put me to the reasonable inconvenience/cost of re-establishing my ID.