Artificial intelligence can now clone human voices so well they that they are almost indistinguishable from the real thing.
But how would it fare against the voice recognition tech that is supposed to protect people’s bank accounts?
As part of the BBC’s Scam Safe Week, I have been investigating the power of voice cloning.
The consumer champion Martin Lewis is among the celebrities whose voice has been targeted by scammers. And I spoke to the actor James Nesbitt, who said he was “horrified” at how realistic a cloned version of his voice was.
So I thought I would see what mine sounds like.
My voice was cloned by the same expert that did James Nesbitt’s – his was for an awareness-raising campaign by Starling Bank. Mine was easily generated using an interview I had done on the radio.
While we had fun typing in different phrases for my clone to say back, the serious issue was finding out how convincing it really was.
Colleagues in the You and Yours office struggled to tell the difference between the two voices.
But rather than seeing if an AI voice could dupe people into believing they were listening to the voice of a real person, I wanted to see how it fared against a piece of tech.
Could it get past my bank account’s voice ID system?
Several banks use a system called voice ID or ‘my voice is my password’ for their phone banking.
The phrase allows the bank to automatically confirm an account holder’s identity without the need to remember a security number.
So that was what I asked my cloned voice to say.
Armed with a recording of an AI version of me saying “my voice is my password” I called up my bank, Santander.
“Thanks for calling Santander,” came the automated response. “I can see you’re calling from your registered phone number. Let’s quickly confirm your identity with your voice.”
I pressed play.
“My voice is my password,” said an AI version of me.
After a very brief pause, the bank replied: “Thank you for using your voice as your password.”
Then it asked the reason for my call.
I was in. Or at least, this AI cloned version of my voice was in.
I then tried the same trick with my other bank, Halifax, and it resulted in another successful hack by the AI clone.
I should point out that those initial logins were done in the office, using BBC studio speakers to play my cloned voice down the phone.
So later, a my kitchen table at home on Merseyside, I did it again using a basic iPad speaker. And it worked, which suggested there was no need for top-quality sound.
It is also worth noting that I had called from my registered phone number. So a criminal would need to have stolen my phone – and to have kept it unlocked – to get in this way. Not straightforward, but very possible with a snatch theft.
‘Optional security’
The sort of information you can get at the stage of phone banking I had reached using an AI voice is potentially very useful to criminals.
Recently on You and Yours we heard from a woman who was tricked into believing a criminal who had called her was from her bank.
He had won her trust because he knew transaction information about her account.
When I told banks what I had been able to do using an AI version of my voice, Santander said: “We have not seen any fraud as a result of the use of voice ID and are confident that it provides greater levels of security than traditional knowledge-based authentication methods.”
It said voice ID was “one element of our stringent approach to customer security and fraud prevention, with a range of comprehensive checks based on the nature of the customer’s request”.
It added: “We constantly review, test and enhance our systems in response to increasingly sophisticated tactics used by fraudsters.”
Halifax described voice ID as an “optional security measure”.
It added: “We are confident that it offers a higher level of security compared to traditional knowledge-based authentication methods, and that our layered approach to security and fraud prevention provides the right level of protection for customers’ accounts, while still making them easy to access when needed.”
I also played a recording of me breaking into my own bank to Saj Huq, a cyber security specialist and member of the UK government’s National Cyber Advisory Board.
“Wow,” he said. “I say wow, because I’m dismayed that you’re able to get into your account using this technology – but I’m also not surprised at the same time, just given the rate of development of technology in this space.”
He added being able to use an AV voice to get past voice recognition software was “a really clear example of just one element of the risks that potentially the proliferation of generative AI presents”.