Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

My Voice is My Ultimate Password

Many businesses strive to deliver easy access to data and services that is simultaneously perceived as secure and easy-to-use by customers. With voice-based inquiries gaining in popularity and expected to reach 50% of all queries by 2020 according to Gartner, businesses are paying attention to voice biometrics and speech technologies.

Voice biometrics is also recognized as the only biometric authentication method available for remote use, making it easier for consumers and enterprises to use and deploy.

Many companies, especially banks, have started deploying so-called ‘active’ or ‘pass-phrase dependent’ form of voice verification for its customers. It requires the speaker to exactly repeat a given passphrase, used during enrolment. HSBC, for example, already allows its customers to authenticate themselves with their voice by simply stating “My voice is my password.” During the call, the spoken phrase is mapped against a previously created voice print recording of the user’s voice and analysed to ensure that the caller’s voice matches.

There is also a more sophisticated, and more promising form of authentication called ‘passive’ or ‘text independent’ speaker verification. It uses a process of verifying the identity of the speaker in a natural conversation, where the speech is free-flowing. It is less intrusive and also more secure by design, allowing for ongoing live verification throughout the entire conversation to ensure the caller remains the same throughout the conversation, which is crucial for the safety and security of any remote transactions. 

It is expected that the ‘passive’ form of voice verification will replace the currently used ‘active’ form by 2022, as it is better equipped to deal with ‘playback’ and ‘text to speech’ attacks, which the ‘active’ form of voice authentication is particularly vulnerable to.

Since there are no set phrases that are required in the natural language processing conversation that could be pre-recorded, it is incredibly difficult to gain access to someone’s account or profile by fraudulently recording their voice.

At the moment though, we are still seeing the industry typically implements different engines for ‘active’ and ‘passive’ solutions – even if the same company is using both. Real innovation and security comes from a hybrid approach – where the same solution is used regardless of the contact channel, e.g. IVR or Call Centre.

Where there isn’t enough audio for a ‘passive’ verification – a typical requirement of 7-10 seconds – the system asks an easy-to-answer question to complete the verification process. Alternatively, it can transparently switch to an ‘active’ form of verification, with no need to enrol, completing the authentication process via a passphrase for less ‘chatty’ consumers.

From authentication to compliance, to law enforcement
From a security and anti-fraud perspective, voice biometrics offer a number of key benefits to enterprises, among which the real time detection of known fraudsters. Additionally, advances in Artificial Intelligence (AI), also help detect the emotion of a caller, highlighting people who are calling under duress. 

Another important point is that with voice biometrics, there is no need for the user to share any personal or confidential data to be authenticated - as their voice sample is all that matters. Beyond that, the technology helps ensure cost-effective and secure remote access to services. Powered by AI, voice technology allows for sensitive personal information, such as credit card details, to be collected automatically and securely, and to be instantly verified – all outside of the main call agent-customer conversation.

Voice-to-text solutions, for example, can immediately take a phone call and convert it into an easily-searchable digital form with personal customer information ‘blacked out’ via a process of ‘data redaction’. 

Meaning, businesses enjoy an extra layer of protection in case of any hacks or data leaks, while users have more confidence in the ability of an organization to keep their personal data secure. Businesses will also be able to search for and remove the information upon request or when the customer or employee leaves. Perhaps, most importantly, speech analytics can be used to demonstrate compliance with GDPR, a crucial aspect of the regulation.

Last but not least important, compliance is now at the top of the C-suite agenda in practically every organization. Yet, even the best and brightest compliance officers can’t be everywhere, listening to every conversation. This is where AI-led voice recognition technology comes to the rescue. Not only can it eavesdrop on relevant sales and customer conversations – but also transcribe each call in real time. As it does so, it can alert compliance in real time, flagging the most concerning and potentially non-compliant parts of the discussion.

The solution would not only encourage call center agents, brokers or sales persons to remain compliant but would also instill more confidence in customers that they are not being misguided in any way.

Not all biometric authentication solutions created equal
One of the key advantages of voice technologies is that there’s no need for specialist equipment. The technology doesn’t require user or device activation, an expensive HD camera or an external application. Consumers can use a traditional telephone line, a smart phone or a web-based application, which then also enables organizations to deliver more inclusive customer services to all users irrespective of their age, income levels, proficiency with smart tech or their ability to afford a smart phone in the first place.

Where it comes to the use of personal devices – both on the consumer and enterprise level with Bring Your Device to work (BYOD) programs – the advantage of voice technologies is that no information is being stored or ‘cashed’ on mobile devises – as opposed to other forms of biometric authentication requiring taking a picture or make a recording.

With voice authentication, the process happens live with all information being managed via a remote secure server. As and when any personal information has to be identified and deleted, it can be done simply by deleting that information as nothing is saved or ‘cashed’ on personal devices throughout the process.
Leading voice technologies, in essence, will enable businesses to automatically identify, understand and service their clients better. It will, overtime, help them improve the customer experience and reduce costs, while keeping hackers and pranksters at bay.

What’s Hot on Infosecurity Magazine?