Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • mgdavid
    • By mgdavid 19th May 17, 10:22 AM
    • 5,281Posts
    • 4,466Thanks
    mgdavid
    HSBC voice recognition insecure?
    • #1
    • 19th May 17, 10:22 AM
    HSBC voice recognition insecure? 19th May 17 at 10:22 AM
    http://www.bbc.co.uk/news/technology-39965545
    A salary slave no more.....
Page 1
    • Pincher
    • By Pincher 19th May 17, 11:57 AM
    • 6,516 Posts
    • 2,491 Thanks
    Pincher
    • #2
    • 19th May 17, 11:57 AM
    Easy or not easy, that is question
    • #2
    • 19th May 17, 11:57 AM
    http://www.moneysavingexpert.com/news/banking/2016/10/first-direct-customers-locked-out-of-their-bank-accounts-after-voice-id-system-fails-to-recognise-them

    HSBC asked me on Wednesday 17th May, if I wanted voice recognition, and I gave them a categorical NO.

    It's just not secure enough.

    It's probably fine for read only mode, where you want to check money has turned up.
    • mt99
    • By mt99 19th May 17, 2:37 PM
    • 453 Posts
    • 219 Thanks
    mt99
    • #3
    • 19th May 17, 2:37 PM
    • #3
    • 19th May 17, 2:37 PM
    Yes I agree with the above there is inherent insecurity in any method of signing in - in the BBC case they used a person's brother but realistically what are the chances of someone being able to use their voice to sign in to your account? in any case you can't really do much once you've got in you can't even make a payment as I understand it

    You might just want to check what the banks terms conditions are in terms of reimbursing you should anyone managed to bypass voice security
    • Pincher
    • By Pincher 19th May 17, 4:13 PM
    • 6,516 Posts
    • 2,491 Thanks
    Pincher
    • #4
    • 19th May 17, 4:13 PM
    • #4
    • 19th May 17, 4:13 PM
    Effectively, Contactless payment has NO security, because the sums are trivial.

    I can allow voice recognition on accounts with small amounts.

    For accounts with real money in, never.
    In fact, I would really like a Harry Potter Gringotts bank, where you must turn up in person to get your money.
    • Shakin Steve
    • By Shakin Steve 19th May 17, 5:25 PM
    • 1,134 Posts
    • 843 Thanks
    Shakin Steve
    • #5
    • 19th May 17, 5:25 PM
    • #5
    • 19th May 17, 5:25 PM
    I suppose it depends on your outlook on life. I walk my dog in the woods every morning, along with hundreds of others. Someone mentioned that a dog had been bitten by an adder. Some people immediately stopped letting their dogs roam lose and kept them on a lead. I weighed up the chances and let mine carry on as normal.
    There will always be people who are so risk averse that it stifles their life.
    I came into this world with nothing and I've got most of it left.
    • Lith
    • By Lith 19th May 17, 5:34 PM
    • 864 Posts
    • 239 Thanks
    Lith
    • #6
    • 19th May 17, 5:34 PM
    • #6
    • 19th May 17, 5:34 PM
    Everytime i phone them.... they always hassle me NO MEANS NO


    Not secure AT ALL.
    • HSBC (Main A/C)
    • Halifax Back up A/C
    • Lloyds (Spending) A/C
    • RBS Back up A/C
    • Barclays Old A/C
    • Nationwide Old A/C
    • Pincher
    • By Pincher 20th May 17, 12:30 AM
    • 6,516 Posts
    • 2,491 Thanks
    Pincher
    • #7
    • 20th May 17, 12:30 AM
    • #7
    • 20th May 17, 12:30 AM
    Yes I agree with the above there is inherent insecurity in any method of signing in - in the BBC case they used a person's brother but realistically what are the chances of someone being able to use their voice to sign in to your account? in any case you can't really do much once you've got in you can't even make a payment as I understand it

    You might just want to check what the banks terms conditions are in terms of reimbursing you should anyone managed to bypass voice security
    Originally posted by mt99
    There is nothing to stop the determined thief.
    My house was totally locked down, and he just needed a crowbar to get through the window.

    The hackers get through via the weakest link.
    They are getting away with the proceed of house sales by intercepting e-mails, and telling the solicitor to send the money to a different account.

    If they get through to see your account profile, by voice recognition, they will get your e-mail address, as well as most of your personal information. Phishing e-mails to your e-mail account follows, and if you click on it, good night Vienna.
    • EachPenny
    • By EachPenny 20th May 17, 11:24 AM
    • 3,295 Posts
    • 6,077 Thanks
    EachPenny
    • #8
    • 20th May 17, 11:24 AM
    • #8
    • 20th May 17, 11:24 AM
    If they get through to see your account profile, by voice recognition, they will get your e-mail address, as well as most of your personal information. Phishing e-mails to your e-mail account follows, and if you click on it, good night Vienna.
    Originally posted by Pincher
    And some banks still invite you to provide your mother's maiden name as a security question which, for many people, is as secure as clicking on freebmd dot org dot uk. Try it and see how long it would take someone who knows your name and year (not even exact date) of birth to find your MMN.

    Ford Money should kindly take note
    "In the future, everyone will be rich for 15 minutes"
    • mt99
    • By mt99 20th May 17, 11:34 AM
    • 453 Posts
    • 219 Thanks
    mt99
    • #9
    • 20th May 17, 11:34 AM
    • #9
    • 20th May 17, 11:34 AM
    You don't have to give your mother's real maiden name of course you can make one up and just use it - as you say freebmd will tell you exactly what your real mother's maiden name is although to be fair if you have a common name then there will be a lot of hits to choose from if you have an unusual name then often it will be the only hit.
    • mgdavid
    • By mgdavid 20th May 17, 12:03 PM
    • 5,281 Posts
    • 4,466 Thanks
    mgdavid
    And some banks still invite you to provide your mother's maiden name as a security question which, for many people, is as secure as clicking on freebmd dot org dot uk. Try it and see how long it would take someone who knows your name and year (not even exact date) of birth to find your MMN.

    Ford Money should kindly take note
    Originally posted by EachPenny
    very hit and miss.
    Firstly it requires the subject to be born in this country.
    Second, it would appear to be a good reason for women to adopt husband's surname upon marriage, as without their maiden name they are untraceable.
    Also anyone born or married since 1984 is safe as the records aren't there yet.
    Then you need the middle name(s) and/or initials to reduce the number of hits.
    And finally if there are multiple hits (as there will be for common names) you need to have knowledge of the approximate place of birth,
    probably a 1 in 4 chance of locating it this way, at best.
    A salary slave no more.....
    • EachPenny
    • By EachPenny 20th May 17, 1:01 PM
    • 3,295 Posts
    • 6,077 Thanks
    EachPenny
    very hit and miss.
    Firstly it requires the subject to be born in this country.
    Second, it would appear to be a good reason for women to adopt husband's surname upon marriage, as without their maiden name they are untraceable.
    Also anyone born or married since 1984 is safe as the records aren't there yet.
    Then you need the middle name(s) and/or initials to reduce the number of hits.
    And finally if there are multiple hits (as there will be for common names) you need to have knowledge of the approximate place of birth,
    probably a 1 in 4 chance of locating it this way, at best.
    Originally posted by mgdavid
    I wouldn't disagree with most of what you say, but I was talking about many people, not everybody.

    I also wouldn't use the word 'safe'. FreeBMD has the records going up to 1983, but commercial sites have later records which are easily accessible, often for free. These records cover the period for most people appearing on the GRO registers who will be old enough to have a bank account with likely amounts of money in them big enough to be attractive to fraudsters.

    The marriage trick won't work either if the marriage appears on the GRO register then it is a relatively trivial exercise, in many cases, to find the marriage and work out the maiden name. Usually.

    The marriage itself may provide the source of middlenames and/or initials.

    If someone knows enough about you to identify your first and last names, year of birth, and who you bank with, then middlenames, quarter of birth, and even approximate location of birth may well be known already, or not that difficult to work out - especially for people who pass the time of day posting their life history on FB.

    Only by having a very common surname and firstname, with no middlename, can you be relatively confident the GRO indexes will not help a fraudster identify your MMN.

    True, you don't have to give your real MMN when registering with a bank, but how many people are aware of the risk, and how many people would feel uncomfortable about lying about a 'fact' the bank are asking them to provide as part of a financial application? It would be far better for the banks to restrict themselves to asking for a 'memorable name' rather than specifically MMN.

    These news headlines are about the scenario in which someone who has a twin was able to partially fool a system. The number of people who can do that is miniscule in comparison to the number of people who have an easily identifiable MMN - and that was really my point, the banks ask for MMN yet we rarely see the same kind of loud headlines pointing out how insecure that piece of information might be.
    Last edited by EachPenny; 20-05-2017 at 1:03 PM. Reason: Formatting
    "In the future, everyone will be rich for 15 minutes"
    • Masomnia
    • By Masomnia 20th May 17, 1:17 PM
    • 17,118 Posts
    • 37,750 Thanks
    Masomnia
    If you put on a good enough Mexican accent it won't ask you any questions at all.

    Badum tish!
    “I could see that, if not actually disgruntled, he was far from being gruntled.” - P.G. Wodehouse
    • Pincher
    • By Pincher 21st May 17, 10:41 AM
    • 6,516 Posts
    • 2,491 Thanks
    Pincher
    Remember Dark Star, the movie by John Carpenter?

    They had to talk the bomb into ignoring the previous command to explode, which followed correct procedure
    Genuine users can't log in (First Direct example), fake users can(BBC Click example). It's a farce.

    How do you get into a speakeasy? You say: "Antonio sent me." into a slot in the door. A lot like typing something into a Pop Up window, doesn't it? One thing is for sure, it's cheaper than having real people checking signatures and documents.

    One of these days, they will say, the management takes no responsibility for your valuables. You leave your money with us at your on risk. You can buy insurance against theft, 2% a year please.
    Last edited by Pincher; 21-05-2017 at 10:44 AM.
    • polymaff
    • By polymaff 21st May 17, 12:42 PM
    • 1,804 Posts
    • 780 Thanks
    polymaff
    You don't have to give your mother's real maiden name of course you can make one up and just use it ...
    Originally posted by mt99
    Ditto all the other publicly available data, First School, Second School, First Car etc. etc.

    Do all banks accept crazy answers, though? In the Nineties I had to beat up the Halifax's Head of Savings to get this practice accepted.
    • EachPenny
    • By EachPenny 21st May 17, 12:56 PM
    • 3,295 Posts
    • 6,077 Thanks
    EachPenny
    Do all banks accept crazy answers, though? In the Nineties I had to beat up the Halifax's Head of Savings to get this practice accepted.
    Originally posted by polymaff
    I once had an interesting conversation with a CSA who refused to accept the answer I gave for my mother's maiden name on the basis 'nobody would be called that' despite my answer exactly matching the stored answer. I was told I would be having my account passed to the fraud department because I had given false information. A polite request to speak to a manager quickly overcame the situation

    The problem is many people do not realise they don't have to give a true answer to those questions, or are far too honest for their own good, which was why I was suggesting the banks could help by making the questions more generic - such as "The name of a school" rather than "Your first school".
    "In the future, everyone will be rich for 15 minutes"
    • polymaff
    • By polymaff 21st May 17, 2:08 PM
    • 1,804 Posts
    • 780 Thanks
    polymaff
    ... I was suggesting the banks could help by making the questions more generic - such as "The name of a school" rather than "Your first school".
    Originally posted by EachPenny
    To be fair, some do - such as the Yorkshire Bank, who ask for things like a memorable place, film and meal.

    Needless to say, my three answers have nothing to do with geography, cinematography - or scoff-ology
    • EachPenny
    • By EachPenny 21st May 17, 2:46 PM
    • 3,295 Posts
    • 6,077 Thanks
    EachPenny
    True.

    Let me guess, the answer you've used for all three questions is your mother's maiden name?
    "In the future, everyone will be rich for 15 minutes"
    • polymaff
    • By polymaff 21st May 17, 3:30 PM
    • 1,804 Posts
    • 780 Thanks
    polymaff
    True.

    Let me guess, the answer you've used for all three questions is your mother's maiden name?
    Originally posted by EachPenny
    my three answers have nothing to do with geography, cinematography - or scoff-ology
    Originally posted by polymaff

    ... or ancestry
    Last edited by polymaff; 21-05-2017 at 3:48 PM.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

2,897Posts Today

6,564Users online

Martin's Twitter