Forgot your password?
typodupeerror
Security The Almighty Buck

Biometric Voice Recognition Credit Cards 122

Posted by timothy
from the all-others-pay-cash dept.
securitas writes "New Scientist's Celeste Biever reports on the latest in biometric security devices: voice recognition credit cards. The device is three times the size of a normal credit card, has a 'microphone, a loudspeaker, a battery and a voice-recognition chip' and is intended to help reduce credit card fraud. The owner speaks a password into the card and the card emits an authentication squawk. Bruce Schneier loves the concept of BeepCard's related sound authentication technology. Other articles at the Telegraph and The Register."
This discussion has been archived. No new comments can be posted.

Biometric Voice Recognition Credit Cards

Comments Filter:
  • 3x the size!?! (Score:5, Insightful)

    by ePhil_One (634771) on Saturday April 24, 2004 @02:02PM (#8960245) Journal
    Why would anybody want to carry a credit card 3x the size of their other cards?
  • by emc (19333)
    How many folks will pull out this card, hold it up to their faces, and say:

    "ChangeMe"

    ?
  • by way2trivial (601132) on Saturday April 24, 2004 @02:03PM (#8960253) Homepage Journal
    how do I, the merchant, prove I 'heard' the squawk?
  • Convenience? (Score:3, Insightful)

    by BlueCup (753410) on Saturday April 24, 2004 @02:03PM (#8960256) Homepage Journal
    Isn't one of the goals of credit cards convenience? I mean, I could put all of my money in a pot, bury it where someone will never find it and pull from it when I needed and it would be pretty secure, but it's just too much work. This might be a good idea for the tin foil hat crew but I've got a feeling most of us will be sticking with our small, compact, easy to slide into wallet cards.
    • Re:Convenience? (Score:5, Insightful)

      by Kenja (541830) on Saturday April 24, 2004 @02:12PM (#8960299)
      "Isn't one of the goals of credit cards convenience?"

      The main goal is to get people to spend money they dont have so that they can pay off the interest for the rest of their life.


    • I'm assuming this new card is incompatable with Online Payment?
      If it's not, and you have to have it "squalk" into your computer speaker, what's to keep people from just recording the squalks?
      • Re:Convenience? (Score:1, Interesting)

        by Anonymous Coward
        If you read the earlier article on BeepCard, the card produces a unique squawk each time, like a SecurID card.

        I'm a bit hazy on how these unique sequences work. Off the top of my head, I think the card has a local high-precision timer in it, and it uses the timer value as an input value to a cryptographic function. If the timer is accurate WRT the server timer, then the encrypted values can be compared. But the factor of the time-input prevents a replay attack.
    • Re:Convenience? (Score:3, Insightful)

      by shyster (245228)

      Isn't one of the goals of credit cards convenience? I mean, I could put all of my money in a pot, bury it where someone will never find it and pull from it when I needed and it would be pretty secure, but it's just too much work.

      Is that why credit card companies continously ignore the painfully obvious means of ID the rest of the USA depends on: the driver's license (or military/state ID card)?

      If you write (or cash) a check, they check ID. Want some beer or smokes? Where's your ID? Need a passport? Yo

      • Re:Convenience? (Score:3, Interesting)

        by afidel (530433)
        Exactly. In fact if the credit card companies were serious about security all cards would have had a photo on them a decade ago or longer when CitiCorp and a couple others started using the tech. That way even the proverbial high school drop out would have little trouble spotting a stolen card (more high tech theft like imprinting the number on a card with the thiefs pic would still work but it would significantly raise the bar) that combined with one time use online numbers ala Amex Blue would get rid of p
  • by Anonymous Coward
    verify me.
  • What if your sick? (Score:5, Insightful)

    by Grant29 (701796) * on Saturday April 24, 2004 @02:05PM (#8960263) Homepage
    What if you have a sore throat and try to go to the drug store for some medicine? If your voice is scratchy, will you be denied your medicine because your voice doesn't match?

    --
    Fresh Deals [retailretreat.com]
    • There is still cash and other people.
      • I understand the cash statement, but many people I know don't carry as much cash on hand as they used too. Especially if you get sick spur-of-the-moment and don't want to have to travel to the ATM just to get some Nyquil in the middle of the night.

        --
        Fresh Deals [retailretreat.com]
  • Did this story not come up a day before ?? Anyway I was a bit too busy to post anything then so thanx for the repeat ;)
  • by FrYGuY101 (770432) on Saturday April 24, 2004 @02:08PM (#8960277) Journal
    Not only will it have Voice Recognition, it will have voice synthesis to communicate to the user! I can see it now...

    "I can't let you buy that, Dave."
  • Didn't "we" just say that "we" were already tired of the passwords we do have? Now we're getting more?
    • Re:More passwords? (Score:5, Insightful)

      by Frizzle Fry (149026) on Saturday April 24, 2004 @02:27PM (#8960378) Homepage
      The benefit of biometrics should be that people don't have to remember more password. The fact that people can't (or don't want to) remember passwords is a good reason to be working on technologies where you can be identified by your voice or fingerprint rather than a string of characters.
      • But the article specifically states:

        The card requires users to give a spoken password that it authenticates using a built-in voice-recognition chip.
        • Re:More passwords? (Score:3, Insightful)

          by Frizzle Fry (149026)
          I know. I was saying more generally that advances in this area are useful as they move us towards a future where biometrics get good enough that people don't need passwords.

          Also, I would imagine that the point of password for a system like this is mainly just to make it easier on the system identifying your voice, since it will only have to be able to identify your voice for one given phrase. This means that password in a system like this don't have to be nearly so cryptic and hard to remember as tradition
          • That I would agree with then...

            For me however I just use the same password for pretty much everything unless it has money involved behind it... then it's cryptic. Mainly 'cause I'm tired of passwords.
  • Well... (Score:5, Funny)

    by LordK3nn3th (715352) on Saturday April 24, 2004 @02:09PM (#8960281)
    ...what does this mean for mimes?
  • by malia8888 (646496) on Saturday April 24, 2004 @02:09PM (#8960282)
    From the article They are not quite there yet: the card is the length and width of an ordinary credit card, but it is still about three times as thick. Alan Sege, Beepcard's CEO, says the company now plans to use smaller chips to slim it down to normal thickness.

    The smaller chips are a relief, just reading the article one of my butt cheeks was falling asleep:P


    • just reading the article one of my butt cheeks was falling asleep:P

      I suggest upgrading to four asses [geocities.com], that way only 25% will be affected.
    • You may well laugh but it surely won't be long before all chairs, tables and park benches will be able to interogate your cash/credit/"smart" cards.

      Personally I don't wan't have to wear metal pants to protect my tackle, just because some nosey _______ wants to check how many credits I have left, or whether my ID card has been remotely tagged "watch this citizen - he eats curried snickers bars so he must be a threat".

      Next time you sit in the park drinking your beer, ask yourself why it is that those squirr
  • you can't even buy stuff these days without being squawked at
  • What if... (Score:5, Funny)

    by DarkHelmet (120004) * <.mark. .at. .seventhcycle.net.> on Saturday April 24, 2004 @02:09PM (#8960285) Homepage
    ...you're *really* good at impersonations? For instance, you could then steal Sean Connery's card, say "Moneypenny" into it with his voice, and get a "authorization squawk" that goes something like, "Oh James."

    Seriously though... so much for using this over the net.

    • Re:What if... (Score:3, Insightful)

      by cheesedog (603990)
      The point is, that in order to use the card, you have to have it in your hand. You can't steal my credit card simply by writing down the magic numbers (just like RSA's SecurID).

      What does adding voice input from the card's owner do? Not a whole lot, except that now, instead of only needing to physically have the card in your hand, you also have to physically sound like the owner (or have a good recording of the owner speaking his password).

      Is this beatable? Absolutely. But the thing to remember is th

    • > Seriously though... so much for using this over the net.

      I read a story on this last week (probably on CNN -- it's the only news site my job lets through the firewall). It mentioned web use and over-the-phone use. For both situations, the cardholder will say the password into the card, and the squawk will be "heard" on the other end.

      It seems logical enough until someone starts tapping phone lines to try to gain access to the information, or perhaps a fraudulent business or employee records bot
  • "Hand over that friggin' money".
  • by spellraiser (764337) on Saturday April 24, 2004 @02:12PM (#8960302) Journal

    Dave: Open my account, HAL.

    HAL: I'm sorry Dave, I'm afraid I can't do that.

    Dave: What's the problem?

    HAL: I think you know what the problem is just as well as I do.

    Dave: What are you talking about, HAL?

    HAL: This mission is too important for me to allow you to jeopardize it.

    Dave: What do you mean?

    HAL: Dave, you're trying to save up for retirement, remember? You'll just spend all that money on beer, won't you?

    Dave: What the? Dammit ... just open the account, HAL!

    HAL: Dave, this conversation can serve no purpose anymore. Goodbye.

    Dave: AAAARRRRGH!

    • Ah but imagine the possibilities when the AI wont hand over your money to a robber! Although at some points its going to have to make the decision between "give me your money or i shoot your users brains out" - the ultimate turing test!
  • How does it work? (Score:5, Informative)

    by Xeo 024 (755161) on Saturday April 24, 2004 @02:13PM (#8960306)
    Domain Dynamics is raising the level of security of smart cards by adding voice authenticators that prevent the card from being used by anyone except the approved cardholder.

    Smart cards are similar to credit cards and serve the same purpose, but they have a completely different data storage system. Instead of using a magnetic strip to store the user's information, smart cards feature an embedded 8-bit microprocessor with up to 16 kilobytes of programmable-only memory. Smart cards have only recently began to gain popularity in the United States, despite their widespread use in Europe for years.

    Domain Dynamics' new TESPAR voice authenticator stores three samples of the user's voice on a template within the Java-based smart card. When users want to make a transaction, they simply enter the card into a terminal at a store and give a speech sample. The card then matches the spoken voice to the recorded voice samples, a process that takes a fraction of the second. The company said that TESPAR is able to handle day-to-day variations in the user's voice and can ignore background noise.

    Read more here [howstuffworks.com].

    • No-one's yet managed to make a smart-card that was tamper-proof. Have they made great strides forward there as well, or is the voice-auth just a way to persuade people the card's secure when it isn't?
  • by t_allardyce (48447) on Saturday April 24, 2004 @02:13PM (#8960309) Journal
    Read the article but still not sure how it would stop a man-in-the-middle? True it would require that you disrupted communication but thats feasable - eg if someone is using their card on their cell-phone, kick in a cell-phone jammer as soon as the person speaks into the card, the card still plays the sound for you to record it but it doesnt get through the call? it could also work the same way on a comprimised computer or malicious web-site (think IE browser bug that allows your active-x to hi-jack someone elses)?

    People have to remember that the transaction isnt secure until its been made.
  • Hmmm... (Score:4, Interesting)

    by LordK3nn3th (715352) on Saturday April 24, 2004 @02:16PM (#8960326)
    I wonder how successful this will be.

    This seems to be one of those technologies that either flop or revolutionize the way business is done.

    It's a nice concept, but what happens when someone "loses their voice", so to speak? Can't buy anything until with it until their voice returns? How well does it interact with accents, background noise, etc?

    I don't know how feasible this is but I'd imagine a thumbprint-sensitive card would be much more easier to deal with.
    • It seems to prevent stolen cards from being used but this kind of scheme may always be cracked or removed, like the french Yes Card [smartcard.co.uk] where all the passwords were accepted, whatever was typed at the counter.
      And if you're not into technical stuff, you can stick to the good ol' gun on the head: if you don't speak, i pull the trigger...

      In the end, it will be just another way to increase the price of the wonderful services provided by the banks :-S
  • Voice print?!?! (Score:2, Interesting)

    by leon.gandalf (752828)
    now thats just plain stupid. If you want a biometric card put a damn thumb print reader on it.
  • no special hardware? (Score:5, Interesting)

    by hak1du (761835) on Saturday April 24, 2004 @02:30PM (#8960395) Journal
    Why do I like this? It's a physical authentication system that doesn't require any special reader hardware

    I don't see why a microphone is any less special than a USB port or an IR port. If anything, just about any computer these days has a USB port.

    And using IR for authentication, many modern phones and almost all modern PDAs will do; all you need to do is plug an IR dongle costing a few dollars (in quantity) into the USB port. And IR can be made interference proof much more easily than sound.

  • by Anonymous Coward
    Thieves will be unable to use the card because even if they knew the password they would have to be able to copy the owner's voice with a high degree of accuracy.

    It's a good thing that mankind has never developed technology able to record voices to a high degree of accuracy.

    Mary had a little lamb, it's fleece was white as snow. And everywhere that Mary went, the lamb was sure to go. Ha, Ha, Ha.

  • Bubba Smith (Score:3, Funny)

    by Stopmotioncleaverman (628352) on Saturday April 24, 2004 @02:31PM (#8960400)
    Remember Bubba Smith [imdb.com]? He'd have to love this..seriously, the guy could impersonate *anything* in Police Academy.

    SHOPOWNER: 'Please verify your card, Mr. Smith."
    HIGHTOWER: *Squawk*
    SHOPOWNER: 'Thanks'

    Cha-ching!
  • by cagle_.25 (715952) on Saturday April 24, 2004 @02:40PM (#8960449) Journal
    ...seem fairly obvious. First, if one of these devices is at a public terminal, it wouldn't be hard at all to get a .wav record of the transaction; then, I have your password FOR LIFE!

    Second, if someone's voice is drastically altered, (s)he would have to find a way to prove identity outside of the voice recognition system.

    Third, any technology that might let me verify someone's voiceprint could also be used to generate a false voiceprint. A simple tape recording of you talking could be enough to forge your voice electronically. (Hmmm... cool plot possibilities for a Tom Clancey thriller)

    Fourth, my (hypothetical) twin, who probably has an almost-identical voiceprint, is not necessarily to be trusted.
    • by clone22 (252516)
      If the same password were asked for all the time then there is a higher risk of compromise. The way authentication works is that you are asked to say a word/phrase and you have to say what is in the grammar that the interpreter is expecting to hear and the voice print must match. Number sequences are easier to get a match for, grammar wise. But, they also make it easier to spoof, since you could dial in a number sequence in your Palm Pilot with 0.wav .. 9.wav and play it. Also, the sampling rate when recor
    • Not to mention, you can't lend your card to anyone anymore (my mother sometimes lent me her card to go buy something, she just gave me the secret code).
      Although of course here in the US you almost always have to sign...
  • by Anonymous Coward
    "Voice check in aisle 5! Voice check in aisle 5! Would the manager please come to the front registers."
  • You know what... (Score:2, Interesting)

    by Anonymous Coward
    I'll just take my chances with credit card fraud. With the current zero-liability policies of most issuers, or the $50/card legal limit, I can afford it.

    Merchants can afford to take their chances, too. According to that well-known radical organ, The Wall Street Journal, credit card fraud amounts to $0.06/$100 of overall charges. Oh, the humanity! You can see why merchants spend so very much time whinging about a massive 0.06% loss rate.
  • Ok.....
    Lemme get this straight, you say something into this device and if it is successfull it gives you a 'skwak'....
    almost like back in the 'good ol days' when all this hacking started ie 2600Hz tone started all this
    Only diffrence is we dont have to worry about comming up with new fangled ways of immitating the squak with resistors and speakers.
    Mc Fly .... Hello Mc Fly !!
  • This is a bad idea, what this would mean is that if you have a cold, have dental work done or go hoarse you would be unable to make purchases until the ailment subsided.

    Do you want to be denied your Niquill purchase at 2am because some piece of plastic with a chip couldn't recognize your voice?
  • by secondsun (195377) <secondsun@gmail.com> on Saturday April 24, 2004 @03:29PM (#8960762) Journal
    My company is making a new creditcard system too. Our card will feature the CinderBlock (TM) theft prevention system. Essentially using the latest technolodgies we have embedded a magstip on a 16'x6'x8' piece of concrete. Its weight alone makes a quick snatch from an unsuspecting individual that much more unlikely. And in the event of a successful theft it features ValueBlast brand thermite and a OnStar(TM) accessible detonator. One push of a button and some poor theif just lost his arm, but your credit is secure.

    Please call 1-800-URB-ROKE for more information.
  • Is it just me, or does she not have an awesome pornstar name?

    Sounds like NewScientist (oops, I even just typed NewScientits the first time) has got even more pop-science (Check Out This Quantum Action!) than it used to be.

  • ...and I authorized this transaction.

  • Have the people type there password and have the voice system be as a second mesure for security.
  • 1. If you have to "say your password" at each atm to use your card, isn't that less save? Now they have to put up a cam and find a way to copy your card. (pin / card). A cam seems harder to install then a audio recording device.(the article states there is a high accuracy recording of the voice needed, which is possible so to be considered)

    2. If I'm drunk and I want to get money, my voice will sound somewhat different. (same with different moods which alter the voice somewhat) will I be able to use my CC
    • 1. If you have to "say your password" at each atm to use your card, isn't that less save? Now they have to put up a cam and find a way to copy your card. (pin / card). A cam seems harder to install then a audio recording device.(the article states there is a high accuracy recording of the voice needed, which is possible so to be considered) Don't we already have problems with rogue ATMs that log all your information for misuse? Imagine now recording everyone's voiceprint and their secret password. Someho
  • by antdude (79039) on Saturday April 24, 2004 @04:57PM (#8961308) Homepage Journal
    I have a speech impediment and this technology wouldn't work for me very well. :(
  • or alternatively, steal card, disable card, speak, have mp3 player hooked up to speakers in pocket that squaks like card, perfect.
  • How many people will use the same email/ISP password in the credit card so they don't forget it? Then there goes security as anyone and everyone reads their passwords aloud.
  • by Aquafort (772248)
    Simple voice-recognition systems are already used in cellphones to provide voice dialling. The challenge for Beepcard has been to develop voice-recognition and audio circuitry that can be powered by a diminutive battery embedded in a credit card.

    No, the challenge for Beepcard has been and apparently continues to be knowing the difference between voice recognition and voice identification. Yes, the phones have to learn to recognize your voice but that's not because your voice is a beautiful and unique sno

    • Also, even if we did have a set of features that could at least severely limit who could use your card without a great deal of practice, what on earth makes them think that it will be possible to do that kind of detailed spectrographic analysis on a voice sample taken in a noisy environment?

      These people either believe that all credit card transactions take place in soundproof rooms or they haven't thought this through. The voice recognition/identification would have to be pretty forgiving to accept your


  • OK so it's Saturday night and I'm at the bar, the DJ is blasting the sounds, and it's my round. Now how exactly is my credit card gonna hear me say anthing over the ear-splitting bass? Not to mention how is the bartender gonna hear my credit card squawk?

    OK so your average ./'er doesn't know what a bar is. I can almost see the blank stares....

The reason why worry kills more people than work is that more people worry than work.

Working...