A password you can’t forget

November 2016 Access Control & Identity Management, Security Services & Risk Management

Voice biometrics doesn’t receive the same level of publicity that other forms of biometric technology do, but it is a fast growing form of identity authentication that is being used with great success globally. Opus Research has done a significant amount of work on the uptake and use of voice biometrics and its latest report, completed in July 2016, shows impressive growth in the number of voices enrolled.

According to Opus, there are now more than 137 million enrolments globally, clearly demonstrating the growth of voice as an authentication technology. The company notes that voice is a “ubiquitous, highly personalised authentication factor with the capability to combine command and control with identification and access management”.

As we know from other forms of biometric measurements, there is no failsafe and 100% guaranteed form of biometrics, but the market leaders say voice is more effective than PINs, passwords, tokens or other authentication methods when it comes to authenticating identities and providing access to customer service systems to the right people. What’s more, it is simple to use and doesn’t require users to do anything other than speak into a microphone or over the phone to be authenticated.

Global voice biometrics company, Nuance, has a claimed 117 million voiceprints worldwide and over 3 billion verifications among companies using its voice biometric solutions. In South Africa, there are numerous voice biometric implementations, making SA one of the countries with the largest concentration of voice biometric implementations.

Some South African voice biometrics users include Discovery, Investec, TransUnion, Vodacom and Absa. At the 2016 Voice Biometrics Forum, hosted in Johannesburg by Nuance and its South African partner, OneVault, Investec, Discovery and Vodacom were on stage to speak about how voice biometrics have positively influenced their businesses.

To find out more about voice biometrics and its reliability and usage, Hi-Tech Security Solutions spoke to Vanda Dickson from OneVault. We asked her to explain how it works and where it is best used.

A verbal fingerprint

Dickson explains that a person’s voice is unique, much like their fingerprint, face or iris. “The size and shape of one’s vocal tract, mouth and teeth are only a few of the physical characteristics that contribute to making our voices unique. However, unlike the other biometrics, voice biometrics also measures behavioural characteristics, such as accent and speaking rhythm.”

There are over one hundred voice characteristics that can be measured to determine who you are based on your voice. To identify a person, voice biometrics technologies capture a person’s voice, typically through the microphone of a phone, and use software algorithms to compare the captured voice characteristics to the characteristics of a previously created voiceprint. If the two match, then the voice biometric software will confirm that the person speaking is the same as the person registered against the voiceprint.

While many other authentication challenges, such as usernames, passwords, etc. can be compromised, she says that with voice biometrics this is very difficult as a voiceprint is a hashed string of numbers and characters. A voiceprint in itself has no value to a hacker. The solution also has sophisticated elements included, which would identify a recording of a voice if anyone wants to try to crook the system with a digital recording of someone’s voice.

Where is it best used?

Dickson says voice biometrics is an extremely valuable business solution for organisations that have a large customer base that contact them regularly and/or are required to go through an authentication processes in order to fulfil an interaction.

“Voice biometrics can be utilised to automate transactions and service fulfilments that previously were not automatable due to the need for the caller to be authenticated by, for example, a contact centre agent. It can be used in various scenarios, whether it is resetting a password, confirming proof of life, enabling login via your voice into web portals, authenticating in a queue to reduce the time it takes to authenticate when you do speak to an agent, and so on.

Globally and in South Africa, passive voice biometrics has a strong use case where an organisation speaks to clients regularly, but by virtue of their business, is required to properly verify and authenticate the individual they are speaking to. Voice biometrics avoids the laborious and frustrating processes currently used for verification, allowing companies to eliminate them almost entirely.

Moreover, where small groups of individuals need to be associated to a profile, Dickson says voice biometrics can also enable this with an enhanced level of reporting. These scenarios tend to be prevalent within the financial services arena where fraud plays a big role and yet, using voice authentication to delight your customer with an easy and convenient process is equally important.

OneVault has been involved in implementing voice biometrics in the following industry sectors in South Africa:

• Financial services.

• Telecommunications.

• Credit bureau.

• ICT.

• Healthcare.

Quality of the call

While it will surprise nobody that voice calls in South Africa can sometimes be abysmal in terms of quality, these same issues that make it hard to hear a caller on the other end of a call can interfere with voice biometric systems’ ability to accurately verify an individual’s identity.

Dickson says that in a passive voice biometric solution, if the agent battles to hear and understand what the caller is saying, it stands to reason that the voice biometric technology may take longer to verify the voiceprint against the one on file, thus the time to verify may take longer. If, for example, there is too much interference, the contact centre agent can always revert to knowledge-based security questions to ensure the person is who they claim to be.

In the case of active voice biometric solutions, if the individual’s verification is not accepted, depending on the company and the processes that have been set up, the caller may be prompted to move to a quieter place, speak louder, speak more softly, etc., and can be asked to repeat the passphrase.

“Bear in mind that there are many aspects to take into account when the verification process is configured for a customer. When a caller is unable to fulfil an action via a voice biometric solution, the fallback may be the option to speak to an agent, but, ideally, the failed verification should be flagged when speaking to an agent to ensure the individual is authenticated as who they are claiming to be.

More than authentication

It stands to reason that if one’s voice can be used to verify your identity for transactional purposes, the technology must also be able to handle other functions which currently require talking to a call centre agent. Dickson says those tasks that previously required a consumer to speak to someone in order to do specific – and often mundane – transactions, but are sensitive enough to require authentication are ripe for voice biometrics.

“With active voice biometric authentication, where the consumer needs to enrol their voice against a unique identifier, such as an identity number, and companies are updating a range of business processes to facilitate automation, there are many types of transactions that can be done entirely through the IVR using the consumer’s voice to validate and process,” notes Dickson. She provides the following examples:

• Password reset.

• PIN/PUK resets.

• Automated login onto secure portals/websites (e.g. banking where you don’t need to remember a username and password).

• Proof of life.

• Balance enquiries.

• Tax statements.

• Approval of banking transactions.

• SIM swaps.

• Logistics e.g. confirmed delivery to right party.

“While there are obviously alternatives to the above such as OTPs or temporary passwords being sent to users’ email or mobile phones, there is very little robust authentication of the actual identity of the individual,” Dickson adds. “Rather, an action is processed based on a correct process being followed or traditional knowledge-based security questions being answered. With crime syndicates invariably knowing the answer to security questions, one needs to question the strength of the process being followed.”

User response?

As with all biometric solutions, the user will be the ultimate judge of the solution. Despite the improvements in fingerprint readers, for example, some still complain that they have to touch something others have touched. For iris recognition, there are questions about long-term impact to the eye. The users, whether they have a good argument or not, decide on the success of a biometric based on what their perspective is.

When it comes to voice biometrics, user response differs between use case and between the voice biometric solution deployed. Dickson says that with passive voice biometric authentication, where the customer really doesn’t have to do anything, but the system actually improves the customer experience, the response has only been positive.

“From a consumer perspective: passive voice biometrics is convenient and enables a much improved customer experience largely through the reduction in customer frustration. From a company perspective, it offers the above as well as improved efficiency, security and employee satisfaction.”

Active voice biometric authentication which is passphrase dependent is another story, as it tends to have difficult challenges. Dickson says the use case has to be appropriate and the consumer has to understand the benefits. “Thus, communication and education to and of the consumer is a critical aspect.”

She adds there will always be the sceptics around voice biometrics, as is the case with any solution. “Voice biometrics is one solution, however, that can assist in enabling so many interactions with significantly higher levels of secure and robust authentication that it is not a solution that can be dismissed.

“With identity theft being a bigger issue for everyone, it is a solution that should be embraced as a complementary authentication methodology that will assist consumers and companies alike in addressing risk and fraud in new and innovative ways.”

With the levels of fraud increasing exponentially and the fact that more businesses are introducing digital channels into their interactions with their customers, voice biometrics is an excellent choice to enhance the value of these strategies while improving the security of your client and staff interactions.

OneVault is a focused voice biometric authentication company. It delivers active, passive and managed fraud voice biometric solutions through a number of partners such as Dimension Data, Bytes, Atio and Pivotal Data. OneVault has a range of commercial models to suit clients’ requirements, ranging from cloud, on-premise and managed services.

For more information contact Vanda Dickson, OneVault, +27 (0)82 884 7786, vanda@onevault.co.za

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

24-hour emergency response for staff
August 2019 , News, Security Services & Risk Management
The FirstRand Group has partnered with PanicGuard to create a 24-hour emergency response programme for staff.

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

Keeping our changing environment secure
August 2019 , Editor's Choice, Security Services & Risk Management
For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances.

The importance of real security risk assessments
August 2019, Sentinel Risk Management , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Andy Lawler, MD, Sentinel Risk Management, says a security risk assessment is an onerous task, but is not something estates can consider optional or a luxury item anymore.

Risk assessment or product placement?
August 2019, Technews Publishing, Alwinco, SMC - Security Management Consultants , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Hi-tech security solutions asked a couple of experts to provide estate managers and security managers with some insights into what a ‘real’ risk assessment includes.

Residential security – caveat emptor
August 2019, Stafix , Integrated Solutions, Security Services & Risk Management
When it comes to improving your property’s security, make sure you take all the options into account as you build a layered approach to keeping people safe and assets secured.

Ensuring your electric fence is compliant
August 2019, Stafix , Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
A challenge facing both existing and potentially new perimeter electric fence installations is how to economically meet the legal requirements required in the SANS 10222-3:2016 standards document.

The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.