Check out all the on-demand sessions from the Intelligent Security Summit here.
As part of Five9’s Conversational AI Summit at Transform 2021, two leading experts in the field of voice biometrics, Paul Magee, CEO of Auraya and Daniel Thornbill, SVP Pre and Post Sales at ValidSoft, sat down with Richard Dumas, VP of Marketing at Five9, and explored how banks, credit unions, brokerages, and credit card companies are using the latest advances in voice biometrics to verify identity, authenticate callers, and protect against fraud — saving millions, reducing handle time, and increasing customer satisfaction.
“Voice biometrics is just like your fingerprint, iris, or face,” Magee said. “But one of the advantages of using voice biometrics over those other biometrics is that every time you speak, it’s unique. Nobody can ever steal my voice, because they can’t steal what I’m going to say next.”
Voice is swiftly replacing the traditional verification methods that use pins, passwords, and knowledge-based authentication, which lack security, privacy, and reliability. These older verifications often result in a poor customer experience that reduces the use of digital self-services, driving up higher cost with agent-assisted phone transactions.
ValidSoft specializes in security solutions, and developed its own voice biometric technology, providing both active and passive voice biometrics. Auraya is a global leader in voice biometric technology, deployed by more than 10 million users licensed around the world.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
As Magee explains, users create a voice print by depositing a sample of their voice in a vault. When a customer uses their voice to access a system, the model compares that voice print with the one in the vault to identify and authenticate the user.
“To add to that, voice biometrics is a multidimensional biometric as well,” Thornbill said. “It’s measuring both behavioral elements in how you speak, but also physical — it’s tying your physiology, your physical makeup, and the distortion you create in sound to your biometric as well. Most other biometrics are only single dimension, which makes voice even more secure and versatile.”
Implementing biometrics for security
Security leaders in financial services especially are applying voice biometrics as part of a multilayered approach. The right one-time passcode with the right voice on the right device starts to build up a multitude of factors, providing security teams with the confidence that this transaction can be handled securely, and with non-refutable evidence required by regulatory requirements.
The technology is taking off now because of a combination of factors, including increasing consumer preference for speech interfaces, especially with enterprises and financial services companies. They’re using voice commerce through apps, smart speakers to check their balances, and IVRs for customer self-service.
“How do you apply security across all these different ways in a consistent and secure manner? And that’s where voice biometrics comes into play,” Thornbill said. “It’s the only thing that enables a consumer to traverse all these different channels. You need to be able to apply the same level of security, or continuous voice authentication for these services.
“We’ve seen amazing growth in the use cases and the organizations,” Magee added. “It used to be a technology that was the preserve of very large organizations that had multi-million-dollar problems, so they could spend millions of dollars on a complicated system. Today, voice biometrics can be deployed by organizations from small to medium to large.”
The advent of cloud, increasing customer demand, and the effect of regulatory compliance on consumer privacy have all contributed to the rise of voice biometrics for security. Original voice prints are encrypted and kept behind firewalls, and so they are unlikely to be compromised. And though fraudsters have been looking for ways to crack the security of voice biometrics with deep fakes and replay attacks, platforms like ValidSoft’s have measures in place to detect anomalies in the speech stream to detect those and prevent them.
Laying security with passive and active biometrics
There are two types of voice biometrics: passive and active voice biometrics. To understand active biometrics in the simplest terms, it’s what a user says. And if you get to an IVA, or you’re using a browser, and you get asked to say a specific phrase, you never want to say something like, ‘My voice is my secure password.’
“I should be saying my phone number, or account number, or the digits displayed on the screen,” Magee said. “That’s an active process — I’m actively taking part in providing a key to open my account.”
Passive biometrics is the technology working in the background, for example, when a customer is talking to a call center agent. Their voice is being sampled and the agent is provided with a confirmation that the speaker has been authenticated.
“We’re great believers in using all of these techniques to give a smooth and efficient and effective verification process that offers both security and convenience,” Magee said. “Asking a specific question provides a high level of security quickly, allowing self-service in the IVA, and also allowing the agent to start the conversation already knowing who it is.”
But a lot of people don’t want to talk to the IVA, so providing a passive verification to the agent provides an additional layer of security. It allows the agent to start a conversation relatively quickly with confirmation of who the person really is. Both active and passive are important elements of a successful solution.
Getting consumers on board
Getting consumers to enroll their voice is the greatest barrier to a successful voice biometrics deployment, Magee said.
“Our solution, after many years of doing far too many deployments that didn’t go as well as they should have, has given us the lessons of history, and that is that not everyone is the same,” he said.
For someone who’s a traditional contact center user, frequently interacting with the IVR and speaking to the live agent, then that’s the best way to enroll that person. For the person who uses their app or browser instead, enroll them in their channel of preference. For example, when they use their password to get into the app, present them with the invitation to enroll their voice then and there.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.