Voice biometrics: Using speech for access
01 March, 2010
category: Biometrics, Corporate, Financial, Library
Voice biometrics doesn’t receive the same level of attention as other modalities, but it has unique benefits the others cannot match. Chief among these is its ability to enable remote authentication over the telephone.
This phone-centric model means it doesn’t require any additional hardware, and geographic proximity is irrelevant. Considering that call centers dedicate 12% of call duration to confirming a customer’s identity, it makes sense that any solution that expedites authentication and increases security would be crucial. This is the core of the voice opportunity.
Voice biometric authentication works by detecting an individual’s unique pitch, tone, and volume, according to a report from the SANS Institute. Several factors contribute to an individual’s voice: the size and shape of the mouth, throat, nose, and teeth, and the size, shape and tension of the vocal chords. The chance that all of these are exactly the same in any two people is low. The manner of vocalizing further distinguishes a person’s speech: how the muscles are used in the lips, tongue and jaw.
While there are many different voice biometric vendors, the systems typically work in a similar manner. The user undergoes a two-factor authentication, identified with ID number or PIN and then authenticated by having him speak a phrase or password.
Voice biometric market
2007 – $107 million
2008 – $116.1 million
2009 – $139.4 million
2010 – $225.8 million
2011 – $260.1 million
Source: Opus Research
Voice biometrics may be poised for some big gains, according to a report from Opus Research. In 2009 the firm predicted $139.5 million in sales for the market but it expects that to jump to $225.8 million in 2010.
Research and Markets predicts that voice biometrics poised to move from pilot projects to full-scale deployments. The focus of using the technology is also shifting, the firm states. The use of voice biometrics was focused on fraud prevention, but it is shifting to improving the user experience and shortening the time it takes to authenticate over the phone.
Mobile communications provider Vodafone Turkey rolled out its Voice Identification Service powered by the VocalPassword solution from PerSay. The service makes a spoken pass phrase a universal identifier for customer support, enabling customers to avoid having to remember multiple PINs or undergo a cumbersome and costly manual authentication process. The system was integrated with Vodafone’s Voice Portal Platform, enabling secure self-service applications such as GSM Personal Unlocking Key reset.
The primary driver for Vodafone Turkey in implementing a voice verification system was to provide customers with an even better experience while trying to safeguard their privacy.
A host of other applications for voice biometrics demonstrate that it can be used in just about any environment, such as:
-
At the New York Town Manor, a residential community in Pennsylvania, voice is used to help senior citizens access apartments and other areas.
-
Union Pacific Railroad uses voice biometrics to enable customers to release empty rail cars. Customers enroll in the voice authentication system over the phone and they then only have to call back to release an empty rail car once their voice is authenticated.
-
Bell Canada has deployed voice biometrics for employee technicians. Instead of using laptops to log in and access information on their next appointment, they use the phone to authenticate via voice biometrics and then are provided relevant details.
-
A common application for voice biometrics is password resets for financial institutions and corporations. Instead of having to speak with a representative, an employee or customer can be authenticated via voice and allowed to reset a locked or lost password.
-
Financial institutions are also using voice for authentication when phoning a call center. This cuts down on the time it takes for verification when the customer speaks with the call center employee. National Australia Bank has deployed a voice system for its customers from Telstra and Salmat VeCommerce. Using the voice biometric functionality of VeSecure, once a caller has registered his unique voiceprint he simply needs to recite his individual account number to have his identity verified.
-
Larimer County Colorado Community Corrections department is using voice biometrics from Diphonics to authenticate defendants over the phone before providing them with pre-trial information, reporting schedules and electronic monitoring.
Layering security makes voice a truly powerful solution
Authentify has a voice biometric system that also ties a user to a computer network and telephone. For example, a user attempting to activate an account will receive a telephone call at a number retrieved from his existing account records. The phone call requires him to speak a confirmation pass code being displayed on his computer screen, and captures a voice recording.
This would make it difficult for a fraudster to take over the account. While the hacker might be able to get an account number, user name and password he would not have access to the individual’s phone or voice.
The ramifications of this layering of security techniques are significant. Combining voice biometrics with speech recognition technology makes an extremely powerful solution that includes both the biometric authentication and a challenge and response opportunity. Rather than utilizing a static spoken password or phrase, speech recognition technology can enable a unique phrase to be presented at the time of a transaction. It is then checked for both content and biometric accuracy. This would thwart record and playback attacks against a voice biometric system.
It seems that there may be a growing future for voice biometrics. From a convenience perspective it can be a great solution for geographically dispersed authentication via existing hardware (telephones). From a security perspective, the technology has promise as well, especially when layered with other techniques such as speech recognition, caller ID and computer/network identification.