Security software designed to prevent bank fraud has been fooled by a BBC reporter and his twin.
BBC Click reporter Dan Simmons set up an HSBC account and signed up to the bank's voice ID authentication service. HSBC says the system is secure because each person's voice is "unique". But the bank let Dan Simmons' non-identical twin, Joe, access the account via the telephone after he mimicked his brother's voice. The bank said it would "review" ways to make the ID system more sensitive following the BBC investigation.
'Really alarming'
HSBC introduced the voice-based security in 2016, saying it measured 100 different characteristics of the human voice to verify a user's identity. Customers simply give their account details and date of birth and then say: "My voice is my password". Although the breach did not allow Joe Simmons to withdraw money, he was able to access balances and recent transactions, and was offered the chance to transfer money between accounts.
Read more here
Previous Blog News: Feb 2016:
The death of passwords: HSBC launches voice and fingerprint ID LINK