AI tools make layering technologies a requirement for voice authentication
A reporter with the Guardian Australia has replicated an experiment by a Vice reporter who broke into his own bank account by using artificial intelligence to beat a voice biometrics system used to protect people’s Australian government accounts.
The reporter trained a system with “just” four minutes of speech and used the cloned voice to bypass a security system used by the Australian Taxation Office and government’s Centrelink tool. Services Australia, which is responsible for the Centrelink service, claims on its website that the voice biometrics system includes liveness detection.
Details like how many attempts the reporter made or what AI service was used to generate the voice clone are not revealed in the article.
HID Global says in an ebook on ‘The Right Biometrics Capabilities for Better Banking’ that liveness detection is a key feature for remote authentication and identity verification, and can take several forms. That includes voice liveness, but can also include other factors like location metadata, which might catch many fraud attempts, but not one carried out by the person who owns the account.
The company advises the use of multimodal biometrics, liveness and AI technologies, and edge-enabled scanning among capabilities to improve the banking experience.
Among the reports findings is the necessity of employing multi-factor authentication, and the relative weakness of one-time passwords as part of an MFA process. Organizations must take into account emerging technologies for generating deepfakes when formulating their authentication strategies, Pindrop says.
“As organizations adopt the conversational AI and voice assistant technologies, they are hard pressed to balance security with customer experience,” says Pindrop VP of Product for Authentication Amit Gupta. “Not only that, legacy authentication methods typically don’t work for these technologies and they can impede extracting most value from these tools. With the advancement in technology for multifactor authentication leveraging biometrics, there are better ways to validate a user’s identity without treating them as criminals on every interaction.”