Stories
Slash Boxes
Comments

SoylentNews is people

Barclays to Abolish Passwords for Phone Banking

posted by cmn32480 on Tuesday August 02 2016, @01:10PM   Printer-friendly
from the don't-get-a-cold dept.

n1 writes:

Barclays will start identifying customers with voice recognition technology this week, slashing the need for customers to answer a series of questions to gain access to their accounts on the telephone.

The move represents the latest step in the industry to abolish passwords, moving to technologies which banks believe are more convenient for customers as well as more secure.

First Direct took a similar step earlier this year, while Lloyds Banking Group has experimented with a system online which can recognise customers' typing patterns to deny fraudsters access to accounts.

Source: The Telegraph

Original Submission

 
This discussion has been archived. No new comments can be posted.
Barclays to Abolish Passwords for Phone Banking | Log In/Create an Account | Top | 30 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by theluggage on Wednesday August 03 2016, @01:20PM

    by theluggage (1797) on Wednesday August 03 2016, @01:20PM (#383582)

    For anyone who is wondering, yes Barclays does cold call their customers and has no mechanism in place for the customer to verify that it really is Barclays that is calling,

    Buh...buh..but they're currently running TV adverts in the UK saying that they won't ever do this :-)

    I don't use Barclays, but I've had this with other banks. Technically, they won't ask you for your full PIN or password - but they don't seem to comprehend the possibility of any sort of "social engineering" attack less blatant than asking for your full password/PIN. If my mobile rings when I'm in the middle of something else I don't even trust myself to win a mental gymnastics competition against a scammer - and I'm hardly the most gullible customer out there.

    The only unsolicited message you should ever receive from your bank is "Please call us back using the number on your bank statement" - and everybody with an account should have been forced to read that and sign it.... but, oh my, that might stop them phoning you up with important marketing messages...

    Other things - like making sure the URL, the name on the SSL certificate and the extended ID on their web page actually look like they belong to the same bank - also seem to elude them.

    Mind you, my employer still sends round emails saying (approximately) "We have been informed about phishing emails asking you to confirm your login details. If you have responded to one of these please [click here] to reset your password." Seriously. How can anybody even type that without their brain melting?

    Also, can we please ban sites from collecting "personal insecurity questions" like "What was the maiden name of your grandmother's first car"? Do I risk using easily-discoverable true information, or should I have to record 6 extra custom answers for every entry in my password manager? Implement proper two-factor authentication you lazy gits - and if I'm careless enough to forget my password you have my permission to put me to the reasonable inconvenience/cost of re-establishing my ID.

         

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2