Check out all the on-demand sessions from the Intelligent Security Summit here.
Voice identity verification is catching on, especially in finance. Talking is convenient, particularly for users already familiar with voice technologies like Siri and Alexa. Voice identification offers a level of security that PIN codes and passwords can’t, according to experts from two leading companies innovating in the voice biometrics space.
In a conversation at VentureBeat’s Transform 2021 virtual conference, Daniel Thornhill, senior VP at cybersecurity solutions company Validsoft, and Paul Magee, president of voice biometrics company Auraya, discussed the emerging field with Richard Dumas, Five9 VP of marketing.
Passive vs. active voice biometrics
Just like a fingerprint, an iris, or a face, voice biometrics are unique to an individual. To create a voiceprint, a speaker provides a sample of their voice.
“When you want to verify your identity, you use another sample of your voice to compare it to that initial sample,” Magee explained. “It’s as simple as that.”
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
What sets it apart from other biometrics is that every time someone speaks when prompted, the voiceprint is unique, Magee said. “Nobody can steal my voice because you can’t steal what I’m going to say next.”
When users are prompted to say their phone or account numbers or digits displayed on the screen, that’s active biometrics.
“Passive is more in the background,” Magee said. “So while I’m talking with the call center agent, my voice is being sampled and the agent is being provided with a confirmation that it really is me.”
Voice identity biometrics security
An organization responsible for the voice biometrics can store it with a trusted service provider, Magee said. “The last thing that we advocate is for the voiceprints to be flying around into some unknown place with limited security,” he added. “We think they should be locked up securely behind the clients’ firewall, like [companies] protect the rest of their clients’ information.”
Cheating in the voice identification system
Thornhill described how the system can be cheated: Someone can record a user and replay that audio, or someone can use a computer to generate synthetic versions of people’s voices, also known as deep fakes.
But there are ways to prevent such fraud. “You can apply some kind of [live element], so maybe a random element of the phrase, or use passive voice biometrics so the user is continuously speaking,” Thornhill explained.
There’s also technology that looks at anomalies in speech. “Does this look like it’s being recorded and replayed? Does it look like it’s been synthetically produced or modified by a machine?” Thornhill said. “So there are ways that fraudsters can potentially try to subvert the system, but we do have measures in place that detect those and prevent them.”
Industry-wide voice identification adoption
The greatest barrier to a successful biometric deployment is getting people to enroll their voice, Magee said. That’s why companies should avoid a one-size-fits-all approach.
If a customer often contacts a call center for their needs, that’s the best way to enroll them, Magee said. If they usually use an app, present them with the invitation there. A great time to enroll in a voiceprint is while customers enter their account details during onboarding.
Thornhill agreed. “It’s about understanding your client’s needs, their interactions with their customers, to help them get those enrollments up and help them achieve return on investment,” he said. “They’ll benefit from it, whether it’s from fraud reduction or customer experience.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.