With the on-device approach, the caller first opens a mobile app, which prompts him to say a pass phrase that is then recorded and analyzed locally by the phone's processor, all before the call ever hits the contact center.
Not only does the on-device process bypass the traditional phone-based authentication steps, but it can be more accurate because it takes advantage of the higher-quality phone microphone and doesn't have to contend with phone signal strength issues, connectivity issues, or other elements that could cause signal degradation.
Companies such as Nuance are creating more sophisticated databases of the voiceprints of known fraudsters, and sharing that information with others. Nuance's platform not only detects fraudsters, but also adds them to a database automatically. Previously, organizations that deployed voice biometrics needed to manually add imposters to a database, requiring a fraud specialist to flag audio clips.
"With this new platform, we can automatically build that list," says Brett Beranek, solutions marketing manager in Nuance's enterprise division.
Also expected to help boost adoption of voice biometrics is the increased accuracy that more modern systems promise. While in the past, systems were accurate about 80 percent of the time, today's systems can achieve error rates in the single digits, according to Miller.
"Is [voice biometrics] totally undefeatable? No!" he exclaims. "But you can tune the system to be very accurate."
Nuance claims that its latest voice biometrics product release is reliable more than 95 percent of the time, bolstered by its ability to base comparisons on approximately 150 characteristics in a person's voice. Some of those characteristics are physical, influenced by the shape and size of a person's vocal tract, teeth, and mouth, while others are behavioral and tied to learned behavior, such as accents and voice modulation, according to Beranek.
The combination of these 150 characteristics even enables Nuance's biometrics engine to distinguish between identical twins, Beranek says.
According to Miller, caller authentication applications for voice biometrics typically try to match a caller's spoken passphrase with a stored voiceprint. They return a "confidence score," and the application decides whether the person passes or fails based on that score.
Another measure of accuracy, the ratio of false accepts (when fraudsters fool the system) to false rejects (when actual account holders are denied access), is a little more subjective, Miller adds. "In security-conscious settings, managers tend to go for a low false-accept rate," he explains. "But in so doing, they often have to tune the system in a way that may falsely reject qualified callers. That's why you'll see statements like 'False accept below 0.5 percent with false reject less than five percent.'"
In another accuracy metric, called the equal error rate, which looks at the voice biometric engine's confidence in returning an accurate result, "my understanding is that it is around three percent, but it may be better," Miller says.
Accuracy can be further enhanced, Miller and other experts say, by using voice biometrics as just one piece of a much larger multifactor authentication process. When voice biometrics are used in the call center alongside other modalities, such as passwords, PINs, and security questions, the error rate can drop to less than 1 percent, according to Miller.
Because smartphones include a camera and a microphone, SpeechPro's VoiceKey can combine facial recognition and voice recognition for added security. "To access an account remotely, the customer goes to a mobile app, looks into the screen, and takes a picture. Then he says his password. The app compares the face and the voice to what's stored in the database. That's all," Khitrov explains.
When used together, accuracy is 99.9 percent, he boasts.
Systems are also becoming more accurate because of their ability to adapt to users. Nuance has added what it calls "smart adaptation" to its voice biometric platform. Beranek says smart adaptation uses audio collected during the verification process to update existing voiceprints and enhance them. "Progressively, a person's authentication rates will improve as [he] uses the system," he says.
SpeechPro's solutions also have this capability. "When the customer calls and starts interacting with the operator, it looks at the current conversation and previous conversations," Khitrov says. "Throughout the conversation, it's building and adding to the database."
Modern voice biometrics have also become much better at detecting and thwarting so-called replay attacks, where fraudsters record another person's voice and use it to crack a voice-based security system. The series of events that played out in the 1992 film Sneakers, for example, would never happen today.
In the movie, Robert Redford plays Martin Bishop, a professional hacker hired to find vulnerabilities in corporate security systems. When challenged to access a secure laboratory protected by a speaker verification system that requires an exact voice match for "Hi, my name is Werner Brandes. My voice is my passport. Verify me," Bishop sends a female associate on a date with Brandes to coax those words out of him, one by one, secretly taping every word. The resulting audiotape is then spliced together to create the necessary phrasing, and access to the facility is granted.
Unlike in the movie, modern voice biometrics applications can identify immediately if the voice being presented for authentication is a recording or a series of words clipped together. The technology that makes this possible is called liveness testing, and virtually all of the solution providers have built it into their offerings.
As an added layer of protection against replay attacks, companies can dynamically mix up the challenge phrases that the caller has to say for verification. Since the caller has no idea what the phrase or random number combinations will be ahead of time, he cannot prepare recordings of someone else saying them.
Bye, Bye, Big Brother
Also largely gone today is the stigma attached to voice biometrics. Consumers no longer view biometrics as a technology used by futuristic, Orwellian societies to keep tabs on everyone. Instead, consumers today recognize the technology's unique ability to stop thieves in their tracks, and are therefore willing to use it and, in some cases, demand it of the organizations they entrust with their money. In fact, recent research from Javelin Strategy & Research found that about half of all business banking customers would consider robust identity verification methods as compelling factors when choosing a financial institution.
In a survey of 1,000 consumers in the United States who had recently used their telephones for customer care, Opus found that 85 percent of consumers are unhappy with passwords, PINs, and security questions as security measures.
In contrast, 90 percent said they would prefer voice biometrics to PINs and passwords, with 77 percent stating that they find voice biometrics more convenient.
"You need to look at what customers expect, and voice biometrics is one of the shortest ways to get them through the authentication process," Miller says. "Voice biometrics leads to a stronger trust relationship."
But companies can't just throw a solution into the mix. "Proactive consumer education will be essential to ensuring that customers understand the benefits of this technology," concludes Shirley Inscoe, senior analyst in retail banking at the Aite Group.
News Editor Leonard Klie can be reached at firstname.lastname@example.org.