Voice recognition to replace passwords for 1.3 million First Direct customers 'within two months' – what to expect
If you're a First Direct customer you'll soon be able to access your account details without having to give a password, thanks to new voice recognition technology the bank's bringing in – but if you're not comfortable with the new 'biometric banking' system you can opt out.
The bank says it expects to have most of its 1.3 million customers up and running on its new 'Voice ID' security system by the end of the summer.
If you're a First Direct customer and have called the bank recently, the chances are you've already been briefed on the security shake-up and your voice pattern has already been recorded ahead of the roll-out.
Although First Direct's leading the way in embracing the new technology, other banks are also planning to follow suit.
HSBC says 15 million of its customers will be able to use voice recognition to log in "later this year", while Barclays and Lloyds Banking Group are also looking into ways of replacing traditional password security with voice recognition technology for the majority of their customers.
See our Best Bank Accounts guide for more on the pros and cons of different accounts.
I'm a First Direct customer – what's changing?
First Direct is online and telephone-based (although customers can also pop in to HSBC branches). Rather than dealing with an automated answering system, when you call up you're put straight through to someone in a call centre.
Currently you're asked to give your postcode, surname and first initial, two characters from your password (eg, the second and fourth) and the answer to a security question (eg, a memorable date or address). However, once voice recognition's working on your account, you won't have to give a password. First Direct says in due course you may not need to answer a security question either.
The voice recognition will kick in while you're giving your postcode and name (and, for the time being, answering the security question). First Direct says the system will be able to tell if you are who you're claiming to be in just two seconds – it's expected to speed up and simplify the security process because you won't need to remember a password anymore.
While there's no fixed date for the roll-out, we understand First Direct hopes to have the majority of its customers on the new system within two months.
What if I don't want to use voice recognition?
Although First Direct will be switching customers to voice recognition as standard, you are able to opt out if you don't want to use it. When you next call First Direct you should be told about the new system (if you haven't been already) and you can opt out at this point if you want.
Alternatively, if you start using voice recognition but decide you want to stop, you can opt out at a later point. Those who opt out will continue to be verified as they are today.
How does Voice ID work?
OK, here's the science bit...
First Direct tells us that just as everyone has their own unique fingerprint, everyone's voice is unique too. When somebody speaks, the technology measures how they use their lips, mouth, vocal tract and diaphragm – as well as behavioural aspects like speed of speech, pronunciation and accents. It takes about 140 different performance measurements that, together, are totally unique to the person speaking.
The system does all this in around two seconds, and lets First Direct know that it's definitely you who's talking. Rather than taking an actual recording of your voice, before you sign up it'll take a 'digital print' of what's going on when you speak, and that 'print' will be attached to your account so it recognises you when you call.
Biometric security has been around for a while now – the mass market breakthrough really came with the inclusion of a 'Touch ID' fingerprint reading sensor with Apple's iPhone 5s. Now banks are beginning to explore voice recognition technology and fingerprint scanning to make it quicker and safer for customers to access their finances.
HSBC, First Direct, Royal Bank of Scotland and NatWest customers are all already able to access their accounts via apps which use fingerprint scanning security.
What if I've got a cold when I call?
First Direct claims that even if you've a cold or sore throat, the way you generate speech is still the same, so it will still be able to verify you using Voice ID.
It says that in the unlikely event that it can't verify you using Voice ID (eg, you're in a crowded place where lots of people are talking) the First Direct call centre will ask you to call back at a more convenient time, or move somewhere a bit quieter where there's less background noise.
If it still can't verify you using Voice ID, First Direct says it will ask you to provide the usual back-up info – such as card details and answers to memorable questions – to let you into your account.
What if someone tries to mimic my voice?
First Direct claims that gaining access to someone else's account by mimicking their voice simply isn't possible – as above, it says everyone's voice is unique and its system will be able to detect if someone else is trying to access your account – or even if somebody is playing a recording of your voice.
In fact, First Direct argues its voice recognition technology will help it fight fraud. To complement its Voice ID security system for customers, we understand the bank's in the process of creating a 'database of fraudsters'.
The voice recognition technology will kick in while you're giving your postcode and name to the call centre
What are other banks doing?
While First Direct will become the first bank to bring this technology to the masses this summer, other banks aren't far behind:
HSBC – First Direct's parent bank – plans to introduce voice recognition by the end of the year.
Barclays already offers voice recognition security to its 11,000 'wealth clients' (customers with £500,000 of investable assets) and plans to extend it to all customers in due course, though it won't give a timeframe. A Barclays spokesperson added that the technology had cut the time taken for wealth clients to go through security checks from one and a half minutes to 10 seconds.
Lloyds Banking Group, which includes the Halifax brand, says it's also looking at voice recognition but a spokesperson described it as a "longer-term project".
Santander launched phase one of its 'voice banking' initiative in March. While this is not designed as a replacement for the traditional password, it allows users of Santander's SmartBank app to ask simple questions about their spending (eg, 'How much did I spend on New Year's Eve?'). Phase two, which is due to go live later this year, will include advanced speech features such as the ability to make payments, report lost cards, set up account alerts and ask a broad range of questions about spending.
So what do the experts say – is it really safer?
First Direct and others insist voice recognition security will make your account more secure, but rather than just take their word for it, we asked a couple of independent security experts for their view.
Robert Pritchard, founder of consultancy The Cyber Security Expert, says:
"It's certainly an improvement, remembering passwords and PINs can be the bane of people's lives and the current system is vulnerable to fraud. People become victims of fraud all of the time; with just a little bit of information easily picked up [criminals] can trick their way past telephone banking security.
"The move towards biometric banking is a step forward, although some people may not want to use it because of their concerns about ownership of their personal data."
Alan Owens, head of cyber security at law firm DWF, says:
"It's an important step forward because there are a lot of poor quality passwords out there – about 5% of passwords are '12345' and the date of birth and name of a first child is also a popular password. So just by having a little bit of information about someone, hackers can gain access [to someone's finances].
"Biometrics is growing because it can give customers security as well as convenience – but when it doesn't work it can cause colossal damage."
For more tips on how to stay safe and keep your details secure, see our 30 Ways to Stop Scams guide.