Skip navigation to main content

Voice recognition, hackers and AI: the future of banking authentication?

In 2014, when Alexa burst onto the scene, voice recognition suddenly dropped out of the world of sci-fi and into our laps.

A technology that for years had been the preserve of R&D and questionable in-car hands-free systems underwent its eureka moment and became commonplace.
In the five years since, companies in a wide range of sectors have been investigating how reliable, cloud-based voice control could be used to improve their services. In finance particularly, the question of voice authentication has become a priority.

Open Banking, PSD2 and the rise of digital-native challenger banks have rapidly rewritten the rules of an industry that has been broadly static for the past three centuries. Banks desperately need to build customer-centric systems to retain their market share. Could voice authentication be the way to do it?


The vision
In theory, a cloud-based voice authentication system could be used to grant access to online banking from any device, anywhere in the world. You could walk into a friend’s house and ask their Alexa to tell you your balance. You could stroll into a restaurant and breezily request that their smart TV tip the waiter. You could tell your iPad to pay your gas bill on your morning commute.

Voice authentication could, in theory, remove the irritating, minutes-long login process that’s currently associated with banking. It’s not conducive to a positive customer experience if your much-lauded banking app is harder to crack open than a walnut. Keeping intruders out is one thing – keeping your customers out is another. The importance of customer experience has seen card readers drop off the radar for the most part, but even the smoothest of the two-factor login processes that have replaced them can be frustrating.

As voice recognition tech becomes more advanced, it could provide a way to implement uncrackable, universal single-factor authentication – the best of both the CX and security worlds. Everyone carries a unique set of voice identifiers with them – if implemented properly, some companies hope that these could be the future of seamless login.
The problem
But as with all tech utopias, there’s a catch. AI-based systems like voice authentication are susceptible to hackers. For example, emerging hacking techniques can add ’noise’ to voice data to fool authentication systems. There have been white hat test cases in which AI has been tricked into thinking that a photo of a human was a picture of a hippo, and it’s not hard to imagine the same technique being used for audio data. Voice recognition systems will pick up on false data that a human might discount as interference, which means there’s a real risk that hackers could digitally emulate people’s voices to hack into their accounts. 

It’s not just inbound hacking that poses a risk, either – cybercriminals could well use voice recognition technology to launch outbound attacks. For example, voice-based phishing can be extremely hard to detect. If you receive an email from the Prince of Burundi asking for your bank details, these days you’re pretty likely to delete it. But if you get a voicemail from your CEO asking you to release funds immediately, you might be a bit more likely to comply – particularly if the attack is contextualised with data about you that the hackers have obtained elsewhere.

To keep these threats at bay, banks will have to continue deploying multi-factor authentication - which in turn slows down the customer experience. There is a question mark over whether or not it’s worth going to all the expense involved in voice authentication if it will only end up being functionally the same as legacy solutions.

The future
With all that in mind, in the quest for secure, user-friendly CX, how can banks balance innovation with protection? There’s no question that cloud-based authentication is the future of customer-centric banking. The real question is not whether one wonder technology like voice recognition can revolutionise all login experiences – it’s whether companies are investing in the right back-end technology to support their front-end customer experiences.

Ultimately, a smoother authentication experience is based on seamless data integration across multiple systems. You might need to build two-factor authentication in at the front of your system, but that doesn’t mean that the process has to be repeated every time a customer crosses over from one of your services to another, for example. You might need two-factor authentication to guarantee security, but you can still maximise the quality of your customer journey by ensuring that once they’ve validated their ID, they can move around your systems smoothly.

Having the right cloud infrastructure is essential to making this seamless customer journey possible. If you have multiple systems spread across a variety of servers, it’s hard to link them all up under a single Identity and Access Management (IAM) system. By moving to the cloud, it’s possible to integrate multiple apps and systems under a single authentication platform so customers can log in to their bank account and then move across to review their mortgage repayments – or whatever the use case may be.

Voice recognition certainly has the power to change the way we authenticate user identity, but the real agent of change is the infrastructure that powers IAM. Banks need to work with a partner who can help them build a resilient, scalable, user-friendly system – that will support their full offering. If voice recognition is part of that, then so much the better – but it needn’t be the be-all and end-all.