Gur Geva, CEO, and co-founder of iiDENTIFii, underscores the growing concern regarding the security of voice biometrics. He points out that the current landscape indicates a vulnerability in voice biometrics, with an increasing risk of identity impersonation, and explores the need for a multi-layered approach to safeguarding personal identities.
Apart from going into a branch, calling a bank feels more human for digital-shy consumers. For many, it is the first port of call for making account changes or moving large sums of money. But how safe is voice banking really, and what are the chances of someone using generative AI to fake a consumer’s voice and steal their available funds?
As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.
Impersonation attacks continue to increase
Impersonation is one of the predominant methods fraudsters use to rob consumers. Using identifying information such as personal details or AI-generated voice, criminals can access consumer bank accounts with impunity. According to the Southern African Fraud Prevention Service (SAFPS), impersonation attacks increased by 264 percent for the first five months of 2022 compared to 2021.
According to iiDENTIFii’s founder Gur Geva, the technology required to impersonate an individual has become cheaper, easier to use and more accessible. This means that it is simpler than ever before for a criminal to assume one aspect of a person’s identity.
How voice impersonation works
Voice recognition systems in banking rely on a person saying something aloud, such as a unique catchphrase or password. This is vulnerable to exploitation because synthetic AI-generated voice technology has evolved to such an extent that it is indistinguishable from real voices. According to MIT and Google, generative AI voice cloning tools only need a minute of voice data – which is often scraped from social media – to create a result that is almost indistinguishable from the original.
The potential of this technology is vast. Microsoft, for example, has recently piloted an AI tool that, with a short sample of a person’s voice, can generate audio in a wide range of different languages. While this has not been released for public use, it illustrates how much the medium of voice can be manipulated.
The appeal of voice recognition in banking
Voice recognition has a multitude of benefits. It is accessible to a diverse range of consumers, who only need a phone line to perform banking tasks. Voice recognition programs can often pick up a voiceprint much faster than a person can type, which streamlines and reduces friction in the banking process for consumers without needing to enter complex passwords.
“Historically, voice biometrics has been seen as an intimate and infallible part of a person’s identity. For that reason, many businesses and financial institutions used it as a part of their identity verification toolbox,” Gur says.
Audio recognition technology has been an attractive security solution for financial services companies across the globe, with voice-based accounting enabling customers to deliver account instructions via verbal commands. Voice biometrics offers real-time authentication, which replaces the need for security questions or even PINs.
One of the UK’s biggest banks, for example, integrated Siri to facilitate mobile banking payments without the need to open or log into the banking app. An Abu Dhabi based bank introduced a biometric voice and voice-based authentication platform for e-commerce, which uses biometric sensors built into a standard smartphone.
“As voice cloning becomes a viable threat, financial institutions need to be aware of the possibility of widespread fraud in voice-based interfaces. For example, a scammer could clone a consumer’s voice and transact on their behalf,” Gur says.
Do South African banks need to do away with voice authentication altogether?
Not necessarily. Thankfully, banks do not rely on a single form of authentication when performing a transaction. As the threat of cyber fraud grows, a rising number of local banks are investing in cutting-edge, multi-layered biometric authentication protocols.
“Our experience in mitigating fraud and our research into rising AI-enabled cybercrime trends has led us to believe that voice authentication can be made safer if it is bolstered by additional remote digital verification methods. We recommend to banking clients that they adopt multimodel identity verification, especially for sensitive transactions,” Gur adds.
Voice biometrics in banking still serves several customers, particularly those who may need access to smartphone apps or in-person banking. While fraud risks abound, voice cloning is less of a threat to the public, because it is difficult to roll out at scale as criminals would need to have access to substantial personal information for each target. AI voice cloning technology may be cheaper and more accurate, but, if banks employ up-to-date, enterprise-grade biometric authentication processes, they will be better protected.
“While identity theft is growing in scale and sophistication, the tools we have at our disposal to prevent fraud are intelligent, scalable and up to the challenge. At iiDENTIFii, we believe that face biometrics remains the strongest form of biometrics, as the face can be matched against a government issued, trusted ID document, whereas a voice cannot. This approach is trusted by our clients, which include five of South Africa’s leading banks,” Gur concludes.