Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Identity & Access

Barclays Unveils Voice Authentication for Phone Banking

Nuance Powers New Telephone Banking Voice Authentication System for Barclays

Nuance Powers New Telephone Banking Voice Authentication System for Barclays

Barclays Bank announced on Monday that it will commence rolling out voice security authentication to all customers, replacing the existing password-based method.

A Barclays spokesperson told SecurityWeek this will make its “telephone banking service easier to use and more secure than ever.” Traditional passwords have been losing favor for many years — their complex and intrusive nature prompts many users to use simple and guessable passwords. Biometrics, such as voice recognition, require very little effort from the user, and are claimed to be very secure.

A recent survey  by Visa concluded that two-thirds of European consumers are ready to use biometrics for payment transactions.

“Each person’s voice is as unique as their fingerprint, made up of over 100 characteristics based on the physical configuration of the speaker’s mouth and throat,” explains a Barclays statement released today. “Therefore, when a customer calls up to use telephone banking, the technology will be able to identify them simply from the first few words that are spoken.”

In general, voice biometrics systems come in two flavors: active-mode and passive-mode. In active mode, explains Alan Goode, MD of mobile and biometrics consultancy Goode Intelligence, “a customer records a phrase and then repeats this phrase every time they access the service.” In passive-mode, he added, “the customer doesn’t need to repeat specific words but talks naturally.” The Barclays spokesperson subsequently confirmed to SecurityWeek that the system will operate in passive-mode, and will require at least two conversations before it can be used. 

A traditional security fear for voice biometric authentication is a covert recording of the user concerned. This would make active-mode less secure than passive-mode since a recording of any authentication phrase would be all an attacker would need. The Barclays spokesperson told SecurityWeek that every voice-authenticated inquiry will involve at least some interaction with a Barclay’s operative, thus making any voice recording effectively unusable. The technology supplier is Nuance.

Voice security will be available to all personal banking customers, but not yet for corporate or business clients. In order to register for voice security, customers must call Barclays telephone banking service, which will start the process of creating a digital voice print. Once Barclays has collected a sufficient voice print over the course of multiple phone calls (approximately three) customers can opt to use voice security technology rather than a password to identify themselves.

Advertisement. Scroll to continue reading.

Collecting and storing user biometrics does have some data privacy implications in some jurisdictions. However, in this case it is initially instigated by the user which should solve most consent issues. It is likely that Barclays will have incorporated a methodology for removing voice recordings if the user changes banks since this will become a legal requirement within the European Union under General Data Protection Regulation (GDPR).

The technology has been trialled by Barclays since 2013. “The success of the trial,” says the official statement, “means that they are now making it available to all customers, which will be rolled out in August 2016.” According to a report on the BBC, this trial successfully thwarted several fraud attempts.

A bank or the service provider, Alan Goode told SecurityWeek, “will often have a voice database of bad actors and known fraudsters that they can identify if they attempt fraud over the telephone banking channel. Companies like NICE are strong here.” It isn’t known whether the thwarted fraud attempts were from voice rejections by the technology or from voice matching with the database of known fraudsters.

Atlanta-based Pindrop Security is another company focused on combating phone-based fraud. The company explains that by integrating voice biometrics, its technology can match voice signatures to identify a caller, with “phoneprinting”, which analyzes the entire audio spectrum of a call to identify indicators of attack. The startup recently announced that it had raised $75 million in a Series C funding round led by Google Capital, bringing the total raised by the company to $122 million.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights