Speaker Verification: The Future

If the Societe Generale in France had used speaker verification to authenticate traders, would the actions of Jerome Kerviel and the bank’s €4.5 billion losses been avoided? Jerome Kerviel infamously used his knowledge of the bank’s checks and balances to build up unauthorised positions, which subsequently led to massive losses. An internal report, commissioned to determine what went wrong, argued that the bank needed biometric authentication of trading personnel to avoid a similar breach from occurring again.

Ironically, this type of application is one of the biggest uses of speaker verification, which uses voiceprints to authenticate a person’s identity. Internal, behind-the-firewall installations for employee care, time and attendance or for fraud protection, demonstrate clear business cases for voice biometrics. Companies need to protect sensitive data with minimum fuss and as they have a limited, closed community, using a text-dependent voice print (i.e. a voice print based on a person saying a specific phrase) to authenticate users is an ideal solution. Many companies have a history of internal breaches to protect against, which makes it easier to get management buy-in.

We expect to see ‘Voice Biometrics’ become a mainstream technology in the next three to five years. There is barely a major bank in the US, UK or Australia today that isn’t evaluating speaker verification and we expect banks in India to follow suit. And, once the first banks take the plunge, we predict that we will see rapid and broad adoption across a whole range of industries.

Adoption of voice biometrics in India will be driven by the following factors:

• Penetration of automated banking and mobile services to rural areas where the need for secure authentication processes will have to factor in low literacy levels

• The need for authentication services, which do not require additional paraphernalia, as is the case with fingerprint and iris scanning for example

• Increasing awareness among both businesses and consumers about the vulnerability of their private data, and

• The need for further auto¬mation to introduce efficiencies and protect against social engineering

Fragility and Frailty

Online security has been an industry focus over the past few years and quite rightly so. However, such concentration on the online channel has highlighted the lack of security being implemented in other channels connecting the customer, most notably the phone. The growth of e-commerce, online banking and mobile access accentuates the need for multifactor protec¬tion of customer data for financial services, healthcare and insurance companies.

The human factor is also becoming an increasing concern. Traditional methods of authentication in the contact centre are com¬ing under intense pressure as consumers grow less tolerant of long queues and hold times. Running through a series of identification questions not only damages the customer experience, it also leads to mistakes as the service agent rushes through to get on to dealing with the actual query. The tension between heightening security by ensuring the caller is who they say they are and making sure the call is as short and functional as possible is making the customer service agent’s job more difficult. Contact centres are starting to use con¬fidential information, which only the cus¬tomer would know — like the details of a recent transaction — to authenticate callers. But this can alienate customers, if it is not handled well and it still leaves the agents running through their list of questions. As long as people are involved in this process, there will always be the potential for mis¬takes — and the capacity for crime. Rogue agents can infiltrate the workforce and pass customer details to criminals on the outside.

Future Applications

The solution to the fragility and frailty of the contact centre’s security measures is to automate the process, so callers authenticate them¬selves before they speak to an agent. The time callers spend on the process can be cut from 60-90 seconds to 5-10 seconds in some cases. Customers can even use the IVR to set up the system themselves, recording a password that the system keeps as their voiceprint. This not only saves on the use of agent time, it also makes their job more enjoyable as they don’t have to go through the often-resented identification process.

Consumer-facing contact is just one environ¬ment where speaker verification is being adopted and will continue to be adopted — we believe there are many more. Based on current uptake and customer interest, we expect the top applications of speaker verification in India today and in the future across banking (both conventional and mobile based), telecom, and IT/ITeS organisations to be as follows:

• Contact centres ,
• Employee password reset applications
• Mobile payment gateways
• Call monitoring for fraud
• Securing mobile devices like handsets and cars
• Rural ATMs
• Prisons

The contact centre is a good illustration of businesses facing significant pressure to intro¬duce efficiencies with technologies such as speaker verification. Additionally, financial institu¬tions are required to support new regulations and industry expectations, such as the FFIEC guidance in the US, and SEPA across Europe – and financial institutions in India are likely to come under similar guidance.

One area that has not yet taken off but could be an important application for speaker verification is the securing of mobile devices. Awareness of the need for greater personal security of mobile devices is growing with every laptop containing sensitive information that could fall into wrong hands. Passwords might be the user access control of choice in Microsoft’s latest operating systems, but a spoken phrase could provide a higher level of security. Mobile phones now contain and provide access to almost all our personal data; voiceprints are a natural and logical method for securing them and tying them to the individual.

Extend this concept to the ultimate mobile device, the car, and you start to see how far the technology could go. Speaker verification could be the ultimate in personal access control because its access device — the voice — is some¬thing we carry around with us all the time and something that can’t be forgotten, like a PIN or password.

But this is the future. What matters today is that voice biometric technology is here, it works and companies that are adopting it now are gaining meaningful competitive advantages.

Chuck Buffum is vice president, Authentication Solutions, Nuance Communications.