Barclays plans to expand its use of voice biometrics to streamline authentication when clients call the bank, but the technology is still not widely trusted or understood.
Barclays has been using voice authentication technology for high-end clients since late 2012 and plans to roll out to 12 million retail customers in early 2014.
The bank is not alone is turning to voice biometrics to solve the problem of weak authentication using passwords, but why do these organisations believe technology is good idea?
Perhaps the more immediate question is, 'how does voice biometrics enable client authentication?'
The technology works by taking a voiceprint of the client while they are talking to a company representative on the phone.
Then, when they call again, their voice is matched in around 10 seconds with the voiceprint kept on record. If a match is verified then the client is authenticated.
The business benefit is that customers can be authenticated quickly, enabling organisations to deal with a greater number of calls and reduce fraud through identity theft.
The benefit to customers is that calls are shorter, there is increased protection from identity theft, and there is no longer a need to remember yet another password.
Despite these benefits, the introduction of voice biometrics systems has raised concerns about privacy. Some people are not comfortable with organisations holding biometric information.
But there is no reason for concern, according to Israel-based data analysis firm Nice Systems that specialises in voice data.
“A voice biometric is simply a recording of your voice, nothing more,” said Craig Pumfrey, vice-president of marketing in Europe at Nice Systems.
“All an organisation is doing is using your voice to help you to prove you are who you say you are,” he said.
Some organisations, have expressed concern that voice biometrics systems will be unreliable if there is too much background noise or customers’ voices are affected by illness, such as a sore throat.
But the latest generation of technologies using voice biometrics are able to filter out background noise and are not affected by temporary changes because up to 50 different characteristics are measured to create a voice print.
These characteristics include pronunciation, emphasis, speed of speech, accent, as well as the effects of physical elements such as the length of the vocal tract, mouth shape and size and nasal passage.
“This means that, even if you have a blocked nose, or spoke in a different language, the system would still be able to match you with your voice print,” said Pumfrey.
For the same reason, it is not possible for anyone to impersonate someone else.
“An impressionist may be able to fool our ears to give us the impression we are talking to David Beckham, for example, but it is impossible to mimic all of the 50 characteristics that make up his voice,” said Pumfrey.
“In fact, these systems are so attuned that they can tell the difference between the speech of identical twins,” he added.
The biometric systems are also able to detect voice recordings and voice manipulations, preventing fraudsters from using voice recordings to impersonate customers.
Another common concern is that organisations can create voice prints without consent.
This depends on the laws of the country concerned, said Pumfrey. “But regardless, most organisations recognise that the best way to introduce voice biometrics is to do so with the consent of the customer, along with an explanation of the benefits it will offer, over and above current methods of authentication,” he said.
Voice biometrics is entering the mainstream, and it is relatively easy to see why. It provides a cost-saving and more secure alternative to passwords, memorable phrases and pass codes.
“If we want something that is unique to us, cannot be copied, or forgotten and can be used to prove our identity quickly and securely our voice could be the answer,” said Pumfrey.
But voice biometrics is just one set of unique characteristics that can be measured to authenticate individuals.
In light of widespread recognition that passwords are no longer good ways of providing authentication, technology firms are pursuing alternatives, many of them biometrics-based.
Microsoft, for example, is tackling the problem in various ways, including a focus on support for biometric devices in Windows 8.1 and membership of the Fast IDentity Online (Fido) Alliance.
The Fido Alliance is an open-industry consortium delivering standards for simpler, stronger authentication.
Microsoft has joined other industry heavyweights in the alliance such as Google, Mastercard, PayPal, RSA, Lenovo and Dell.
From a business-objective standpoint, all the players are well aligned and agree that passwords have been problematic for a number of years and are well past their time.
There is general agreement in the technology industry that, as a whole, they need to get past this problem, but that it cannot be solved by any single player alone.
They agree that only way to solve this problem is to get all the major players at the same table, and that the Fido alliance has the potential of making that happen.
09 Jul 2014