psdesign1 - Fotolia

Voice biometrics still relatively unheard

Authentication system could help reduce UK fraud by making it hard for fraudsters to glean information from contact centres

Voice biometrics could reduce UK fraud by making it more difficult for criminals to do their groundwork via contact centres.

Contact centres are often a security weak spot, with fraudsters able to glean personal information through social engineering techniques.

According to Ravin Sanjith, analyst at Opus Research, a large amount of fraud begins in contact centres where fraudsters use techniques to steal personal information, and then use it to commit crime.

Fraud cost the UK economy £193bn in 2016, according to the Annual Fraud Indicator 2016, and much of it begins at call centres.

Authentication methods are used to overcome fraud. First-factor authentication uses a security token, for example, second-factor authentication involves something the user remembers, such as a password, and third-factor authentication involves personal chacteristics.

Third-factor authentication, such as biometrics, is more secure but there are fears around its use. “Biometrics in general gets a lot of attention, but it is usually the weaknesses that are focused on,” said Sanjith.

But unlike first-factor authentication, biometrics cannot be stolen and unlike second-factor authentication, it cannot be guessed, he said.

With biometrics, you are your own password, which make transactions smoother, said Sanjith. “Convenience drives commerce – security doesn’t,” he added. “The easier it is for someone to do a transaction with you, the more likely they are going to business with you.”

But he admitted the system does have weaknesses, such as people’s characteristics changing as they age. However, doing nothing is not an option because first-factor authentication is becoming inconvenient, and people tend to set easy or repeated second-factor authentication passwords, he said.

“Everybody wants stuff to happen in real time and the only way to scale up to that is to move to third-factor authentication,” said Sanjith. “Going in with your eyes wide open, understanding the weaknesses of third-factor authentication and mitigating them is a real conversation that industry professionals need to be having.”

Read more about voice biometrics

About 150 million people have registered their voiceprints for authentication at contact centres so far so and one billion transactions were secured by the technology last year.

Enterprises are yet to turn to technology in their droves to reduce fraud. Even for companies in sectors reliant on contact centres, the take-up is relatively low. Figures from biometric security software supplier Nuance show that 76% of telcos and 74% of banks still use security questions for authentication at the contact centre.

But there is an acceptance that current methods of authentication must be improved if fraud is to be cut.

Passwords, which are most commonly used, have long been considered a weak form of security because they are easily forgotten by users and are easily stolen, guessed or brute forced by cyber criminals. Passwords are also only as strong as the user makes them – the most common include 1234 and password.

Also, lists of passwords can be bought on the dark web for as little as £20, according to Brett Beranek, director of strategy at Nuance.

Voice is a convenient alternative method of authentication: voices are difficult to copy, having thousands of different characteristics.

Opus Research expects the number of people with registered voiceprints to leap to about 550 million by 2020 from 42 million in 2014 and about 150 million in 2017.

Some in the banking sector have been using voice biometrics for years. For example, Barclays began using Voice authentication technology for high-end clients in late 2012 and rolled it out to millions of retail customers in 2014.

Voiceprint matching

The technology works by taking a voiceprint of the client while they are talking to a company representative on the phone. Then, when they call again, their voice is matched in about 10 seconds with the voiceprint kept on record. If a match is verified, the client is authenticated.

And last year, HSBC announced a planned roll-out of voice biometric security technology to more than 15 million customers to provide a quicker, easier and more secure way to access their bank accounts.

Both Barclays and HSBC are using Nuance voice recognition technology, which employs deep neural networks to identify thousands of voice characteristics.

However, earlier this year a BBC journalist and his twin brother successfully carried out an experiment to trick HSBC voice-based authentication software into providing account access to the wrong person.

Nuance’s Beranek said voice authentication would not be appropriate for twins because although they have different voice patterns, false acceptance is more likely. He pointed out that the BBC experiment only got through the first part of authentication and permission to transact would not have been given on that alone.

In the future, voice biometrics could go beyond the contact centre and make financial transactions extremely easy and secure. According to Ian Pearson, who invented the text message, voice authentication could be used more and more in the future.

In a recent Nationwide Building Society report, Pearson said contactless is compromise, and people will soon be able to pay for things with a simple gesture and a few words.

“Gesturing towards someone and saying ‘Here is £13.46’ is quite enough to combine the voice and gesture recognition with the presence of your smartphone as electronic identification,” he said.

Read more on IT for financial services