Schneier Warns AI-Generated Voice Scams Now Defeat Bank Voice ID
What Happened
Schneier highlighted a security paper demonstrating that current-gen voice synthesis models defeat voice biometrics at three of the five largest US banks using publicly available audio samples. The attack succeeds against liveness checks and replay detection. Schneier called for banks to deprecate voice ID as a primary factor and shift to multi-factor with hardware tokens or app-based confirmation.
My Take
Voice ID was always security theater for high-value transactions, but it's been "good enough" for password resets and balance inquiries. That's the actual attack surface — fraudsters won't wire $50K, they'll change your address and intercept the new card. Compliance teams should treat this as an immediate control gap, not a future risk. Insurance carriers are already adjusting cyber policy questionnaires; expect voice-based authentication to become an explicit exclusion within two renewal cycles.
Read Original Source