Sberbank said that voice is an insufficiently protected means of biometric identification
With the development of biometric authentication in the banking sector, the number of fraud attempts related to the emulation of personal data increases. Sberbank said that prankers (telephone hooligans simulating other people’s voices) are a problem for financial institutions. Voice fraud is as old as the world: the fraud can call someone else, and, having introduced himself as a close relative, ask to send money. In the financial sphere, it will be more difficult for a pranker, because any biometric authentication is multi-factor. Specialists in information security have already developed a method of working with simulators of voices, but details are not disclosed.
It should be noted that the human voice itself is a rather weak password. Already now there are computer programs that can modify pranker’s voice beyond recognition in real time the voice if there are enough records of a person’s voice. A separate threat is the base of voices, which are located on Apple and Google servers: Internet assistants send enough speech segments of clients to cloud storage. However, IT giants declare multi-level data encryption, so leaks of voice databases are unlikely. Therefore, client authentication at a distance takes place on several parameters, including a visual image of the face and a secret password. Experts predict that remote authentication will be constantly complicated and include Face ID, fingerprints, voice and secret words or combinations of numbers.
Experts argue that modern technologies can allow pranker to log in to the system. But it is unlikely to get access to accounts: security will suspect something wrong on the first secret question. For example, a trained fraud may know the victim’s mother’s maiden name. But the pranker will not be able to answer a question in which department and when the account was opened.
Sberbank announced the failed attempts of fraud using false phone numbers
In January 2019, Sberbank clients reported a fraud in which calls from unknown persons were identified as coming from a financial institution. The scheme of deception was that allegedly security service warned about attempts to withdraw funds from the account. At the same time, unknown asked for data available only to the client of the bank for identification, namely — card number, date of its issue and secret number. Obviously, real staff would never ask such questions.
In February 2019, the state operator Rostelecom announced the creation of a unified system that would combine biometric information collected by mobile operators and banks. One of the features of the platform is identification of the client by voice, face and actual phone number. All data contained in the system is encrypted through the latest developments in cryptography.