Biometric identification has been employed in niche areas for many years – such as fingerprints by law enforcement, hand vein prints at airports, and face recognition on passports and surveillance cameras. But its use as a method of user authentication has never quite materialized. Now Opus Research and ValidSoft believe that the conditions are ripe for the emergence of voice biometrics as the dominant means of authentication, particularly for financial transactions. The key drivers are the growth of mobile banking and e-finance together with the intrinsic lack of security on mobile devices. A secure means of authenticating mobile devices is an increasing necessity.
Voice is seen as the obvious choice. It is available to both smartphones and legacy voice-only phones with no extra cost to the user or additional hardware add-on for the device. Market drivers are also emerging. Phone manufacturers either have or are promising the inclusion of near field communication (NFC) on their devices, which will allow mobile phones to communicate with in-store payment devices. Google has developed the Google Wallet Android app to allow money to be transferred via NFC to the store.
Voice has an additional advantage over other biometric modalities. A compromised (for example, stolen) password can simply be replaced by a new password. A compromised fingerprint template cannot so simply be changed: biometrics are, by their nature, relatively fixed. Except for voice, ValidSoft’s CEO Pat Carroll told me. “When a user’s voice template is registered with a system, it usually includes a specific and unique phrase.” The authentication is consequently based on a combination of the voice pattern with the phrase. “If a particular registration ever gets compromised or lost, it is simply replaced by a new phrase.” In this way, voice-based authentication combines the advantages of both biometrics and passwords.
The Opus/ValidSoft report focuses on a set of best practices that it believes the security industry should adopt when introducing what it considers to be the inevitable voice biometric authentication. These include maintaining and ensuring usability, gaining the users’ trust, demonstrating that the technology works, and being ready and able to adapt to and adopt new developments. While the initial driver might be finance, business access to corporate resources will surely follow. “This not only applies to Financial Services and Government sectors, but is also relevant to the social media industry and the latest challenges it faces with users’ stolen identities,” comments Pat Carroll.