HSBC and Santander store voice databases to automatically block phone scammers

More and more attempts of accessing bank users’ accounts via telephone fraud are being reported. According to cyber security solutions specialists, banking giant HSBC detected at least 17,000 fraudulent phone calls during 2019, more than double compared to previous years.

HSBC, like other banks such as Santander, has a database of suspected fraudsters, storing files with voice records and dialogue patterns used by scammers to identify potential fraudulent login attempts.

For example, in HSBC, after entering their account details, users must say the phrase “My voice is my password” to complete their verification process. As the cyber security solutions experts mentioned, this security measure has significantly reduced illegitimate remote login attempts: “After the customer enters their voice ID, the system performs multiple additional verifications and security processes in the background, ensuring that the account holder is the one trying to get into the banking system,” mentions an HSBC representative.

As the implementation of such security measures is growing, the rate of successful fraud attempt has decreased. However, threat actors never stop trying to complete a scam; data breaches in third-party companies and databases are always very useful for these scammers, as unimaginable amounts of sensitive information are leaked, including payment card data, dates of birth and emails, all of these are necessary data to carry out such a fraud.

These systems have proven to be highly efficient, and cyber security solutions experts support this statement with figures. Although the number of attempts at phone bank fraud increased by 18% between 2018 and 2019, losses from this activity fell by almost $30 million USD just in the United Kingdom.

Moreover, the International Institute of Cyber Security (IICS) also highlights that this is a more than convenient measure to protect access to customer accounts, becoming an additional layer of security for users who are victims of data breaches.