Cloned customer voice beats bank security checks - BBC
A BBC investigation successfully bypassed bank voice recognition security systems using an AI-generated voice clone of journalist Shari Vahl
- Incident date
- Nov 2024
- Target
- Shari Vahl
In November 2024, journalist Shari Vahl demonstrated how easily AI voice cloning technology could bypass biometric security measures at major financial institutions. By utilizing a recording of an AI-generated version of her own voice, Vahl successfully accessed her accounts at both Santander and Halifax by reciting the specific phrase required for voice ID authentication.
What happened
The experiment utilized an AI clone created from a previous radio interview. Vahl tested the technology by calling her banks and playing the AI-generated audio through speakers—first using professional studio equipment and later a basic iPad speaker from her home. In both instances, the banks' automated systems accepted the synthesized voice as authentic, granting access to the phone banking interface.
While the test required calling from the journalist's registered phone number, the success of the bypass highlighted a significant vulnerability in systems that rely on "my voice is my password" as a primary authentication method. Cyber security specialist Saj Huq noted that while the result was dismaying, it was not surprising given the rapid evolution of generative AI. In response, the banks maintained that voice ID remains a secure component of a broader, layered approach to fraud prevention, noting that they have not observed actual fraud resulting from this specific technology. Halifax further clarified that its voice ID system is an optional security measure for its customers.