Lynn Johannson, Advisor, Sustainability and ESG
January 4th, 2024
Lynn Johannson, President of E2 Management Corporation and Catalyst for THE Collaboration
In a care[...]
Can Cloned Voices Crack Bank Security? Need to Know
AI | Nov 28, 2024
Image: Freepik
AI Voice Cloning Exposes Weakness in Bank Security Systems
Well there's not a day that goes by that artificial intelligence (AI) doesn't amaze while also inflicting fear. AI's latest milestone is unsettling, as its been proven that it can clone human voices so convincingly that even bank's advanced security systems can be tricked. This article is based on an investigative piece by Shari Vahl at the BBC who proved that a clone of her voice breached two major bank's voice ID systems. The security and fraud implications raise the frightening truth that current authentication protections are not good enough in the era of generative AI.
What Happened?
Today, voice cloning believe it or not is pretty straightforward. There are a growing number of voice cloning services that varying features and capabilities such as ElevenLabs, Resemble AI, and Respeecher. Descript compares a few of the pros and cons of the best AI voice cloning tools here.
See: Generative AI and Major Human Rights Fintech Risks
So Vahl cloned her voice and tested it on the 'voice ID' systems of Santander and Halifax banks. Both systems use a simple phase to authenticate voice ID, "my voice is my password' and grant full access to bank accounts and tools. Here's how the conversation went.
Image: Shari Vahl Voice ID authentication with Voice Clone at Santander bank
See: How GenAI Is Transforming Risk and Compliance in Banking
Yes, as you see from the conversation above, using her cloned voice she successfully passed Voice ID and logged into her account, using basic speaker equipment at home. She duplicated the same process at Halifax Bank with the same result so she was two for two in hacking into her own bank account with a cloned voice ID.
Many companies such as Rogers say that Voice ID or Voice biometrics is more secure than traditional PINs or passwords but if a cybercriminal can easily pass (or by-pass) a voice ID system using a cloned voice easily, to access sensitive information or drain bank accounts, we've got a serious problem.
How Are the Banks Responding?
Santander and Halifax both defended their systems saying that voice ID is just one layer of their security framework. Here's how they responded according to the BBC article.
Halifax Bank response:
"[Voice ID is an] optional security measure. We are confident that it offers a higher level of security compared to traditional knowledge-based authentication methods, and that our layered approach to security and fraud prevention provides the right level of protection for customers' accounts, while still making them easy to access when needed."
See: Meta Files New Patent: Voice ID Data for User Authentication…Progress or Privacy Concern?
Santander Bank response:
"We have not seen any fraud as a result of the use of voice ID and are confident that it provides greater levels of security than traditional knowledge-based authentication methods. [Voice ID] is one element of our stringent approach to customer security and fraud prevention, with a range of comprehensive checks based on the nature of the customer's request. We constantly review, test and enhance our systems in response to increasingly sophisticated tactics used by fraudsters."
What Can Be Done?
- Banks and businesses should add extra layers of security like combining voice ID with fingerprints or a trusted device before providing access to make accounts safer.
- Use AI tools to catch itself. AI can be trained to catch cloned voices (much better than humans can) to help combat the wrongly use of this technology.
- Education and awareness. Customers need to know how scammers can use AI against them so they can proactively protect themselves. Awareness is a big step in avoiding fraud. Banks should advise customers on what they’re doing to protect against scams using AI.
- Governments, banks, and regulators should work together to create guidelines for safe use of AI powered voice tech and invest in top notch tools to catch fraud early.
Wake Up Call
Banks, government, regulators, businesses, and customers all need to wake-up and take the appropriate actions to protect themselves.
See: Major Data Breach @Finastra and Canadian Banks?
While AI is a marvel technology, it's creating new risks that demand smarter protections for all. Similar to the old saying "buyer beware", we now live in an age of "user beware." Stay informed. Stay safe.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
 |  |  |
Support NCFA by Following us on Twitter!Follow @NCFACanada  |
Related Posts
Twitter Soon Launching In-app ‘Coins’ to Help Creators Make Money – No Crypto Mentioned (yet)- CRA Tax Implications for Individuals and Crypto Platforms
- Brookings: The Future of Crypto Regulation (On Demand and Transcript)
- WEF Insight Report: Digital Assets, Distributed Ledger Technology, and the Future of Capital Markets
- Tax Tips for Canadian Crypto Users in 2024
- Court Rules XRP Sales Not Investment Contracts: How the SEC Case Could Reshape Crypto Landscape
Leave a Reply