Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Businesses Privacy

Should Brokers Use 'Voice Prints' For Stock Transactions? (cnbc.com) 64

Fidelity and Charles Schwab now allow traders to use "voice prints" to authorize stock transactions. But there's more to the story, argues long-time Slashdot reader maiden_taiwan: Fidelity Investments is touting its new security feature, MyVoice, which allows a customer to access his/her financial accounts by telephone without a password. "When you call Fidelity, you'll no longer have to enter PINs or passwords because Fidelity MyVoice helps you interact with us securely and more conveniently. Through natural conversation, MyVoice will detect and verify your voiceprint in the first few moments of the call... Fidelity MyVoice performs even if you have a cold, allergies, or a sore throat."

Based on my own experience, Fidelity now enables MyVoice automatically for its customers who call in for other reasons. Apparently, their conversation with Fidelity customer service provides enough data for MyVoice to recognize them. (Customers are informed afterward that MyVoice has been enabled, and they can opt out, although they aren't told that opting out is possible.)

It's not clear whether Fidelity is creating voice profiles of their customers without asking first. (Fidelity's site says only that their representatives will "offer" to enroll you the next time you call.) But the original submission ends with two more questions. "In an era where Apple's face recognition is easily defeated by family members, is voice recognition any more secure?"

And "Is a 'voiceprint' even possible?"
This discussion has been archived. No new comments can be posted.

Should Brokers Use 'Voice Prints' For Stock Transactions?

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Saturday November 25, 2017 @04:43PM (#55621719)

    Hi, my name is Werner Brandes. My voice is my passport. Verify Me.

  • I can't wait to clean out my identical twin's account.
  • Not secure at all (Score:1, Insightful)

    by Anonymous Coward

    This isn't secure at all. There are at least a couple of problems.

    A recording of a person should be able to fool the system. Given that just about everyone uses their voice, they are leaving information behind that could be used to compromise their account. Given enough voice recordings, you could stitch them together to compromise a person's account.

    Also, even if you don't have the exact recording you want, given enough samples of a person's voice, you can use a computer to make a recording of a person say

    • "This is how Majel Barrett is the computer voice in Star Trek Discovery despite having passed way years ago."

      Er, no.

      Firstly, it doesn't sound anything like her. Secondly, if you actually looked at the IMDB credits page:
      Julianne Grossman ... Discovery Computer
      Tasia Valenza ... Shenzhou Computer

      Making crap up to reinforce your point is a good way for people to ignore your entire argument.

      • by Anonymous Coward

        It sounds like Star Trek Discovery chose not to use Majel Barrett's voice for the computer voice. However, it was reported while the show was under development that they wanted to do so. There are plenty of sources that you can find with a simple search to back this up.

        So, basically I made an error by not verifying that they had gone through with using Majel Barrett's voice. However, your reply was rude and contributes to the lack of civility in these discussions. I'll admit that I was wrong, but it was an

    • Biometrics is like having a really long password, written on your shirt. But it's so long, nobody could ever guess it!
  • Oh goodie! This should be easy! [theregister.co.uk]

  • Comment removed based on user account deletion
    • by Anonymous Coward

      There's a problem with this. The summary specifically says that this eliminates the use of a password.

      If voice recognition was used along with a password, it's another layer of security. Used in that manner, it couldn't weaken the system, but it could make it stronger.

      In your example, the authentication system would ask you to repeat a particular word or words. That's a problem. All you need to do is get a recording of the person using those words, and the system has already told you what those words are.

      Th

    • Retired electronic technician here.

      Voice patterning calls for clipping the amplitude of the signal and analyzing the frequencies along the baseline.

      Further filtering eliminates the constant, repetitive, background noise.

      It's a sophisticated technique that's been around for many tears.

      When I was in the Navy (US), we listened for submarines using aircraft and sonobouys, eliminating sounds from schools of fish and shrimp, and even our own carrier.

      Regarding TFS, the answer is:

      Brokers should do whatever it take

      • Comment removed based on user account deletion
        • Understood and appreciated.

          I was addressing the point about reliability.

          It's a very mature process. I was in the Navy ca. Moby Dick Was A Minnow (1965-1974).

          We analyzed all manner of sound waves (and radio as well).

          For example, we captured the sound signatures of all submarines we could, especially Russian.

          Each vessel had characteristic audio that came from cavitation, reefers, bad bearings, pumps, etc.

          Sound recognition has come a long way since then.

    • Whenever a friend or family member calls me, I can recognize their voice even WITHOUT them telling me who it is. So yes, of course it's possible to recognize voices, especially when the person says their name, so you're only confirming yes / no to a particular identity, not trying to figure out who it is.

      A few things need to be done to make it more secure than it would be without them. The biggest one is a challenge - they should be prompted to say something they wouldn't predict ahead of time, in order t

      • Comment removed based on user account deletion
        • > Recognising the voice of someone under random conditions is a quite complex action. There are many things that are extremely simple for you, but extremely difficult for a computer.

          It may or may not be *difficult*, but it's definitely *possible*. If anyone has any evidence that this task is particularly difficult for a computer, much more difficult than it is for a human, I'd love ot see that evidence. Or evidence to the contrary. If voice recognition actually is that hard for modern computers, there

      • Hollywood and others already have the tools to recreate a voice [theverge.com] without the person present - saying any word. And Caller ID can be spoofed trivially. ANI cannot as easily, but that also probably wouldn't work for brokers in a company using a multi-line phone system.

        • The start up mentioned in the Verge story may or may not develop a usable product, but in my experience Verge is slightly less reliable than National Enquirer. For example, the last two network neutrality stories posted here in the last few days have been from Verge, and both have been utterly full of shit.

  • Blood samples, an ounce or two per transaction should be sufficient.

  • Oops- I have to make a transaction but I'm hoarse from a cold, or a concert, or a car accident... guess I just go bankrupt.

  • The problem with telephone anything is that you typically have to say your password aloud within earshot of anyone who is listening, into a device that is easily spied on through a network with known flaws.

    It's probably not more secure than FaceID, but that's not the benchmark. The benchmark is a shitty phone password, or god forbid basic details such as your date of birth, your mother's maiden name, and your current address.

  • by YuppieScum ( 1096 ) on Saturday November 25, 2017 @05:39PM (#55622011) Journal
    "Is a 'voiceprint' even possible?"

    Yes, given a standardised high-quality microphone in a controlled, acoustically-neutral environment, directly connected to the analysis system.

    However, in the case of audio captured in random-background-noise environments from variable (generally average-to-poor) quality microphones, frequency-constrained and compressed (in the analogue sense) then, in the case of a land-line, pushed down a mile or so of dodgy copper or aluminium before being encoded and compressed (in the digital sense), then punted through a variety of systems before being re-constituted at the receiving end, and then being able to reliably identify one person from another with sufficient accuracy to legally enter into a contract... no.

    I think Rory Bremner (substitue your locally-well-known impressionist) is going to become incredibly wealthy.
  • I heereby authoriiize the purchasse of 50 Billion Dollarrrs wörth of stöck from theee Amazingleee Reliabble Inveeestment Fünd of Lagosss, Nigeriaaa. Pleaase sendd they möney in unmarkked fifteee Döllarr billls to P.O. Box 65631 att one-theee-five Revolütiön Röad in Lagoss Nigeeeria.
  • I am a Fidelity customer. I received a mailing from Fidelity describing the My Voice feature but it said I had to call in and specifically request that it be enabled. Fidelity is NOT enabling it by default for customers, at least based on what I can see.

    However, this is not entirely a seamless experience. When you call in, you still have to enter your username or SSN using the phone keypad (for a username, you press the digit the letter is on, case doesn't matter, and * for special characters. Without My Vo

    • by stevel ( 64802 )

      Ah, reading too fast. The story seems ok, but my experience doesn't match that of user maiden_taiwan.

    • I am the submitter of this story, and the details are correct. Here is the timeline of events as I experienced them.

      1. I phoned Fidelity. A recording informed me that my rep would discuss MyVoice with me.
      2. I spoke with the rep and conducted my financial business. MyVoice was not mentioned yet.
      3. At the end of the call, the rep said to me, "We've enrolled you in a wonderful new security feature called MyVoice," and proceeded to describe it. She said that Fidelity had sampled my voice during the call to crea

      • by stevel ( 64802 )

        I'm not doubting you, just stating that my experience was different. MyVoice was not mentioned at all until I brought it up, though the agent did say he had intended to ask if I wanted it.

  • As any biometric system, this uses non revocable public data as authentication credentials.

    Once someone manages to fool the system, there is no password change, the whole system must be replaced.

  • I assume speech impediments are OK.

  • These attempts at using a fingerprint, voiceprint, or "faceprint", always seem to be broken. It has to account for both natural variation but not too much or it's easily broken. I'd like to see more use of those random number generator tokens for verification. They are highly secure and seem pretty simple to use.

    If reading a number from a tiny screen is too hard then have the token beep out the touch tones with a button press, or put in a USB interface to type it in for the user. If the device used for

  • "Computer, begin auto-destruct sequence, authorization Picard 4-7 Alpha Tango."
    "Computer, Commander Beverly Crusher. Confirm auto-destruct sequence, authorization Crusher 2-2 Beta Charlie."
    "Computer, Lieutenant Commander Worf. Confirm auto-destruct sequence, authorization Worf 3-7 Gamma Echo."

  • There is nothing more useless than a lock with a voiceprint. [wikia.com] -- Fourth Doctor, The Invasion of Time.

news: gotcha

Working...