5 Voice Biometrics stories you may have missed – September 2017

Matt SmallmanHome Page, Industry News

At SymNex, we have seen the extent to which Voice Biometrics can transform customer service interactions but know to have meaningful impact, it requires mass adoption by enterprises, governments and individuals across the globe. Most of the time there are people in those organisations with the opportunity to make the case and deliver the change but who don’t have the information and confidence they need to do so. Every month therefore, SymNex will pull together the key Voice Biometrics and Speaker Recognition news from across the globe, with our take on them, in an attempt to help others make the case and ultimately improve the experience of customers and frontline colleagues.

OPUS RESEARCH VOICE BIOMETRICS INTELLIVIEW – A COMPREHENSIVE VIEW OF THE VOICE BIOMETRIC MARKET (LINK)

Opus Research Logo

Our great friends at Opus have published the latest edition of their semi annual review of the Voice Biometrics market. The report compiles a comprehensive database of 19 vendors and evaluates their relative positioning in several relevant market contexts. Opus has been tracking this market for more than 10 years and has strong relationships with all of the relevant players as well as a strong background in enterprise customer services. They have recently been joined by Ravin Sanjith, who brings his own wealth of experience from leading implementations in South Africa. They definitely know what they are talking about!

Our take

  • We concur with their general view, based on our experience supporting client’s procurement processes, but know that choosing the right vendor for an organisation is a complex decision that is neigh on impossible to generalise. The work provides a great long list to start the process but there are often as many internal factors to consider as there are vendor capabilities.
  • We are also really encouraged by what we are seeing from some of the niche and challenger players identified in the report, so look forward to seeing how this view evolves as the technology gets adopted more widely, in terms of both scale and industry vertical.

EQUIFAX BREACH – THE BEGINNING OF THE END FOR KNOWLEDGE BASED AUTHENTICATION AND SECURITY THEATRE (LINK)

Equifax Logo

Whilst this story has been covered by all the main stream media, Brian Krebs has the most comprehensive analysis of the incident itself, the disastrous response and the following machinations.

In Summary: One of the largest credit reference agencies in the world failed to apply a patch for a publicly disclosed vulnerability in open source software and didn’t notice until after criminals had access to significant amounts of personal data for more than 2 months. It took them another month to tell anyone and did so in such a mishandled way that it remains to be seen if they will continue in business. The effect is that the majority of US citizen’s social security numbers are now compromised and as they are tied to retirement and health benefits, there is no mechanism to re-provision. Most worrying, is that as these numbers are used by nearly every company as a unique identifier of their customers, are part of nearly every identification and verification process and are often the only aspect that is not already in the public domain or easily discoverable, 143 million people’s investment, bank and utility accounts are now wide open to fraud.

Our take

  • The institute echo’s our own views and articulates them very succinctly. We work with our clients to educate their business leaders and develop an appropriate vulnerability framework that puts this and the other risks faced by Voice Biometrics in an appropriate context. In the case of Voice Biometrics used for speaker recognition, it is significantly more secure than traditional knowledge based authentication but certainly not bulletproof.
  • Much has been written about the HSBC incident itself but we believe it marks a transition to a new level of market maturity in the UK. False accepts and spoofing are firmly in the public mind, yet adoption rates remain consistently high, so we no longer need to talk in hushed voices about these issues.
  • We don’t neccersarily agree that multifactor solutions are required for every interaction if organisations deploy voice biometrics as part of an intelligent authentication service, where the level of authentication or scrutiny is appropriate to the real risk of the transaction or service being requested.

VIEWPOINT FROM THE BIOMETRICS INSTITUTE – SPOOF OR PROOF? (LINK)

Biometrics Institute Logo

Isabelle Moeller, Chief Executive of the Biometrics Institute, has written a superb piece that neatly summarises the issues surrounding biometrics and spoofing that was most publicly aired as a result of the BBC’s spoofing of HSBC’s Voice Biometric security system.

In Summary: All biometric systems have vulnerabilities but how exploitable they are depends on the business processes that surround their implementation. The quality of both the enrolled template and the recaptured ‘image’, has a significant impact on accuracy and there is a balance to be struck between letting imposters in and rejecting real users too many times. The instiute advocates that biometrics should never be seen as a single point solution but its intelligent use should be part of a multi factor solution. Definitely worth a read by everyone charged with implementing or operating Voice Biometrics services.

Our take

  • The institute echo’s our own views and articulates them very succinctly. We work with our clients to educate their business leaders and develop an appropriate vulnerability framework that puts this and the other risks faced by Voice Biometrics in an appropriate context. In the case of Voice Biometrics used for speaker recognition, it is significantly more secure than traditional knowledge based authentication but certainly not bulletproof.
  • Much has been written about the HSBC incident itself but we believe it marks a transition to a new level of market maturity in the UK. False accepts and spoofing are firmly in the public mind, yet adoption rates remain consistently high, so we no longer need to talk in hushed voices about these issues.
  • We don’t neccersarily agree that multifactor solutions are required for every interaction if organisations deploy voice biometrics as part of an intelligent authentication service, where the level of authentication or scrutiny is appropriate to the real risk of the transaction or service being requested.

VOICE BIOMETRICS TO BE THE ‘FRONT DOOR’ FOR ALL ANZ BANK CONTACT (LINK)

ANZ Logo

Not only did ANZ add voice biometrics to their mobile app this month but one of their senior executives publicly announced their intention that Voice Biometrics should become the main secure authentication method for the bank. At the same time he also raised the really interesting prospect of collaboration between banking providers and telcos to solve the national identity problem.

Our take

  • The mobile use case is not new in general but it will be great to understand what the customer take-up looks like. Previous work at Mastercard and USAA suggests that when given the choice, Voice is not the customer’s preferred biometric on the mobile device. However, if not given the choice, as it appears in the ANZ case, I suspect adoption will be high especially if it’s also usable in the telephone channel.
  • We agree that as markets reach a certain level of maturity, it is likely that customers will be enrolled in multiple Voice Biometrics services and that each of those organisations will need to bear the cost of enrolling their customers. Whilst there is some security value in this diversity, it remains to be seen whether this will become a barrier to customer adoption particularly of the more passive approaches, as it is very low effort anyway.

VODAFONE USING VOICE BIOMETRICS TO IMPROVE CUSTOMER SERVICE (LINK)

Vodafone Logo

Not strictly from September but we certainly missed the news that Vodafone intends to use Voice Biometrics to help improve customer service. It was one of four technologies they’ve talked about with a variety of outlets but got lost in the noise about Alexa bots and Virtual Assistants. With about a quarter of the UK mobile market this could be a significant move. There is not a lot of detail yet but judging from their own case studies (link) it will probably be a text dependant solution fronting their self service telephone applications.

Our take

  • We are excited to see Voice Biometrics move out of financial services, as whilst there are a range of Eastern European telco’s using Voice Biometrics (Talk Talk remains an exemplar deployment), it has not really seemed like the investment appetite was there in this notoriously low margin and high churn business.
  • As we switch our attention to smaller financial services, telcos and utilities, it is clear that the customer journey through automated telephone services has not always been as thoughtfully considered as it might be. This is the critical welcome experience for customers that sets the tone for the remainder of the interaction and we are hopeful (not just because we are customers), that Vodafone will set a new benchmark here. If anyone from Vodafone is reading this, we’d be happy to provide free feedback on their plans!

If you have any feedback on this month’s edition or want to make us aware of anything you think we should be covering or have missed, then please get in touch: [email protected]