A voice biometric system for authorizing banking transactions was launched yesterday, and even Rory Bremner's impressions are not clever enough to fool it.
Voice Transact, which is the brainchild of Nick Ogden, the founder of the WorldPay remote payment system, uses a vocal signature that is matched against a pattern stored on file when the account it opened. It is designed to help reduce fraud, particularly phishing-related online scams.
"We are creating a global network for banks to use that is changing the way people confirm their transactions," Mr Ogden said. "Voice biometric signatures can enable consumers to have complete control over signing for financial transactions anywhere in the world."
The company is in talks with a major pan-European bank and expects to launch a service in the UK towards the end of the summer. It is also in discussion with MasterCard, and in six weeks' time, consumers at a participating Dubai bank will be able to take money out of a cash machine without their bank card. By selecting the "cardless transaction" option, and inputting the mobile phone number, the customer will be immediately rung back and asked to repeat a random string of numbers. Once the voice pattern has been matched, the cash machine will dispense money in the normal way.
The company invested $10m (£5m) in the technology, which works by creating a profile when a customer registers their account. Transactions are authorized by repetition of a random string of numbers that do not relate to the financial information but merely function as a way of getting the person to talk.
While a customer who has actually lost their voice could have problems, a normal cold should present no problems, and a three-hour test session was conducted with Rory Bremner last year to ensure that the system cannot be cracked. "We guarantee the integrity of the system so we will stand behind any transaction that is processed through the network," Mr Ogden said. If an authorization is rejected, the customer will immediately be contacted by a call centre as an alternative verification.
My thoughts? This system will not make a flipping difference in regards to limiting the amount of phishing. Nearly all phishing scams are geared towards the least technological savvy people, so harvesting authorization will be no problem. All that would be required is to get a person to "Verify Their Account" on a phishing server, including having a person say numbers 1-9. This would include verifying the account with their Voice authorization , which would be ftp'd to the Phishers records. The recording could be then played using any high grade audio output, thus bypassing the authorization. Yet another biometric meant to keep honest people honest.
-
No comments:
Post a Comment