News
By Paul Magee, Managing Director, Salmat VeCommerce
Long gone are the days when professional fraudsters rifle through dust-bins for information. The smart guys recognise that they can find all the data they need to know about individuals online whether its through phishing or even social network sites such as FaceBook.
This means that any system that relies totally on personal details such as ‘address’, ‘mother’s maiden name’ and so on to protect bank accounts and/or other valued policies is fundamentally flawed. Recent data loss incidents around the world show that sensitive information is not being given the protection or respect it should. Not only can data fall into the wrong hands by accident, but it is just as likely that infiltration and abuse of data can come from within. The dilemma that organisations face is that there is insufficient and inconsistent control over access of data, enabling records to be available to too many employees, whether they are call centre representatives, administrative or technical staff.
So can we use technology to replace this reliance on personal data? Well the simple answer is yes we can. Biometrics, the measurable characteristics of individuals based on their physiological features or behavioural patterns can and are being used by organisations to recognise and authenticate the true identity of their customers.
Furthermore, the type of biometrics which is gaining the greatest ground, especially in telephone-based operations and for remote authentication is ‘voice’ because it requires no additional hardware such as a reader to work and you don’t have to physically present - it’s also probably the least intrusive of all biometrics and is therefore likely to have minimal resistance from users. The interfaces too are already familiar, for instance it can be used via a standard telephone or if on the web, via a microphone.
Compared with using personal data for identification, our voices are unique to us and cannot be exactly replicated therefore removing the chance of impersonation. As a result, using voice for verification rather than information that could be obtained by other persons means that it will no longer be so critical for organisations or individuals to safeguard vulnerable data records, the only record that would be required would be an encrypted voice print which can be stored at a central location and accessed only by qualified technicians
Fact or Fiction?
In the past, biometrics was viewed as science fiction rather than fact, but the good news is that technology has now matured and is now a commercially viable technology, and with the ISO 19092:2008 standard, banks and other financial services institutions now have an agreed framework and standards that they can use to implement the technology successfully.
So how could voice biometrics be used, how reliable is it and how does it compare to other methods?
Voice biometrics provides multifactor authentication of an individual's identity through the unique properties of an individual's voice and eliminates the need for remembering identifiers such as PINs, passwords, mother's maiden name, etc. or for having special equipment such as PIN pads or fobs. Whilst the latter can be forgotten, lost or stolen, the voice remains consistently unique and convenient to use.
Over the last few years, many financial institutions have rolled out card readers as a solution for providing second factor authentication for on-line banking customers. However, these have several drawbacks. Not only are they expensive to produce but they are also costly to support with the continual loss of both passwords and the actual readers themselves. They also do not work ‘out of band’ and are vulnerable to ‘man in the middle’ attacks. On the other hand, a voice is something you will always have with you and can’t be forgotten!
So how does voice biometrics work?
Given the sophisticated level of technology involved, it is surprising how simple it is to deploy a system and more importantly to enrol a voice-print. On average, it takes less than two minutes for an individual user to enrol their voice based on specific text such as name and account number. The system measures many aspects of the user’s voice, such as the shape of the vocal tract, and stores this voice print in a secure manner for the individual. When their identify needs to be verified, they can simply say their details. If their voice matches the voice print stored on file, then the person is given the authorisation to access an account, transfer money and so on. This takes less than 30 seconds and also by-passes the need for the individual to have to run through a series of tedious ID checks such as passwords, address details and so on.
Who is using the technology today?
As the technology has matured and accuracy has improved, the commercial world is finally beginning to recognise the scope and potential applications for voice biometrics. Australian Health Management (ahm) is successfully using the technology to verify the identity of members when they call to make a claim or for any other customer service issue. Although the main driver for this project was originally to reduce the length of time the caller had to wait before speaking to the right department, the company acknowledges how it also combats fraud.
In what is a first for the Australian life insurance and wealth management industry, Aviva has also announced that it will utilise voice biometrics to transform the way it interacts with its customers and advisors. Simply by using the unique characteristics of the member’s voice, the identity of callers to Aviva can be quickly verified and the call routed to the most appropriate resource. Whilst enhancing the level of customer service and convenience, this process also provides an added layer of security and privacy to telephone enquiries and transactions.
Earlier this year, NAB also announced that it had deployed a Salmat VeCommerce voice biometric solution in what is a first for the Australian banking industry.
The bespoke solution is designed to improve the customer experience on NAB’s telephone banking and enhance security and privacy by removing the need for customers to remember PINs and passwords.
Aussie Rules
Australia can certainly be considered a pioneer when it comes to adopting biometrics. Not only will this provide companies such as financial services firms with heightened security for customers and allow them to differentiate themselves in the marketplace, they will also be able to comply with AML legislation and address the problem of money-laundering, ensuring that there is complete transparency of who or what organisation is transferring funds, opening accounts and so on. Using voice biometrics enables you to unequivocally identify who is involved as well as keep a detailed record and audit trail of all transactions made.
Unique benefits of voice biometrics in combating fraud
•Consistent & standard method of verifying the identity of people
•Provides additional security and privacy for customers by protecting personal details
•Restricts employee access to customer information (Voice biometrics can also be utilised for employee login and password resets to ensure information access is for authorised persons only)
•Reports can be archived and easily accessed historically to support record keeping requirements (ensures compliance with AML legislation)
•The secure voiceprint storage environment cannot be compromised or ‘reverse engineered’ to reveal identity information.
National News