声纹：你的新密码

    要登记使用该技术，客户先要致电巴克莱银行，在通话期间他们要重复一个短语进行样本录制。之后客户还要打第二个电话，以验证该技术能否正确识别他们。在随后的通话中，客户可以将自己的身份识别号码告诉话务员，然后进行一段简短的语音验证。这种技术能够自动判定电话线另一头的声音是否跟样本匹配。斯摩曼表示，这个验证过程平均算来要花费40-60秒的时间。到目前为止，该服务运转良好，在所有声纹验证电话中，遇到问题的比例不足1%。

    在巴克莱银行邀请加入这项声纹验证计划的客户中，并不是每个人都进行了登记。一些人担心录制自己声音可能带来隐私问题——的确，很多公司都对客户服务电话进行了录音——或者是，他们害怕安全漏洞。斯摩曼称，巴克莱银行有5%左右的客户拒绝加入。在这种情况下，那些客户可以继续让呼叫中心的话务员通过提问验证身份。

    顾问奥斯汀表示，在使用声纹验证技术前首先征得客户同意，这对公司来说很重要。公司可能在没有提醒的情况下记录客户跟客服代表进行正常通话时的语音，然后在往后的通话中使用它进行比较。奥斯汀说，参与焦点小组访谈的成员告诉她，他们感到被这样一种计划出卖了。毫无疑问，隐私权倡导者也会抱怨。

    大卫•波里诺说，声纹验证技术有一些潜在的缺点——波里诺是法国巴黎银行（BNP Paribas）旗下美西银行（Bank of the West）防欺诈部门的主管。公司账户可能无法正常工作，因为这种账户通常有数名员工有权登录，多种多样的语音可能会让该技术产生混淆。

    另外，问题还有：如果欺诈行为得逞，谁来负责？银行吗？还是客户？抑或是提供这种技术的公司？

    客户心理同样可能是一个问题，波里诺说道，他任职的银行并未使用声纹验证技术。他表示，银行客户更喜欢显而易见的安全技术而非不易察觉的——即使它们的保护作用同样有效。波里诺说，提问这种方式让客户感到银行是在认真对待安全问题，而将提问换成声纹验证，客户可能开始认为安全系统很松懈。“如果你走进一家银行，你会希望看到保险库。”波里诺如是说。

    有决心的黑客能够攻克声纹验证技术，就像其他任何一种安全措施一样。其带来的危险是否大于身份盗用、支票失窃或信用卡信息被篡改，这还不清楚。从理论上说，一些人可以欺骗性地登记使用声纹验证技术，以进入其他人的银行账户，他们可以提供大量个人信息来通过第一关。他们同样可以录制受害者的语音，然后试图进行回放——尽管银行可以通过让客户重复随机语句来验证身份，从而打击这种做法。就目前而言，传统保护措施已经千疮百孔，而声纹验证技术才崭露头角，以至于黑客们几乎没有费心去改变自己的策略。（财富中文网）

    译者：王灿均

    To enroll, customers make an initial call to Barclay's during which they are recorded while repeating a phrase. A second call is required to verify that the technology recognizes them. In subsequent calls, customers give their I.D. number to an agent and then go through a brief voice verification process. The technology automatically determines whether the voice on the other end of the line is a close enough match. On average, the process takes 40 to 60 seconds, Smallman said. So far, the service has worked well, with less than 1% of all voice print calls experiencing problems.

    Not every customer who is offered the opportunity to enroll in the voice print program at Barclay's does so. Some are concerned about the privacy implications of having their voice recorded -- granted, many businesses already record customer service calls -- or they fear security breaches. Around 5% of the bank's customers have objected, Smallman said. In such cases, clients can continue to have call center representatives questioning them to verify their identity.

    Austin, the consultant, said that it's important for companies using voice print technology to first get customer consent. Companies could, without warning, record their customers' voices during normal conversations with customer service agents and then use that for comparison for future calls. Austin said that members of focus groups have told her that they feel betrayed by such a program. Privacy advocates, no doubt, would also complain.

    David Pollino, who handles fraud prevention for Bank of the West, part of BNP Paribas, said that voice print technology has several potential shortcomings. Business accounts may not work because several employees typically have access. The variety of voices could confuse the technology.

    There's also the question of who's liable if there's fraud. Is it the bank? The customer? Or the company that supplies the technology?

    Consumer psychology may also be a problem, said Pollino, whose bank does not use voice print technology. Bank customers, he said, prefer conspicuous security rather than subtle -- even if their protections are equally effective. Asking questions reassures people that the bank takes security seriously, he said. Replace questions with voice print technology, and customers may start to think that security is lax. "If you walk into a bank, you like to see a vault," Pollino said.

    Determined hackers can overcome voice print technology, like any other security measure. Whether the danger is any greater than identity theft, stolen checks, or tampered credit cards is unclear. In theory, someone could fraudulently enroll for voice print access to someone else's bank account, providing they have a raft of personal information about them to get past the first step. They could also record a victim's voice and try to play it back, although banks can combat that tactic by making customers repeat random phrases to verify their identities. For the moment, traditional protections are so porous and voice print technology so new that hackers have hardly bothered to change their strategies.