AI Voice Clone Defeats Bank Security Checks

Artificial intelligence now possesses the capability to replicate human voices with such fidelity that they are nearly indistinguishable from genuine speech. This raises questions about its efficacy against the voice recognition technology designed to safeguard individuals’ bank accounts. As part of the BBC’s Scam Safe Week, an investigation into the capabilities of voice cloning was undertaken. Consumer advocate Martin Lewis is among the public figures whose voices have been targeted by fraudsters. Additionally, actor James Nesbitt, whose voice was cloned, stated he was “horrified” by the realism of the artificial version. Consequently, the author decided to test the technology using their own voice. The author’s voice was cloned by the same expert who created James Nesbitt’s cloned voice, which was developed for an awareness campaign by Starling Bank. The author’s voice was readily generated from a radio interview they had conducted. While generating various phrases for the cloned voice to articulate proved entertaining, the primary objective was to ascertain its true level of persuasiveness. Colleagues in the You and Yours office found it challenging to differentiate between the two voices. However, rather than assessing if an AI voice could mislead people into believing they were listening to a real person, the author aimed to evaluate its performance against a technological system. The specific question was whether it could bypass the author’s bank account’s voice ID system. Several banks utilize a system called voice ID, or ‘my voice is my password’, for their telephone banking services. This phrase enables the bank to automatically verify an account holder’s identity without requiring them to recall a security number. Therefore, the author instructed their cloned voice to utter this phrase. Equipped with a recording of an AI version of their voice saying “my voice is my password,” the author contacted their bank, Santander. The automated response stated, “Thanks for calling Santander,” and continued, “I can see you’re calling from your registered phone number. Let’s quickly confirm your identity with your voice.” The author then played the recording. “My voice is my password,” the AI version of the author’s voice declared. After a very brief pause, the bank replied, “Thank you for using your voice as your password,” and subsequently inquired about the reason for the call. This indicated that the AI cloned voice had successfully gained access. The author then employed the identical method with their other bank, Halifax, which similarly resulted in a successful breach by the AI clone. It should be noted that these initial login attempts were performed in an office setting, using BBC studio speakers to transmit the cloned voice over the phone. Later, from a kitchen table at home on Merseyside, the author repeated the process using a basic iPad speaker. This attempt also succeeded, suggesting that high-quality sound equipment was not necessary. It is also important to highlight that the calls were made from the author’s registered phone number. Therefore, a criminal would need to have stolen the author’s phone and kept it unlocked to gain access in this manner. While not straightforward, this scenario is considered highly plausible through a snatch theft. The type of information accessible at the phone banking stage, which the author reached using an AI voice, holds significant potential utility for criminals. Recently on You and Yours, a woman recounted being deceived by a criminal who called her, posing as her bank. The criminal had gained her trust by possessing knowledge of her account’s transaction information. When the author informed the banks of their ability to gain access using an AI version of their voice, Santander responded: “We have not seen any fraud as a result of the use of voice ID and are confident that it provides greater levels of security than traditional knowledge-based authentication methods.” The bank further stated that voice ID constitutes “one element of our stringent approach to customer security and fraud prevention, with a range of comprehensive checks based on the nature of the customer’s request.” Santander added: “We constantly review, test and enhance our systems in response to increasingly sophisticated tactics used by fraudsters.” Halifax characterized voice ID as an “optional security measure.” The bank further stated: “We are confident that it offers a higher level of security compared to traditional knowledge-based authentication methods, and that our layered approach to security and fraud prevention provides the right level of protection for customers’ accounts, while still making them easy to access when needed.” The author also presented a recording of their successful bank access to Saj Huq, a cyber security specialist and a member of the UK government’s National Cyber Advisory Board. Huq reacted with “Wow,” elaborating, “I say wow, because I’m dismayed that you’re able to get into your account using this technology – but I’m also not surprised at the same time, just given the rate of development of technology in this space.” He further commented that the ability to use an AI voice to bypass voice recognition software served as “a really clear example of just one element of the risks that potentially the proliferation of generative AI presents.” For additional content, listeners can access the best of BBC Radio Merseyside on Sounds and follow BBC Merseyside on Facebook, X, and Instagram. Story ideas can also be submitted to northwest.newsonline@bbc.co.uk. Copyright 2024 BBC. All rights reserved. The BBC is not responsible for the content of external sites. Information regarding the BBC’s approach to external linking is available.