A password you can’t forget

Access & Identity Management Handbook 2017 Access Control & Identity Management, Security Services & Risk Management

Voice biometrics doesn’t receive the same level of publicity that other forms of biometric technology do, but it is a fast growing form of identity authentication that is being used with great success globally. Opus Research has done a significant amount of work on the uptake and use of voice biometrics and its latest report, completed in July 2016, shows impressive growth in the number of voices enrolled.

According to Opus, there are now more than 137 million enrolments globally, clearly demonstrating the growth of voice as an authentication technology. The company notes that voice is a “ubiquitous, highly personalised authentication factor with the capability to combine command and control with identification and access management”.

As we know from other forms of biometric measurements, there is no failsafe and 100% guaranteed form of biometrics, but the market leaders say voice is more effective than PINs, passwords, tokens or other authentication methods when it comes to authenticating identities and providing access to customer service systems to the right people. What’s more, it is simple to use and doesn’t require users to do anything other than speak into a microphone or over the phone to be authenticated.

Global voice biometrics company, Nuance, has a claimed 117 million voiceprints worldwide and over 3 billion verifications among companies using its voice biometric solutions. In South Africa, there are numerous voice biometric implementations, making SA one of the countries with the largest concentration of voice biometric implementations.

Some South African voice biometrics users include Discovery, Investec, TransUnion, Vodacom and Absa. At the 2016 Voice Biometrics Forum, hosted in Johannesburg by Nuance and its South African partner, OneVault, Investec, Discovery and Vodacom were on stage to speak about how voice biometrics have positively influenced their businesses.

To find out more about voice biometrics and its reliability and usage, Hi-Tech Security Solutions spoke to Vanda Dickson from OneVault. We asked her to explain how it works and where it is best used.

A verbal fingerprint

Dickson explains that a person’s voice is unique, much like their fingerprint, face or iris. “The size and shape of one’s vocal tract, mouth and teeth are only a few of the physical characteristics that contribute to making our voices unique. However, unlike the other biometrics, voice biometrics also measures behavioural characteristics, such as accent and speaking rhythm.”

There are over one hundred voice characteristics that can be measured to determine who you are based on your voice. To identify a person, voice biometrics technologies capture a person’s voice, typically through the microphone of a phone, and use software algorithms to compare the captured voice characteristics to the characteristics of a previously created voiceprint. If the two match, then the voice biometric software will confirm that the person speaking is the same as the person registered against the voiceprint.

While many other authentication challenges, such as usernames, passwords, etc. can be compromised, she says that with voice biometrics this is very difficult as a voiceprint is a hashed string of numbers and characters. A voiceprint in itself has no value to a hacker. The solution also has sophisticated elements included, which would identify a recording of a voice if anyone wants to try to crook the system with a digital recording of someone’s voice.

Where is it best used?

Dickson says voice biometrics is an extremely valuable business solution for organisations that have a large customer base that contact them regularly and/or are required to go through an authentication processes in order to fulfil an interaction.

“Voice biometrics can be utilised to automate transactions and service fulfilments that previously were not automatable due to the need for the caller to be authenticated by, for example, a contact centre agent. It can be used in various scenarios, whether it is resetting a password, confirming proof of life, enabling login via your voice into web portals, authenticating in a queue to reduce the time it takes to authenticate when you do speak to an agent, and so on.

Globally and in South Africa, passive voice biometrics has a strong use case where an organisation speaks to clients regularly, but by virtue of their business, is required to properly verify and authenticate the individual they are speaking to. Voice biometrics avoids the laborious and frustrating processes currently used for verification, allowing companies to eliminate them almost entirely.

Moreover, where small groups of individuals need to be associated to a profile, Dickson says voice biometrics can also enable this with an enhanced level of reporting. These scenarios tend to be prevalent within the financial services arena where fraud plays a big role and yet, using voice authentication to delight your customer with an easy and convenient process is equally important.

OneVault has been involved in implementing voice biometrics in the following industry sectors in South Africa:

• Financial services.

• Telecommunications.

• Credit bureau.

• ICT.

• Healthcare.

Quality of the call

While it will surprise nobody that voice calls in South Africa can sometimes be abysmal in terms of quality, these same issues that make it hard to hear a caller on the other end of a call can interfere with voice biometric systems’ ability to accurately verify an individual’s identity.

Dickson says that in a passive voice biometric solution, if the agent battles to hear and understand what the caller is saying, it stands to reason that the voice biometric technology may take longer to verify the voiceprint against the one on file, thus the time to verify may take longer. If, for example, there is too much interference, the contact centre agent can always revert to knowledge-based security questions to ensure the person is who they claim to be.

In the case of active voice biometric solutions, if the individual’s verification is not accepted, depending on the company and the processes that have been set up, the caller may be prompted to move to a quieter place, speak louder, speak more softly, etc., and can be asked to repeat the passphrase.

“Bear in mind that there are many aspects to take into account when the verification process is configured for a customer. When a caller is unable to fulfil an action via a voice biometric solution, the fallback may be the option to speak to an agent, but, ideally, the failed verification should be flagged when speaking to an agent to ensure the individual is authenticated as who they are claiming to be.

More than authentication

It stands to reason that if one’s voice can be used to verify your identity for transactional purposes, the technology must also be able to handle other functions which currently require talking to a call centre agent. Dickson says those tasks that previously required a consumer to speak to someone in order to do specific – and often mundane – transactions, but are sensitive enough to require authentication are ripe for voice biometrics.

“With active voice biometric authentication, where the consumer needs to enrol their voice against a unique identifier, such as an identity number, and companies are updating a range of business processes to facilitate automation, there are many types of transactions that can be done entirely through the IVR using the consumer’s voice to validate and process,” notes Dickson. She provides the following examples:

• Password reset.

• PIN/PUK resets.

• Automated login onto secure portals/websites (e.g. banking where you don’t need to remember a username and password).

• Proof of life.

• Balance enquiries.

• Tax statements.

• Approval of banking transactions.

• SIM swaps.

• Logistics e.g. confirmed delivery to right party.

“While there are obviously alternatives to the above such as OTPs or temporary passwords being sent to users’ email or mobile phones, there is very little robust authentication of the actual identity of the individual,” Dickson adds. “Rather, an action is processed based on a correct process being followed or traditional knowledge-based security questions being answered. With crime syndicates invariably knowing the answer to security questions, one needs to question the strength of the process being followed.”

User response?

As with all biometric solutions, the user will be the ultimate judge of the solution. Despite the improvements in fingerprint readers, for example, some still complain that they have to touch something others have touched. For iris recognition, there are questions about long-term impact to the eye. The users, whether they have a good argument or not, decide on the success of a biometric based on what their perspective is.

When it comes to voice biometrics, user response differs between use case and between the voice biometric solution deployed. Dickson says that with passive voice biometric authentication, where the customer really doesn’t have to do anything, but the system actually improves the customer experience, the response has only been positive.

“From a consumer perspective: passive voice biometrics is convenient and enables a much improved customer experience largely through the reduction in customer frustration. From a company perspective, it offers the above as well as improved efficiency, security and employee satisfaction.”

Active voice biometric authentication which is passphrase dependent is another story, as it tends to have difficult challenges. Dickson says the use case has to be appropriate and the consumer has to understand the benefits. “Thus, communication and education to and of the consumer is a critical aspect.”

She adds there will always be the sceptics around voice biometrics, as is the case with any solution. “Voice biometrics is one solution, however, that can assist in enabling so many interactions with significantly higher levels of secure and robust authentication that it is not a solution that can be dismissed.

“With identity theft being a bigger issue for everyone, it is a solution that should be embraced as a complementary authentication methodology that will assist consumers and companies alike in addressing risk and fraud in new and innovative ways.”

With the levels of fraud increasing exponentially and the fact that more businesses are introducing digital channels into their interactions with their customers, voice biometrics is an excellent choice to enhance the value of these strategies while improving the security of your client and staff interactions.

OneVault is a focused voice biometric authentication company. It delivers active, passive and managed fraud voice biometric solutions through a number of partners such as Dimension Data, Bytes, Atio and Pivotal Data. OneVault has a range of commercial models to suit clients’ requirements, ranging from cloud, on-premise and managed services.

For more information contact Vanda Dickson, OneVault, +27 (0)82 884 7786, vanda@onevault.co.za

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Improved security health check tool
Gallagher Access Control & Identity Management Products
Gallagher Security has streamlined its free Security Health Check tool, making it easier than ever to protect against potential system risks and improve business efficiencies.

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Suprema showcases integrated security solutions
Suprema Access Control & Identity Management Products
Apart from being an access terminal that supports multiple credentials such as facial recognition, RFID, mobile and QR codes, the BioStation 3 also supports VoIP Intercom and real-time video monitoring features to make it a truly multi-functional reader.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Local electronic locks
Access Control & Identity Management
YeboTech is an electronics manufacturing company, founded in 2005, which designs, markets and sells an electronic key and locking systems, aimed at replacing all conventional mechanical locks.

Selecting the correct access control system
Enkulu Technologies Access Control & Identity Management
Frazer Matchett, Managing Director of Enkulu Technologies, suggests the right questions to ask when selecting an access control solution; not just the access system, but the integrated solution that fits your requirements.

Integrated guarding services
XtraVision Integrated Solutions Access Control & Identity Management Industrial (Industry)
XtraVision offers a few tips on how to go about planning and setting up an integrated approach to sustainable and successful security services, from the initial risk assessment to the technology and people required.

Paxton secures multi-tenant office in Cape Town
Paxton Integrated Solutions Access Control & Identity Management Products
Cecilia Square in Paarl, Cape Town is an office building from where several businesses operate. The multi-tenant site has recently undergone a full refurbishment, including a complete upgrade of its security system for access control.

AI face recognition OEM module
Suprema News Access Control & Identity Management Products
Suprema AI, a company specialized in artificial intelligence–based integrated security solutions, recently launched its high-performance face recognition OEM module called ‘Q-Face Pro’ in response to the growing need for contactless security solutions.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.