U.S. Bank is firmly committed to voice assistant technology, but remains cautious about enabling all forms of money movement via verbal commands.
The Minneapolis-based bank is marketing several new uses for voice assistants and ambient computing, noting it's the "beginning stages." Most of the current uses resemble early mobile or online banking use cases, including requests for information. When it comes to payments, the only supported recipient is U.S. Bank itself — it lets consumers pay their U.S. Bank credit card bill from a U.S. Bank checking account.
For more advanced functions, such as IoT payments or transactions associated with mobile payments, there needs to be advancements in general voice assistant security, according to Gareth Gaston, executive vice president of omnichannel for U.S. Bank.
"There's a difference between asking for a balance and paying. Before people start sending thousands of dollars with their voice we would like it to be more secure," Gaston said.
For now, multitasking is the main selling point; consumers can verbally request information that's in context with another activity, such as asking about a balance before making a payment.
U.S. Bank is one of the first banks to offer voice banking on all three major platforms: Amazon Alexa, Google Home and Siri. All three voice assistants can provide checking, savings and money market account balances.
The bank's strategy is consistent with trends in voice assistant adoption, where usage is growing quickly but people are also concerned about safety and privacy. According to BI Intelligence, 42% of consumers are worried about security, making it the top deterrent to voice-activated transactions.
This habit also extends to transactions in the branch. HSBC deployed SoftBank's Pepper robots in one of its Manhattan branches this week, but limits Pepper interactions to providing basic information due to security concerns around enabling Pepper to accept deposits or make bill payments.
Current voice technology can be compromised by inserting inaudible commands among the "legitimate" commands, and ultrasonic attacks can happen from distances of up to 25 feet, well within a checkout range at a store. Even "real" voices can be intercepted for digital theft at that distance; there are also concerns about security risk when pairing voice assistants to other web connected appliances in the home.
"The security on these devices is good, you can set up online baking credentials and set up a PIN and we have a digital banking guarantee," Gaston said. "But when you start opening up a service to large forms of money movement, we would like to see a little more development from the device manufacturers to move beyond a four-digit code for authentication."
Security improvements would most likely come from refining the voice match software that digital assistants use to prevent intrusions. Another solution involves methods akin to machine learning, allowing assistants to do more without opening a connection to the cloud.
The ideal solution would be allowing consumer's voice to act as as the authenticator, Gaston said. U.S. Bank is testing voice biometrics as an extra layer of authentication on mobile.
Biometric authentication is improving, but there are still challenges with using voice as a form of identity security, according to Shirley Inscoe, a senior analyst at Aite Group.
"Most forms of biometric engines continue to improve … some claim that voiceprints are totally unique and safe to use for authentication, payment authorization, etc.," Inscoe said. "However, most admit that our voices change over time, particularly as we age. This potentially could lead to errors, particularly in false declines in properly identifying a customer."
Beyond the security issue, U.S. Bank is bullish on voice assistants, and plans to add more functions that make voice an extension of the bank's mobile app.
"Voice has less friction than other engagement and it lends to multitasking," Gaston said. "Nobody gets out of bed in the morning and says 'I'm going to go bank today.' "