Voice biometrics has had its share of starts and stops as a fraud-prevention and personal authentication tool in the past decade.
Experts who note a person’s voice has more than 100 unique characteristics compared with only 40 for a fingerprint see the added value in voice biometrics as defense for card-data security.
Yet others say the technology, used most commonly in the payments industry as a customer-authentication tool at card-issuer or merchant call-in centers, has much to prove before its use becomes widespread.
ValidSoft Ltd. wants to be in the forefront of what it believes will be voice biometrics’ coming out party in 2012.
The Offaly, Ireland-based fraud-prevention technology provider partnered with Opus Research Inc. to issue a January research report suggesting the technology is poised to become a key defense mechanism. They based their findings from past Opus research and studies of the past decade, including interviews with executives from 30 voice biometrics firms worldwide.
For its part, ValidSoft, a subsidiary of Netherlands-based Elephant Talk Communications Inc., has promoted voice biometrics as part of multipronged defenses using something you are, namely a voiceprint; something you have, which is your mobile phone; something you know, usually a PIN or password; and somewhere you are, or are not, established with privacy-protected signaling services.
The report from San Francisco-based Opus Research indicates voice biometrics has not taken hold because of past technology failures, product shortcomings and pricing issues, as well as the security industry’s failure to demonstrate past successes.
In addition, the report notes, security vendors may have been too quick to present voice biometrics as a way to replace PIN and other means of identification when the technology should simply become another layer of defense.
“Solution providers were barking up the wrong tree in viewing voice biometrics as a single-factor authentication mechanism because all single mechanisms fall short in some manner,” says Dan Miller, Opus Research senior analyst and author of the report.
“It’s better to view how well voice biometrics can augment or extend other authorization methods, mainly now because we have a better understanding of how it works,” Miller tells PaymentsSource.
The scrutiny of chief security officers in government and financial sectors generally delayed widespread use of voice biometrics between 1999 and 2006, the report notes. Mostly, those officers viewed PINs and passwords as rarely having technical issues, whereas voice biometrics had the potential for false positives.
With the use of passwords becoming more prevalent at businesses and in government, employees tend to create text files on mobile phones or in computers listing their passwords or, worse, simply writing them down on Post-It notes near their computers, the report notes. That trend opens the door for banks and merchants to consider how their customers are keeping track of account passwords.
“Voice is the final frontier for natural user interface,” Miller suggests. “There are a number of voice-based services now, and acceptance has grown among chief security officers.”
Opus Research estimates nearly 10 million citizens worldwide have successfully enrolled in some form of voice biometrics to authorize identities or payments to financial or government institutions or retail merchants.
“I see the number of users going up to 25 million in the next two years, partly because governments will be using it to prove you are still alive to receive aid or other payments,” Miller contends.
In addition, voice biometrics fits in with the advancement of mobile payments because it is user friendly, and consumers would see a natural connection in saying something over a phone to authorize payments, Miller adds.
Indeed, financial institutions or online merchants will find voice biometrics an efficient and effective authorization method, Pat Carroll, ValidSoft CEO, tells PaymentsSource, a Collections & Credit Risk sister publication.
“Speaking into a phone and comparing the voice with recorded voice biometrics creates an extremely high confidence level that the merchant or bank is dealing with the appropriate customer,” Carroll suggests.
An online merchant using voice biometrics to augment other fraud-prevention software would strengthen chances of overcoming the common “man-in-a-browser” fraudster who has attacked a system and can view a customer’s or merchant’s every move on an online payment page, Carroll adds.
Carroll says his company “loves voice biometrics” because a fingerprint scan or an eye scan can be stolen off a merchant or security vendor database, but a stolen voice scan would be worthless.
“The voice scan can be matched to only a certain phrase, and when asked to make other statements, the fraud would not be able to repeat and match with the recording,” Carroll reasons.
Generally when a security vendor records a person’s voice for biometric storage, it is used for comparison when asking the customer to repeat that phrase and then other phrases or numbers. The financial institution, or card issuer, authorizes a transaction after the voice biometrics technology confirms a voice match.
“If the voice is iffy for some reason, because of illness or a recent surgery, the institution has the other levels of security that come into play,” Carroll says. “It shows again that voice is only one factor.”
Julie Conroy McNelley, senior analyst and fraud expert with Boston-based Aite Group, tells PaymentsSource her past fraud research indicates most financial institutions believe some form of voice biometrics will be essential in the near future.
“Past pilot programs had some false positive results, and when you require consumers to say a certain phrase that comes back false, there might be some consumer attrition,” McNelley suggests.
McNelley likes the idea of voice biometrics becoming another solid layer of defense. “Whenever the industry comes up with some new defense, criminals find a way around it, so layering remains the best approach,” she says.
Most recently, ValidSoft pushed for a launch in the United States of its Valid-POS software, which combines the use of a consumer’s credit card data with the proximity of his mobile phone during a card-present transaction to help detect fraud.