In Data Security, It’s a Numbers Game
Nuance has publicly stated that users of its technology currently store approximately 45 million voiceprints. Alexey Khitrov, president of SpeechPro, says versions of his company's voice biometrics technology are currently being used in more than 70 countries around the world.
Opus found that globally, voice biometrics was used primarily by companies in the telecommunications, financial services, retail, and travel industries. Other sectors that are finally playing catch-up include government, healthcare, insurance, education, and law enforcement.
Loeser fully endorses using physical features, such as voice or other biometric characteristics, as a factor for authentication. Most of all hacking, he says, is being done from overseas, in countries such as China, Russia, and North Korea. "It can't be done with security that requires some kind of physical content," he argues.
Ponemon identifies himself as "a big fan" of biometrics, saying it can be built into smartphones, laptops, and tablets "very easily today."
Many reasons exist for the slow uptake of multifactor authentication so far, but the real problem has been companies putting their own profits and customer convenience ahead of security. "There's been a tug-of-war for a long time between making things more convenient for the end user and making them more secure," Ponemon states.
Convenience and security do not have to be mutually exclusive, though, he argues. A company can, for example, use automatic number identification technology first to determine the validity of the phone number from which the caller is dialing. While the caller speaks to the interactive voice response (IVR) system or live agent, a voice biometrics engine can unobtrusively compare his voice with a stored voiceprint. If there is still some doubt as to the identity of the caller, a security question can follow.
"A lot of times, the customer does not even know [the company is] doing all of this," Ponemon says. "They might only see one example, but there are other things the company is doing behind the scenes."
With modern technology, "it is possible to make multifactor authentication as invisible to the end user as possible," he adds.
A comprehensive solution will allow companies to effectively enforce the appropriate method of authentication across applications, endpoints, and deployment environments—whether on premises or in the cloud—without over-burdening end users, adds Monolina Sen, a senior analyst in ABI Research's digital security practice.
Also helping boost customer acceptance: The solutions available today are good at what they do. "From a consumer standpoint, what we have in place seems to be working well," Siegel says.
The technology was most noticeable in the past when it failed, either generating a false positive that blocked access to an authorized individual or a false negative that allowed access to someone who should have been blocked, Ponemon maintains.
"This happens, but we're seeing fewer and fewer instances of it as the technology gets better and better," he says.
In the past, getting more than one form of authentication usually meant deploying solutions from multiple vendors, and this caused companies to delay adoption. But that, too, is starting to change as vendors combine authentication technologies into single product suites.
In June 2014, Sensory introduced TrulySecure, a combined voice and vision authentication solution for mobile phones, tablets, and PCs. TrulySecure brings together Sensory's speaker verification, facial recognition, and biometric fusion algorithms. No special hardware is required; the solution uses the devices' standard microphones and cameras.
SpeechPro also offers one-product multifactor authentication through its VoiceKey line. SpeechPro VoiceKey.WebAccess, introduced in September, enables users to access Web applications, corporate networks, and online accounts simply by speaking short passphrases and by capturing pictures of their faces, all without having to type in passwords.
VoiceKey.WebAccess uses a triple biometric accuracy process that combines speaker authentication, facial recognition, and a "liveness" test. The liveness test ensures there's an actual person in front of the device, not a photo or an audio recording. The technology uses a combination of more than 70 voice features and more than 40 facial features to confirm the subject's identity, and authentication takes only a few seconds.