Voice authentication, spoofing and rates of change

“My voice is my password” and similar phrases have begun to be used for secure voice authentication for banks and health insurers and other critical services that require security and privacy.

It’s likely that several of your own service providers will roll this out in the next couple of years. Progress, right?

The problem is that in the short time since voice identification models have become mainstream and slick enough to be used in call centers, voice spoofing technology has exploded. It is now trivial to create voice tracks saying whatever you want them to say without human ears being able to tell any difference, and increasingly, fooling the voice authentication models too.

Worse, we are probably only a few years from trivial video spoofing with the same qualities.

I support the idea of moving away from passwords and improving security, but I struggle to understand how voice authentication is anything other than a tiny blip in the timeline before it becomes the easiest vector for fraud yet.

Published by David Kirk

David Kirk runs Milliman’s actuarial consulting practice in Africa. He is an actuary and is the creator of New Business Margin on Revenue. He specialises in risk and capital management, regulatory change and insurance strategy . He also has extensive experience in embedded value reporting, insurance-related IFRS and share option valuation. He has been involved in significant insurance projects across Sub Saharan Africa and in the Middle East.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.