Should Brokers Use 'Voice Prints' For Stock Transactions? (cnbc.com) 64
Fidelity and Charles Schwab now allow traders to use "voice prints" to authorize stock transactions. But there's more to the story, argues long-time Slashdot reader maiden_taiwan:
Fidelity Investments is touting its new security feature, MyVoice, which allows a customer to access his/her financial accounts by telephone without a password. "When you call Fidelity, you'll no longer have to enter PINs or passwords because Fidelity MyVoice helps you interact with us securely and more conveniently. Through natural conversation, MyVoice will detect and verify your voiceprint in the first few moments of the call... Fidelity MyVoice performs even if you have a cold, allergies, or a sore throat."
Based on my own experience, Fidelity now enables MyVoice automatically for its customers who call in for other reasons. Apparently, their conversation with Fidelity customer service provides enough data for MyVoice to recognize them. (Customers are informed afterward that MyVoice has been enabled, and they can opt out, although they aren't told that opting out is possible.)
It's not clear whether Fidelity is creating voice profiles of their customers without asking first. (Fidelity's site says only that their representatives will "offer" to enroll you the next time you call.) But the original submission ends with two more questions. "In an era where Apple's face recognition is easily defeated by family members, is voice recognition any more secure?"
And "Is a 'voiceprint' even possible?"
Based on my own experience, Fidelity now enables MyVoice automatically for its customers who call in for other reasons. Apparently, their conversation with Fidelity customer service provides enough data for MyVoice to recognize them. (Customers are informed afterward that MyVoice has been enabled, and they can opt out, although they aren't told that opting out is possible.)
It's not clear whether Fidelity is creating voice profiles of their customers without asking first. (Fidelity's site says only that their representatives will "offer" to enroll you the next time you call.) But the original submission ends with two more questions. "In an era where Apple's face recognition is easily defeated by family members, is voice recognition any more secure?"
And "Is a 'voiceprint' even possible?"
Hi, my name is Werner Brandes. My voice is my pass (Score:5, Funny)
Hi, my name is Werner Brandes. My voice is my passport. Verify Me.
Bell Canada system is easy to hack (Score:2)
https://www.youtube.com/watch?... [youtube.com]
Yes! (Score:1)
Not secure at all (Score:1, Insightful)
This isn't secure at all. There are at least a couple of problems.
A recording of a person should be able to fool the system. Given that just about everyone uses their voice, they are leaving information behind that could be used to compromise their account. Given enough voice recordings, you could stitch them together to compromise a person's account.
Also, even if you don't have the exact recording you want, given enough samples of a person's voice, you can use a computer to make a recording of a person say
Re: (Score:2)
"This is how Majel Barrett is the computer voice in Star Trek Discovery despite having passed way years ago."
Er, no.
Firstly, it doesn't sound anything like her. Secondly, if you actually looked at the IMDB credits page: ... Discovery Computer ... Shenzhou Computer
Julianne Grossman
Tasia Valenza
Making crap up to reinforce your point is a good way for people to ignore your entire argument.
Re: Not secure at all (Score:1)
It sounds like Star Trek Discovery chose not to use Majel Barrett's voice for the computer voice. However, it was reported while the show was under development that they wanted to do so. There are plenty of sources that you can find with a simple search to back this up.
So, basically I made an error by not verifying that they had gone through with using Majel Barrett's voice. However, your reply was rude and contributes to the lack of civility in these discussions. I'll admit that I was wrong, but it was an
Re: (Score:2)
"Willard White speaking" (Score:1)
Oh goodie! This should be easy! [theregister.co.uk]
Re: (Score:2)
Re: Voice prints seem kind of doable (Score:1)
There's a problem with this. The summary specifically says that this eliminates the use of a password.
If voice recognition was used along with a password, it's another layer of security. Used in that manner, it couldn't weaken the system, but it could make it stronger.
In your example, the authentication system would ask you to repeat a particular word or words. That's a problem. All you need to do is get a recording of the person using those words, and the system has already told you what those words are.
Th
Re: (Score:2)
Re: (Score:2)
Retired electronic technician here.
Voice patterning calls for clipping the amplitude of the signal and analyzing the frequencies along the baseline.
Further filtering eliminates the constant, repetitive, background noise.
It's a sophisticated technique that's been around for many tears.
When I was in the Navy (US), we listened for submarines using aircraft and sonobouys, eliminating sounds from schools of fish and shrimp, and even our own carrier.
Regarding TFS, the answer is:
Brokers should do whatever it take
Re: (Score:2)
Re: (Score:2)
Understood and appreciated.
I was addressing the point about reliability.
It's a very mature process. I was in the Navy ca. Moby Dick Was A Minnow (1965-1974).
We analyzed all manner of sound waves (and radio as well).
For example, we captured the sound signatures of all submarines we could, especially Russian.
Each vessel had characteristic audio that came from cavitation, reefers, bad bearings, pumps, etc.
Sound recognition has come a long way since then.
Re: (Score:2)
Of course it's possible - I recognize hundreds (Score:3)
Whenever a friend or family member calls me, I can recognize their voice even WITHOUT them telling me who it is. So yes, of course it's possible to recognize voices, especially when the person says their name, so you're only confirming yes / no to a particular identity, not trying to figure out who it is.
A few things need to be done to make it more secure than it would be without them. The biggest one is a challenge - they should be prompted to say something they wouldn't predict ahead of time, in order t
Re: (Score:2)
Might be difficult, but certainly possible. Eviden (Score:2)
> Recognising the voice of someone under random conditions is a quite complex action. There are many things that are extremely simple for you, but extremely difficult for a computer.
It may or may not be *difficult*, but it's definitely *possible*. If anyone has any evidence that this task is particularly difficult for a computer, much more difficult than it is for a human, I'd love ot see that evidence. Or evidence to the contrary. If voice recognition actually is that hard for modern computers, there
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Hollywood and others already have the tools to recreate a voice [theverge.com] without the person present - saying any word. And Caller ID can be spoofed trivially. ANI cannot as easily, but that also probably wouldn't work for brokers in a company using a multi-line phone system.
Maybe. Verge is slightly less reliable than Enquir (Score:2)
The start up mentioned in the Verge story may or may not develop a usable product, but in my experience Verge is slightly less reliable than National Enquirer. For example, the last two network neutrality stories posted here in the last few days have been from Verge, and both have been utterly full of shit.
Re: (Score:2)
The source was just the first that came up in a Google search for Lyrebird. There are others.
There is a better choice (Score:2)
Blood samples, an ounce or two per transaction should be sufficient.
So a cold might financially ruin me? (Score:2)
Oops- I have to make a transaction but I'm hoarse from a cold, or a concert, or a car accident... guess I just go bankrupt.
Re: (Score:2)
If car accidents are making you hoarse, you probably need to stop giving so much road head.
Re: (Score:1)
Oh I've seen it several times. Car accidents sometimes do "very bad things" to your neck.
Is voiceprint more secure than what? (Score:2)
The problem with telephone anything is that you typically have to say your password aloud within earshot of anyone who is listening, into a device that is easily spied on through a network with known flaws.
It's probably not more secure than FaceID, but that's not the benchmark. The benchmark is a shitty phone password, or god forbid basic details such as your date of birth, your mother's maiden name, and your current address.
Um... (Score:3)
Yes, given a standardised high-quality microphone in a controlled, acoustically-neutral environment, directly connected to the analysis system.
However, in the case of audio captured in random-background-noise environments from variable (generally average-to-poor) quality microphones, frequency-constrained and compressed (in the analogue sense) then, in the case of a land-line, pushed down a mile or so of dodgy copper or aluminium before being encoded and compressed (in the digital sense), then punted through a variety of systems before being re-constituted at the receiving end, and then being able to reliably identify one person from another with sufficient accuracy to legally enter into a contract... no.
I think Rory Bremner (substitue your locally-well-known impressionist) is going to become incredibly wealthy.
Thiiis Isss Warren Buffettt Speaaaking (Score:2)
Story seems inaccurate to me (Score:2)
I am a Fidelity customer. I received a mailing from Fidelity describing the My Voice feature but it said I had to call in and specifically request that it be enabled. Fidelity is NOT enabling it by default for customers, at least based on what I can see.
However, this is not entirely a seamless experience. When you call in, you still have to enter your username or SSN using the phone keypad (for a username, you press the digit the letter is on, case doesn't matter, and * for special characters. Without My Vo
Re: (Score:2)
Ah, reading too fast. The story seems ok, but my experience doesn't match that of user maiden_taiwan.
Re: (Score:2)
Cool, thanks for the follow-up!
Re: (Score:2)
I am the submitter of this story, and the details are correct. Here is the timeline of events as I experienced them.
1. I phoned Fidelity. A recording informed me that my rep would discuss MyVoice with me.
2. I spoke with the rep and conducted my financial business. MyVoice was not mentioned yet.
3. At the end of the call, the rep said to me, "We've enrolled you in a wonderful new security feature called MyVoice," and proceeded to describe it. She said that Fidelity had sampled my voice during the call to crea
Re: (Score:2)
I'm not doubting you, just stating that my experience was different. MyVoice was not mentioned at all until I brought it up, though the agent did say he had intended to ask if I wanted it.
Usual biometry defect (Score:2)
As any biometric system, this uses non revocable public data as authentication credentials.
Once someone manages to fool the system, there is no password change, the whole system must be replaced.
And for those who can't speak? (Score:2)
I assume speech impediments are OK.
I want a hardware token (Score:2)
These attempts at using a fingerprint, voiceprint, or "faceprint", always seem to be broken. It has to account for both natural variation but not too much or it's easily broken. I'd like to see more use of those random number generator tokens for verification. They are highly secure and seem pretty simple to use.
If reading a number from a tiny screen is too hard then have the token beep out the touch tones with a button press, or put in a USB interface to type it in for the user. If the device used for
Computer.. (Score:2)
"Computer, begin auto-destruct sequence, authorization Picard 4-7 Alpha Tango."
"Computer, Commander Beverly Crusher. Confirm auto-destruct sequence, authorization Crusher 2-2 Beta Charlie."
"Computer, Lieutenant Commander Worf. Confirm auto-destruct sequence, authorization Worf 3-7 Gamma Echo."
Useless (Score:2)