October 19, 2015 -
It seems as though not a month goes by where a company — particularly one in the financial sector — experiences a significant breach that leads to the compromise of their customer’s personal information.
Many companies have adopted biometric technologies to protect themselves and their clients from these dangerous attacks.
Voice biometrics, in particular, is one of the more popular technologies financial companies are using to prevent such attacks.
In more recent years, Nuance Communications has emerged as one of the leading providers of voice biometric solutions.
The company’s voice biometrics solutions help financial institutions like Royal Bank of Canada, ING Netherlands, Manulife, USAA and Eastern Bank to safely and securely identify customers based on their voice.
Customers simply utter a passphrase to access their accounts without entering a password or PIN, or answering any security questions.
BiometricUpdate.com recently had the opportunity to discuss the growing use of biometrics in the financial industry, Nuance’s own voice authentication solutions, and any consequentual privacy issues that may arise from using voice biometrics, with Brett Beranek, Director of Nuance’s Product Strategy for Voice Biometrics.
Why is it that biometrics are growing in use, specifically in the banking industry?
Brett Beranek: A lot of these adoptions are taking place within banking, which makes sense, as they are they are the most affected by breaches and fraud. Underneath that, the need for an alternative to PINs and passwords is universal. Whether dealing with an airline or ordering shoes online, the authentication process to access an account is key. Breaches keep getting more severe and widespread, so we will see other organizations adopting technologies that provide an authentication method that is both easy and secure.
How does Nuance’s voice biometrics authentication solutions work?
There are clearly different levels of detail we can go into, spending hours going into algorithms, but at a high level, voice biometrics basically uses the sensor of microphones to interpret audio. Nuance accounts for 100 different characteristics, half of which are physical traits (vocal tracks, organs through which the voice passes through, chipped teeth, etc.) and the other half are behavioral traits (speaking in peaks and valleys, accents, etc.), all of which are measured and picked up. Measurement can be made with a very small sample of audio – just a few seconds. With the audio, we measure characteristics and then create a real-time voiceprint, which is compared to a voiceprint that was previously stored within the database. Through the algorithm, a statistical analysis is made of the two prints, and if the characteristics line up, the authentication attempt receives a positive score; if not, it receives a negative score.
Where does Nuance store the data and how is it protected?
Voice biometrics has several different models – you’ve probably recently heard about ING Netherlands and Manulife that deploy systems within their own IT infrastructure. Other models of deployment are technically possible, such as hosting in the cloud, but our customers have chosen not to go with that method. The voiceprint itself is a numerical print and is only relevant in the context of their algorithm. If a hacker accessed the voiceprints, there’s nothing they could do with that data (which is why financial organizations are leanings towards voice biometrics over PINs and passwords). For customer service, Nuance has been providing organizations with the capacity to store voice for some time now. Many organizations record calls as a way to manage customer voices. Several organizations have changed their call prompts to: “Your voice will be recorded for calling purposes and security purposes.”
What are some benefits of voice biometrics solutions that give it an edge over other biometric technologies?
A couple of things to note: The first is that the collection sensor is the microphone, and all folks on the planet have access to a high-grade microphone through smartphones, land lines, etc. This is not the case with facial, iris or fingerprint recognition, as those options require a special sensor. There are more of these now, but none trump the versatility of the microphone, as it can authenticate you whether you are or aren’t using a smartphone or landline, if you are traveling, etc. A key differentiator of voice biometrics is that a number of voiceprints can be created for individuals, whereas fingerprints are limited to 10 fingers and the iris is limited to two eyes.
Having said all that, I don’t want to position voice biometrics as the only solution – in fact, I anticipate people will use multiple forms of recognition. After all, if every organization is using the same solution, it is then more easily hacked.