A number of banking institutions, along with a couple of IFSPs, have begun implementing Voice ID, voice biometric tech, as a means of access for user accounts. This is happening despite concerns over deep voice technology and the increasingly readily available recordings of people through social media and other public sources.
Deep Fakes and Social Engineering
Perhaps this type of biometric security has reached a level passing beyond concern, since Chase is far from the only entity to adopt it. Many large and well-known institutions have also followed suit in incorporating its use. However, the threat of deep fake or deep voice exploits, combined with social engineering, is of real concern, since at least one incident has been known to have happened where a bank employee was fooled into transferring $35 million dollars as part of a scam in 2020.
In early 2020, a bank manager in Hong Kong received a call from a man whose voice he recognized—a director at a company with whom he’d spoken before. The director had good news: His company was about to make an acquisition, so he needed the bank to authorize some transfers to the tune of $35 million. A lawyer named Martin Zelner had been hired to coordinate the procedures and the bank manager could see in his inbox emails from the director and Zelner, confirming what money needed to move where. The bank manager, believing everything appeared legitimate, began making the transfers.
The problem here isn’t “deep voice” tech. This is a laughably poor security protocol that allows money to be moved with a phone call. https://t.co/ClzzxILOz7— Anthony DeRosa (@Anthony) October 14, 2021
Aside from potential security risks with the method, it appears that some institutions are not even offering an opt-in or opt-out option. Something as simple as a phone call begins the enrollment. One person has reported that when they tried to call their bank, Chase, an automated message began with “a disclaimer that it would be fingerprinting my voice,” and they were not given the choice of opting out.