olly - Fotolia

HSBC voice authentication tricked by twins

Twin brothers managed to trick HSBC’s voice recognition security system into giving account access to the wrong person

A BBC journalist and his twin brother have successfully carried out an experiment to trick HSBC voice-based authentication software into providing account access to the wrong person.

Dan Simmons, a reporter at BBC Click, opened an HSBC account and enrolled for the bank’s voice ID service. By copying his voice, identical twin brother Joe was able to access his account.

Using HSBC’s voice-based authentication, customers give their name and date of birth and confirm that their voice is their password. Dan Simmons’s brother was able to access account details and could move money between accounts but not withdraw money.

He told the BBC that he was given multiple attempts to copy the voice and it was not until his eighth try that he gained access.

In February 2016, HSBC announced a planned roll-out of voice biometric security technology, with more than 15 million customers in line for voice and fingerprint authentication services. Barclays bank also uses voice recognition technology instead of passwords to identify customers over the phone.

HSBC promotional material for the voice security said: “Your voice is unique – just as your fingerprint is – which means you can create your own voiceprint with us.”

“Voice ID can analyse your voice in seconds – checking over 100 behavioural and physical vocal traits, including the size and shape of your mouth, how fast you talk and how you emphasise words.”

The BBC said HSBC would not comment on how secure the system had been since its introduction, but a spokesperson told the BBC: “The security and safety of our customers’ accounts is of the utmost importance to us. Voice ID is a very secure method of authenticating customers.

“Twins do have a similar voiceprint, but the introduction of this technology has seen a significant reduction in fraud, and has proven to be more secure than pins, passwords and memorable phrases.”

Read more on Endpoint security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...