my bank still uses voice authentication for phone support. ive been able to fake it in tests with a 20-second cloned sample. when is this going away. is anyone in finsec actively replacing voice auth
The major banks know its compromised. its been a slow rollout to replace because the alternatives (app-push, hardware token) have lower call center compatibility. itll be deprecated by 2027 at most US banks based on what ive heard from infosec contacts
if your bank still offers voice as the only option, switch banks. ive moved 2 personal accounts in the past year specifically over this.
thats kind of where im landing. doing a survey of which top 20 us banks still have voice as primary phone auth.
this is one area where the academic community and the practitioner community fully agree: voice biometric authentication using static voice samples is obsolete. the lag in industry adoption is purely about call center integration complexity, not about the underlying security. expect formal regulatory pressure in the next 18 months.
Fwiw the smaller banks and credit unions are typically faster movers on this than the top 20. ironically the institutions least likely to make headlines are running better security here.
From an HR security training perspective we now explicitly tell new hires NOT to use voice auth at their personal banks. its on our financial onboarding checklist. wild that this is needed in 2026 but here we are.