Implementing Voice Biometrics: Realities vs Myths in Modern Call Centres
Recorded: 19 Oct 23 - 99 watches
Implementing Voice Biometrics for caller authentication in enterprise contact centres not only streamlines agent workflows by reducing time spent on security procedures but also offers a robust defence against fraudulent activity and eliminates significant points of friction for customers. A decade ago, when some of the world’s largest corporations began embracing this technology, they paved the way for quicker, easier, and more secure customer interactions. This naturally sparked interest among other organisations keen on following suit.
However, for many reasons, implementing Voice Biometrics on top of legacy call centre technology stacks took a lot of work, and for many, the benefits were not worth the effort. This often left organisations struggling to make a viable case for adoption, causing many to stall before they could even take the first step. Matt Smallman, who formerly led Contact Centre Strategy and Change at Barclays, and Brett Beranek, General Manager of Security & Biometrics at Microsoft, were at the forefront of these initial efforts and have been leading the implementation of Voice Biometrics ever since. In this session, they bust common Voice Biometrics myths and explore why, with today’s advances in both Voice Biometrics and call centre technologies, now is the optimal moment to reassess the value and feasibility of Voice Biometrics for your organisation.
In this session, they debunk three prevalent Voice Biometrics myths:
Complexity: Dive into how current advancements in contact centre technology have significantly simplified the integration of Voice Biometrics, making it a seamless addition to your call centre operations.
Performance: Understand how modern Voice Biometrics systems require just a few seconds of audio to authenticate callers with unparalleled accuracy and reliability.
Cost: Discover how the rise of cloud-based Voice Biometric solutions has led to a pricing model that aligns directly with the value delivered, making it an increasingly cost-effective option.
If you’ve considered Voice Biometrics in the past or previously ruled it out for your call centre, now is the time to reevaluate your stance.
06:11 - How hard is it to integrate Voice Biometrics to the call centre?
10:06 - How easy is it to implement the right Business Processes for Voice Biometrics?
13:15 - How much audio is really needed to enrol and authenticate a customer with Voice Biometrics?
17:47 - How quickly can we be up and running with Voice Biometrics?
20:35 - Do we need to decide between active and passive technologies when implementing Voice Biometrics?
21:43 - How do you prevent synthetic speech and deepfakes compromising Voice Biometrics?
28:06 - Are deepfakes and synthetic voices a good reason not to implement Voice Biometrics?
29:58 - Is it expensive to implement Voice Biometrics?
35:03 - What is the reality of implementing Voice Biometrics today?
35:58 - Question: Are privacy regulations and obtaining customer consent a barrier to Voice Biometrics adoption?
42:34 - Question: Where outside Financial Service are the missed opportunities for Voice Biometrics?
46:08 - Question: What does Voice Biometrics and it's applications look like in the future?
Brett is responsible for overseeing the security and biometric line of business at Nuance, a Microsoft company. In this role for the past 12 years, Beranek has brought Nuance to a leadership position in the biometric authentication and biometric fraud prevention space. A thought leader in the field of biometrics, Beranek is a frequent contributor to industry events and the media on the topic of AI technology and its use by the fraud community and how society can mitigate against these evolving threats. Prior to Nuance, he held various leadership positions in the biometrics and security industry. He has earned a Bachelor of Commerce, Information Systems Major, from McGill University as well as an Executive Marketing certificate from Massachusetts Institute of Technology’s Sloan School of Management. Beranek is also a certified Master Fraud Prevention Black Belt professional.
Matt is the author of “Unlock Your Call Centre: A proven way to upgrade security, efficiency and caller experience”, a book based on his more than a decade’s experience transforming the security processes of the world’s most customer-centric organisations.
Matt’s mission is to remove “Security Farce” from the call centre and all our lives. All organisations need to secure their call centre interactions, but very few do this effectively today. The processes and methods they use should deliver real security appropriate to the risk, with as little impact on the caller and agent experience as possible.
Matt is an independent consultant engaged by end-users of the latest authentication and fraud prevention technologies. As a direct result of his guidance, his clients are some of the most innovative users of modern security technology and have the highest levels of customer adoption. He is currently leading the business design and implementation of modern security for multiple clients in the US and UK.
Matt Smallman: Okay. Good afternoon everyone, and thank you very much for joining us this afternoon. Uh, it’s just gone one minute past four, so I think it’s time we make to start. My name is Matt Smallman. I’m the author of Unlock Your Call Center, which is just positioned just here, and the founder of the Modern Security community.
My, my work day-to-day is helping organizations improve the usability, efficiency, and security of their call center security processes. Uh, and today we’re hosting a session where we’re gonna talk about the realities of implementing modern Voice Biometrics security solutions. Uh, and why do we need to do that?
Well, in my conversations with, organizations and call center and contact center leaders across the world, it’s become really clear to me that . That many people’s perceptions of this technology, may not be up to date with the current best practices.
Introducing Brett Beranek
Matt Smallman: Uh, and therefore I’m delighted to be joined today by Brett Beranek, who’s joining us from, Montreal in Canada.
Brett Beranek: Hi Matt.
Matt Smallman: Um, who is the lead for Biometrics and security at, Nuance was Nuance and now Nuance a Microsoft company. So Brett, why don’t you introduce yourself and just tell us, quickly, how you found yourself in this field to start with.
Brett Beranek: Yeah, absolutely. Thanks Matt. Thanks Matt for having me on the, the webinar.
Uh, I am truly thrilled and before I introduce myself, I will give a little plug for your book. Um, so I was very thrilled when you published it. And I’ve made it mandatory reading for any employee that joins the Security and Biometrics team. ’cause I just find it’s, it’s very well written and very comprehensive.
So great work Matt. Um, so I lead the Security and Biometrics business here at Microsoft formerly Nuance, part of the AI contact center group. Um, and I’ve had the pleasure of, you know, directing the, product strategy, the R&D strategy and the go to market strategy for the voice biometric product line at Nuance now, Microsoft for the last 12 years.
Uh, I’m an expert in the biometric space. This has always been a passion of mine. Um, started, a little over now, 20 years ago in this space. And, I’m really thrilled by today’s topic because it, I think it is apropos. Um, you know, 20 years ago this was a science project and, now it’s a very mature field.
Um, and, hopefully we can answer some of the questions that, have come through so far. Um, Matt, I know you went out and reached out to the community and you’ve, you know, received a lot of feedback, so hopefully you can bust some of the myths that still persist in this space.
Matt Smallman: Thanks Brett. Uh, I think we’re just having a bit of trouble with your audio again, so, I dunno if anyone on the chat can just let me know whether they’re experiencing the same issue as me or not.
Um, but, we’ll we might try and get that fixed if it might just be my dodgy headset. Um, Brett, just before we, we jump in, like how did you find yourself in this field? Like at university? Uh, wait, is this the thing I want to do? Voice, Biometrics? Or, or how did you kind of stumble into this occupation? I think you were telling us about your aspirations to be a mounty. I think I heard that correctly.
Brett Beranek: That’s right. Yeah. I wanted to be an RCMP officer. For those of you, you who are not familiar with Canada, it’s our version the FBI but we do, they do wear these nice uniforms and ride on horses from time to time.
Um, and I realized that I could apply both my passion for crime prevention and, my passion for technology in a different way. And that’s how I ended up in the technology field. So, decided to focus on Biometrics and here I am, at, Microsoft helping organizations fight fraud and improve Authentication.
Matt Smallman: I think one, one other before we, we we jump in. What would you say has been your, your biggest, most greatest professional achievement in this field? What, what gives you most satisfaction?
Brett Beranek: Yeah, Matt, I’m, and, and my response I think will be very logical with, my origin. So whenever I see a, a customer of ours that is using our technology, identify fraudsters. And then, work with law enforcement to, identify the individual and ensure their arrest and prosecution. Um, that just gives meaning, to what I do.
Uh, and I think it gives meaning to, the entire team that is working on this product. And it motivates us to wake up early in the morning and work long hours and make sure that our customers have the best technology in their hands.
Matt Smallman: Awesome. That’s great. And I, I said, I, I won’t embarrass you, but a, a, a mutual friend of ours, Dan, Dan Miller shared, I think a webinar you must have done like seven, eight years ago with him, which has a, a much younger, looking version of your face on the, on the front page.
But I think at that, at that time, we were close to, a hundred million, voice prints, enrolled. Uh, and I think the projection was by 2020, 2021 that we’d be looking at close to, to half a billion. How close are we? Have we exceeded that?
Brett Beranek: I, we’ve, we’ve definitely exceeded that number. Uh, and I can only speak to, you know, the data that we have here, you know, at Microsoft.
Um, but what we’ve seen is very large organizations as well as small organizations adopt this technology and I used to use the term, you know, democratizing the tech. And, I feel that over the last couple years as the technology has gotten into the cloud and has been accessible to smaller organizations, we’ve definitely seen, increased adoption.
It’s allowed a lot of consumers across the world to use the technology to authenticate. Um, but sometimes it’s also used in the background without them even being aware from a fraud prevention perspective.
Matt Smallman: Awesome. No, I think that’s great. Great to hear that there are just so many people using the technology not, and not just for Authentication.
So we’re gonna jump into our, our, our main topic areas, and we’ll try and weave in people’s questions as we go. But if you have other questions, you want to throw them in the chat, particularly on the website. I have this up on my screen so I can, can throw, weave them into the conversation as, as we go on.
How hard is it to integrate Voice Biometrics to the call centre?
Matt Smallman: So the first area we were gonna talk about, was complexity, really. Um, and, when we talk about all of these subject areas, we’re gonna kind of look a bit at kind of what was true, what’s true now, and what does that really mean for organizations thinking about implementing this technology. And, and the first is around integration complexity and, I personally, I didn’t have any gray hairs before I started.
Uh, thinking about implementing Voice Biometrics, I think got too many just now. Um, but I, I certainly remember, a decade or more ago when putting in my first implementation of this, we had to buy extra routers because the routers we had didn’t manage port spanning, and we had to reconfigure our entire network just to be able to listen to calls for passive voice biometric Authentication.
We found some. Weird oddity where, like a third of our calls were rooted through a server that happened to sit underneath someone’s desk in Jersey for some reason. Uh, and, a whole bunch of com complex, challenging integrations that made testing, and delivery really challenging. Uh, and I’m just not sure that, that certainly hasn’t been my recent experience.
I dunno about you, Brett. What, what’s, what’s true today for complexity of integration?
Brett Beranek: Yeah. Yeah. And, and that’s one of the surprising things for individuals who are not familiar with this space, is that the most complicated aspect of deploying Biometrics in a contact center historically has been, how do you get the audio?
How do you get the audio from the contact center to the Voice Biometrics solution? And Matt, your experience, back in the day is unfortunately indicative of how many organizations have to tap into audio, right? Which was with hardware, right? So it required acquiring new devices, right? Whether it was routers or SBCs, right?
Whatever, whatever that hardware component was. But you needed to find a way how to send the audio. And then once the audio was sent over, there was a need to actually, you know, integrate to, the contact center platform. And that was the second challenge. And so many organizations were several months into the journey of, deploying Voice Biometrics without actually having performed a single biometric transaction.
Right. And that, that created a lot of frustration. And to, so the good news, the good news is that today that is gone. Um, with, contact centers that are in the cloud. So CCAS solutions, sending audio to a third party solution such as a voice biometric platform, is as simple as, flagging it with an API call, right, or initiating an API call.
Um, and fortunately organizations like Microsoft, but also others in this space have, created out of the box integrations to the major CCAS platforms. And so really that audio, that data is flowing bi-directionally, instantaneously out of the box. So you can start using the solution just with a couple of clicks.
Uh, instead of, you know, getting heart palpitations, trying to figure out, how to acquire and deploy hardware in physical contact center locations, which sometimes can be quite challenging.
Matt Smallman: Just to reiterate that I think it comes back to democratization points, like fi finding the audio in the, in the network used to be some sort of black art where only, only a, a few of the high wizards of, networking were able to identify where it was using, packet sniffers and all sorts of stuff to try and figure it out.
Whereas, Today it’s most, most developers will be able to read the documentations of the API, and make it work with a bit of trial and error in, in a few hours with, with very little kind of, need for extra support or, or extra skills and experience beyond what, what an engineer would, would normally have.
Acquisition of audio, as you say, is, is a pretty much a solved problem now.
How easy is it to implement the right Business Processes for Voice Biometrics?
Matt Smallman: One of the areas that seems to be less solved, however, is the business processes. And I, and I think for me, that’s certainly the area where, the, biggest challenge I see in implementation is, is like, okay, so we know the underlying technology works.
We can get the audio and we can run biometric transactions on it, but figuring out how to fit it in our business processes, our agent desktop, how we manage consent, how we ask consent, how we manage the, whether, which customers we’re gonna ask. All of that extra complexity, still exists, doesn’t it?
Brett Beranek: It, it, it does. Um, but, unlike organizations that deployed Voice Biometrics, several years ago, There’s a lot of knowledge out there, whether it’s with individuals like yourself, Matt, who have that experience and they can, you know, share it with others or coming from, you know, vendors such as Microsoft that have worked with several customers, I.
Uh, there’s no need to start from scratch and ask fundamental questions about how to enroll, how to collect consent, because many others have gone through this process and many others have have solved this. So, you know, I know back in school it was, forbidden to look at somebody else’s paper and, and, and, you know, get heavily inspired from what they’re doing.
But I think in the business community that we, we should be doing that, we should look at what our peers have done. Uh, and, and yes, maybe tweak it. Uh, maybe augment it, right? Adapt it to how things operate within, specific organizations. ’cause, you know, full transparency, there are differences, but there’s no need to start from scratch.
So, Matt, I know that you’ve been very instrumental in helping organizations, right? Getting them on the right path. Um, and I, I think it just makes a ton of sense to tap into that knowledge.
Matt Smallman: My book’s gone out shot, but there’s a, there’s a starter for 10 in, in, in the book, but I think that that’s absolutely true.
I, I, I remember, Pull up a sandbag and listen to a story for a second. But back in, back in 2010 or so, when we first talked about implementing this technology in the UK, we had to engage with regulators. We spent, several months doing customer focus groups to figure out whether they would actually use it, what was the right way to ask them, how did they want to, how it be approached about the service.
And whilst some, whilst that was really valuable and it did help us kind of implement the technology at that point, it was against a different kind of cultural context, but also, an unproven technology. So it was worthwhile at that point. But certainly in my more recent work, whilst we often start with a blank sheet of paper, because that’s probably the best way to do it for most organizations, actually, we do find ourselves, coming down to one or two very, very similar patterns.
So I would completely reiterate the kind of copy with pride ethos there that, yeah, that there are the patterns exist, and now it’s about customizing those patterns rather than, starting from scratch. That’s a great point.
How much audio is really needed to enrol and authenticate a customer with Voice Biometrics?
Matt Smallman: Uh, move, moving on then conscious of time. Um, the other area that people often think about is, is performance.
Uh, and I think about performance in a couple of different dimensions. So the first area we’re gonna talk about is kind of core performance of the, of the underlying biometric engine. Uh, and, and I remember. It’s not, it’s not, not my, history lessons here, but there, there was a lot of skepticism originally about this technology.
It wasn’t good enough. The failure rates were too high. It wasn’t accurate enough, it wasn’t secure enough. Uh, and those to some extent were valid maybe a decade ago. Uh, And if to get it to a performant level, required quite a lot of work. And there was a, a certain degree of, chicken and egg. Like I, I need to get some audio from my customers in order to figure out what they sound like so I can be sure the system’s secure.
But I. I can’t really ask my customers for audio until I’ve got them something to use. So we used to see quite long, periods of friends and family testing or limited pilots where we were capturing audio in order to tune and calibrate the model so we could be confident enough, to launch it to the, to the general public.
But, but I just don’t see that being the case anymore. In, in the more recent implementations I, I’ve worked on. How, how has the technology improved Brett?
Brett Beranek: Uh, so, so Matt, the technology has improved in leaps and bounds. Um, and, you know, when I started studying Voice Biometrics, the state-of-the-art technology was able to authenticate somebody with freeform speech, right?
So the conversation that we’re just having right now, with 15 seconds of net audio, which, if you’re rambling like I do, It’s maybe 30 seconds before you get to that 15 seconds of net audio because we, we always have some pauses right in our speech. Um, and enrollment required easily 60 seconds of net audio in order to create a voice print.
Um, so that worked for a handful of organizations, right? The organizations that were willing to make the investment to change their business processes to, get to that data. Um, But it was very hard to adapt this to all organizations, especially to organizations that needed. To, apply this in self-service channels, right?
So in a contact center right in the IVR, technology was, challenging, at least if you were using the freeform freeform speech. And so, Matt, you’ll, you’ll remember a lot of organizations try the active Voice, Biometrics, technology that required the individual to, you know, speak a specific phrase.
And, you know, that wasn’t the most, customer friendly approach to using the tech. And so fast forward to today where we’re using deep neural networks. In order to, enroll somebody in Voice Biometrics and validate their identity, we’re able to authenticate somebody in easily a fraction of a second or one or two seconds of net audio, and enroll them with as little as five seconds of net audio, which makes the application of this technology in self-service channels viable.
And makes the application of this technology at the agent level, right, where there’s a live conversation with an agent, so much more efficient. And so that has opened the applications for Voice Biometrics to beyond, just the contact center. And we’re starting to see organizations expand it to, mobile apps and a step up Authentication in the web and even in brick and mortar locations for in-person Verification.
Which are applications that would’ve been extremely awkward, 10 to 20 years ago with the amount of data that was required.
Matt Smallman: A couple of points to build on there. So first about the, the duration and I, I still get this challenge today really about, what happens if we don’t have an Authentication result by the time the agent needs to do something.
And, and I think from what you are saying, that that just shouldn’t be an issue anymore. We should be able, we should always be able to get some form of results before the agent needs to do anything. Uh, is that, is that what you’re saying?
Brett Beranek: That’s exactly it. It’s lightning fast, in fact, when there’s an agent that doesn’t get that virtually immediate green light telling them that this is the right individual, then instinctively that agent will know that the person on the line is not the correct person.
How quickly can we be up and running with Voice Biometrics?
Matt Smallman: So I, I was just gonna build, build on two issues.
So one I think was the tuning and calibration discussion, and this is often that chicken and egg debate. Uh, and, and I, I, I think we’re in a state now where actually in many cases these solutions are good enough to use out of the box, and it’s a case of validating the settings more than it’s, optimizing or configuring them for your particular environment.
So would you agree?
Brett Beranek: Yeah, absolutely. And that, that has enabled organizations. That have no internal expertise in Biometrics at all, to use this technology and, and not have to rely on outside experts such as those that come from organizations like Microsoft, to tune and calibrate Biometrics, which is, which is a fine art.
And, and we call them speech scientists. These, these are individuals that take data, that perform tests, and that then analyze those tests to you know calibrate biometric engines. And so those individuals are still around. Um, they can still be leveraged to achieve optimal performance. But for the great majority of organizations, the performance that exists out of the box is, more than sufficient.
And so, a lot of mid-size organizations that have deployed Voice Biometrics today. Are using the, the settings, the biometric settings that exist in the product without any modifications at all. And that is a testament to how mature the system is and how the technology has become. Matt, you’ll, you’ll, remember that back in the day, right?
So maybe a decade or more ago. Um, using a biometric tool out of the box without any tuning calibration, was akin to, to, you know, using a, a product that was providing virtually random results. And so, and so vendors very,
Matt Smallman: I think it was probably career suicide.
Brett Beranek: Yeah. . So, vendors, vendors, I think were very open and transparent about that, and that that’s why the use of speech scientists in order to perform that tuning and calibration was mandatory.
And, and so it’s no longer a mandatory step. Now it’s an optional step in order to squeeze out just a little bit more performance out of the algorithms. And, and as I said that the ROI on performing that step only makes sense for very large organizations who wanna squeeze out maybe an extra percentage point out of, out of the, out of the system.
Uh, whereas an organization that may be performing . Hundreds of thousands of verifications per year. It just doesn’t make. It doesn’t make a material difference to perform that step.
Matt Smallman: Awesome. And I, I think that, that, that was on my feature request list for probably most of the last decade, so thanks very much for, for delivering on that.
Do we need to decide between active and passive technologies when implementing Voice Biometrics?
Matt Smallman: Um, just on, on the other point you made about active versus passive, that, that, that was something that I. That a lot of people got hung up on, maybe five, six years ago. We, we often didn’t get off the start line with projects ’cause we were having this debate about should it be active and go in the IVR, should it be passive and go with the agent? Should we try and do both? Is it too complex to try and do both?
Um, has that debate been finalized. Are we passive all the way? Passive everywhere I think one of your colleagues called it, a few months ago.
Brett Beranek: Yeah. I, I, I think there are only a handful of organizations that are still operating as they did originally when they deployed these solutions that are still using active Voice Biometrics.
Um, but there’s no need for active anymore given the efficacy of passive Voice Biometrics. So the ability to authenticate somebody with, extremely short segments of audio in a, in a very accurate and secure way, makes that technology obsolete. So for new customers, for organizations that are looking into this technology for the first time and that are thinking about deploying it, Um, it is indeed that debate is no longer found.
How do you prevent synthetic speech and deepfakes compromising Voice Biometrics?
Matt Smallman: And, and here, here we go with the, the, almost the poison challice topic of, of the debate when we talk about performance. Like there’s obviously the core biometric performance and that that was a focus for an awful long time. And then there were all these other things that came along with the engine, such as recording and playback and even synthetic speech detection, which were always kind of something we talked about during implementation and did our risk assessments and determined that actually no one was gonna attack it in this way because the technology wasn’t valid, the technology wasn’t effective. Uh, and it just wasn’t worth the, the customer experience cost of doing that, that clearly is no longer the case. Uh, and a lot of questions coming up from, our audience about what, what Microsoft and Nuance are doing to keep ahead of that, that deep fake audio threat.
And how should that be considered in the context of performance overall?
Brett Beranek: Yeah. Matt, you, you’re, rightfully so bringing this, topic up because it is, on everybody’s minds these days. Um, and so I was speaking earlier about the performance enhancements of Voice Biometrics, that is rooted in enhancements in deep neural networks.
And, those same foundational technology improvements have also been applied to . Other technologies such as, the generation of synthetic voices, right? So DeepFakes Matt as you, you mentioned them, which is kind of the nefarious use of that technology. Um, and so the good news here is that we’ve always considered this as a potential threat.
So whether, a presentation attack used a recording or a synthetic voice, we were always prepared for that type of attack. From a technology perspective. Now, most of our customers did not implement these algorithms because once they performed their risk assessment, they determined that there really was no need for them, given that there was no attacks using synthetic voice, given the immaturity of the technology.
Um, about a year and a half ago, there are some vendors that, launched their solutions online that allowed the creation of synthetic voices with very little audio input. And that provided a, a GUI that was quite easy to use, so you didn’t need to be a programmer in order to create your synthetic voice.
And so that’s changed the game. Um, so we saw a lot of media attention on this topic. We saw some journalists, synthesizing their own voices to try to get into their own accounts.
Um, and you know, fortunately even for organizations that were running, I. You know, older technology and that had not enabled these protective layers. Um, the technology actually performed quite well, given that these journalists were unsuccessful, in their initial attempts and had to try again and again, again.
Eventually they were able to get through. Um, and, but that did create some panic. That did create some panic for sure. And we’ve been working very hard to reassure customers that they have the tools at their disposal to address this attack.
Uh, and one of the best ways to stay ahead of the game, so to speak, right? So the stay ahead of the fraudsters, is to leverage a cloud version of the solution. And the reason for that is that the onus on updates and upgrades is on the vendor, right? Instead of on an internal IT organization.
And so, Matt, I was talking about some customers out there that are still using Active Voice Biometrics that they deployed, you know, maybe 10 years ago. Well, that exposes them to some risk. Right? Um, and I wanna be very open and transparent, but we are not seeing, fraudsters use this technology at scale. Uh, we’ve, we’ve seen a handful of cases where that’s been attempted, but in, in this is a threat that we need to prepare for. And, we’ve been working with jointly with organizations to move them to cloud so that they can have the latest and greatest technologies.
Which are available. Which are available because our research teams are focused on staying several steps ahead of, nefarious individuals and are, in our specific case, right, being part of Microsoft, we have access to the source algorithms, we have access to the source data that feeds the most advanced, synthetic voice algorithms out there.
So that’s Matt, the most specific answer that I can provide to your question, which is that’s how we stay ahead. Of, this threat, by developing mitigating technologies before they’re even released to the public.
Matt Smallman: Thank, thanks for that. And, and I, I, I liken it almost to the kind of the, the antivirus days.
Like, it, it, at no point in time is this gonna be a solved problem. Both technologies will continue to evolve. It’s about how to kind of reduce the cost and complexity of, of implementing those, those patches and changes. And, and as you suggest, cloud is, is a, is a way to do that.
Um, the threat will continue naturally to evolve and. I think, I think you’re absolutely right to say that. Where we’ve seen attacks, they’ve mostly been in this kind of colluded reputational risk more than they have been scale fraud. Uh, and in, in fact, our, our own risk assessment suggests that the, the biggest vulnerability, from deepfake voices is not the enterprise, is not enterprises deploying, voice biometric solutions.
Uh, it’s cons. It’s enterprises who ha, who. Re remain on knowledge based Authentication models, and whose customers are socially engineered at scale by synthetic voices to hand up hand over those credentials. Um, it’s far easier to generate a thousand phone calls sounding like the person down the street asking you to give you letter three and four from your password. So I can put that in online or into another system than it is to try and create a target specific voice and, and fool a biometric system.
So yes, the threat does exist. Um, it’s moved from the kind of, theoretical to feasible. Um, but actually in the kind of the overall threat spectrum, it it’s probably not as high as, the current media speculation, suggests.
Are deepfakes and synthetic voices a good reason not to implement Voice Biometrics?
Matt Smallman: So though I do know that it, it’s, it’s one of the easy things that people throw out there as a reason not to implement, Voice Biometrics. So, so what would you say to those people who are kind of faced with their peers and colleagues in organization who want to implement this technology, but people keep saying, oh, what about DeepFakes?
What, what would you say to them?
Brett Beranek:Yeah. Well one of the consistent responses that we’ve seen from organizations that have, had to deal with this reputational issue, right, that have been the subject of some of these media articles, consistently, those organizations have emphasized that they urge their customers to stay with Voice Biometrics because that is the most effective way to protect their accounts. And so, every technology has vulnerabilities. Um, the vulnerabilities associated with the alternatives unfortunately, are significantly higher, right? So, passwords, pins, security questions, SMS OTP, there are massive security holes in those technologies.
And so for. A specific consumer to not use the technology. They’re putting their accounts at risk. And, but then for an organization not to implement this technology, they’re putting all of their customers at risk. And so that’s, that’s the response that I have to organizations that are hesitating because of this, this threat.
And I wanna reassure ’em, that this is a threat that is top of mind for us and that we have a mitigating strategy for. Um, and so it is, it is, Matt, I like your analogy with antivirus. We have the antivirus software to prevent this type of attack. Um, it just needs to be turned on and, and that’s something that many organizations are doing right now.
Is it expensive to implement Voice Biometrics?
Matt Smallman: Awesome. So I’m sure we’ll get back to this in the questions. Um, but I’m gonna, I’m gonna move on ’cause we had one other topic area we wanted to pick up on and that that was cost . Uh, and to a certain extent, cost is a function of complexity. Uh, and. I, I do, I do remember a conversation where it basically like, it, it was a million dollars to start a project and that was just in third party professional services fees.
That was just to start, acquire the audio and figure out all the bits that needed patching to here and there. And then there was the perpetual licenses, and then there was the, what am I gonna need at peak volume? How many thousands, millions of thousands of transactions am I gonna need to, to do? And it, and, and the sticker price was, enormous.
Now for, for some organizations that that made economic and commercial sense because it mitigates a lot of fraud. It significantly improved customer experience. It saved a lot of agent handle time. Um, and it, and it was worth the investment. Uh, and, and, and many organizations have done it on the, on that basis, but I, I just don’t think that’s true anymore.
When I, when I look at the technology that’s available today, you, you can kind of switch it on in the, in the console of some of these, contact center as service applications. It, it’s not, and it’s a consumption based model. Yep. So it’s about, huge upfront costs. I know. What, what, what does it take to get a, a solution up and running today, Brett?
Brett Beranek: Yeah, Matt, I’m, I’m glad that you bring that up. Um, and maybe to add one other layer of cost. I’ve heard from a lot of organizations that went through this legacy deployment model that they had also a lot of internal IT costs, so it wasn’t necessarily just the spend.
Matt Smallman: Yeah. Good point.
Brett Beranek: But, you know, I’ve, I’ve heard organizations say that the, the amount of money spent on, on the vendor, was, actually the smaller portion of the investment.
The internal investment was sometimes a multiple of two or three right, that spent on the vendor. And, and that has a lot to do with what we discussed before, right? So, Matt, two, two main things. Getting that audio in, getting the data flowing, and then figuring out all the business rules that had to be adapted for this technology that drove a lot of cost.
And so, as we spoke about earlier, that is no longer a requirement. And so we’ve seen organizations, community banks, credit unions, organizations that have a handful of contact center agents. And I do mean a handful, that have been able to deploy this technology successfully and achieve a return on investment within a year.
Um, I had one, executive, so contact center executive at one of these community banks, and she shared with me that three months after deploying, Voice, Biometrics within their contact center, they had prevented one fraudulent attack, which would’ve resulted in a fraud loss about a hundred thousand dollars.
And that that delivered an ROI. So that gives you, without you, you know, without sharing the specifics of how much they spent. Right. It does give you a scale of, of what this can cost for a small organization. And so we’re very far away from those, you know, figures, Matt, that you had shared earlier.
Um, So cloud, cloud is one of those drivers. The subscription model, Matt, that you mentioned is, is one of those factors, right? That’s driving down cost, that’s eliminating that upfront investment. Um, but also just the ability to use the technology out of the box is, is, is game changing. Uh, and we see organizations that between the time they agree to move forward with this technology and the time that they’re customers are benefiting from the technology as it, it can be as, as quick as 90 days.
Which, Matt, I think that was that was completely unfathomable, right? Back in the days where hardware had to be purchased and you could easily wait that time, that length of time just to receive your hardware.
Matt Smallman: That was definitely true, but I think, our, our rule of thumb was something like one third, two thirds, to third party costs versus internal costs.
Uh, and was three years to achieve run rate benefits. So three years before you could start banking, you were kind of in positive benefit territory, because it probably took you eight, 12 to 18 months to switch on a service. Uh, and then another 12 months to kind of, start getting into positive territory in terms of how much it cost you to enroll and, and all the rest of it.
So, to positive benefits in 90 days. I’ll, I’ll, I, I won’t drink to that because I don’t have anything here, but, I would definitely, drink to that,
So, that, that’s really all we wanted to cover in terms of these kind of three big areas. I think it’s worth a quick recap on those before we jump into questions.
. But I also had 43 separate questions from people, of which about a third were on deepfake, so we’ll, we’ll, we’ll come to those in a second before we do.
What is the reality of implementing Voice Biometrics today? – Summary
Matt Smallman: I think it’s worth a, a, a quick summary of those kind of three big areas.
We talked about, complexity, principally about integration and business processes, that it’s a solved problem. Yep. We know how to do this, we know how to plug it into pretty much everything. Um, you don’t even necessarily need a professional third party professional services to do this.
Your developers should be able to do this, using, using the instructions out the box, complex performance terms, what it takes to get a system up and running and, and . Stable and performant largely available out of the box. Yes, there might be some benefits to, to fine tuning.
Uh, and then finally cost. Um, cost may not even be, be an object anymore if you can get to payback in 90, 90 days. Um, what used to take three years, could now easily be done in, in, in six months, it sounds like. And I, I’ve seen some implementations like that as well. So I, I would would agree with that.
We’re gonna jump into, into questions then.
Question: Are privacy regulations and obtaining customer consent a barrier to Voice Biometrics adoption?
Matt Smallman: Um, the, one of the big ones we haven’t really touched on here because it’s kind of a, it’s kind of outside the technology domain, but, it’s about privacy and consent. So I. In a, in a similar way, kind of 10, 12 years ago when we were first implementing this technology, we had to explain to regulators what exactly Biometrics were and how, how they might be used, and what they should be worried about about them.
And we were largely leading the debate. Uh, I think in many jurisdictions, it’s become, Certainly clearer what the regulations are and what needs to be done, but, but in some ways people also see that as a barrier to, adoption and a challenge and a reason why they might not deliver, significant, benefits or of many be much benefit as they think they might for the organization.
Brett, do you, do you think that. Privacy regulations and cus obtaining customer consent is a, is a barrier to voice by metric adoption.
Brett Beranek: I, I, I don’t, and I think I was a quite a lone voice, 12, 13 years ago when I was trying to convince, organizations that, you know, providing notification and collecting consent was a good business practice.
Um, back in the day, as Matt you mentioned there were. Very few jurisdictions that had, these requirements. And so we did see organizations that, you know, took these best practices that we had communicated back in the day and implemented them and, and now they’re in a position where they don’t need to make modifications to their, deployments.
But we also saw organizations that, you know, were a little bit more. Um, aggressive in their approach and, and decided to, not follow that path. And then as regulations evolved, had to change the way that they deployed. And Matt, I think you’re aware of some of those cases in the UK where I.
Organizations had to unfortunately, right. Delete some voice prints and then re-enroll individuals, right? Because of that. So, all that to say is that, no, I don’t believe it’s a barrier. Uh, I think organizations should feel very comfortable with the fact that I there is a harmonization of requirements of, pretty much across the globe, whether you’re in Europe, you’re in the uk, you’re in the United States, you’re in Canada, many other countries, some of the fa foundational requirements, and privacy as, you know, to keep your system transparent and open and provide notification that it’s in use.
Um, and then for the purpose of enrollment, right? Creation of of biometric prints, collect consent. And I think one of the reasons why organizations feel that it could potentially slow things down is that probably in the back of their minds, they’re thinking that they need to send, you know, a 12 page legal document to somebody that needs to take out a pen and sign it, and then mail it back to the organization.
That is not the case at all. You know, regulators have been very flexible. Um, they’ve, understood the need to be able to collect consent and provide notification in the channel that the customer is operating in. And in a phone channel, that means using a voice, right? So providing, an affirmation, right?
Saying yes. Saying, okay, yeah, go ahead. Right? That’s all that you really need. I. Uh, to be able to showcase that, you know, the individual has agreed to this. And in self-service channels, it’s even easier. Um, so whether you’re in the mobile app or in the IVR, right, having somebody press the okay button on a, on a touch screen or, you know, verbalizing their, their, their affirmation, right? Just saying yes, is very quick, very efficient.
And so we have not seen, we have not seen organizations that, collect consent, have, a negative impact on their ROI. The great majority of consumers out there embrace this, this technology, they see the benefits. They understand the benefits that this is, enhancing the Authentication process, but also protecting them and protecting their accounts from fraud.
And that’s something that is universally, sought after. Um, and so, you know, again, long response to your question, but I do not see this as a barrier at all. Um,
Matt Smallman: So fir first off, I completely agree with you, and we, we did a session with, with a, with a lawyer a few months ago where we kind of went round this same subject.
It’s just the right thing to do. It’s rude, and a bit weird to do this without asking people. It’s kind of, you just, you just should do it anyway. Whether you have to dress it up in quite as many legal terms is, is something to debate with your, with your own lawyers, but that, that will vary by, by organization.
I think some of the challenge though here is that it, it’s seen as a, as an extra cost of implementing this type of Authentication security technology versus others such as, SMS OTP or push notifications or device-based Authentication.
And actually, whilst, whilst I agree to, to some degree, , Really, it’s, you should also see it as a function of training. Yeah. It helps customers to understand the service they’re about to use and makes them better users of it because they feel engaged in the process rather than forced, to do something. So I, I know it can appear like an, an incremental cost of this. Compared to other forms of Authentication and security, but I’m not sure that’s necessarily a fair comparison.
And when you do have that consent, the opportunities that that creates over those other methods are, are quite significant. I dunno if you’ve got anything to add there, Brett.
Brett Beranek: Yeah, Matt. I do, I do. Um, so enabling a, OTP, right? So enabling, SMS OTP, that requires an overt step from the customer, right?
They need to provide you with their cell phone number. So there is a cost to the consumer, and there’s a cost to the organization to drive that behavior. Um, and yet you’re left with a, credential, or a step up Authentication method, that is at most, temporary, because people change their phone numbers, people change their devices, and so it is not a lifelong credential.
And so one of the beauties of Biometrics. It’s that you can keep on using this biometric credential for decades. And so once you spread that cost over the lifespan of that credential, the lifespan of that relationship with a customer, then it really becomes completely negligible.
Question: Where outside Financial Service are the missed opportunities for Voice Biometrics?
Matt Smallman: So I think that that leads onto another question that, that was asked in the, in, in my call for questions earlier, which was outside banks and financial services who are, who are clear use of this technology. And it, it’s in my, in my mind, it’s a matter of time.
What, what, what other industries and sectors do you see a kind of unrealized return on investment that they could get from implementing this kind of technology?
Brett Beranek:Yeah, so any organization that is, Struggling with fraud, within their contact center is, is a clear candidate for this.
And, so beyond the financial sector, we definitely see telecommunication firms, gaining a lot of value out of this technology. And I would say that for, for the time being, it is an exception that a telecommunication firm is using Voice Biometrics. Rather than the rule. And so that is unrealized value, at the industry scale, even though there are a handful of telecommunication companies, in various countries that have benefited from this for many years.
Now, the other key vertical is insurance companies, and that may be a little bit counterintuitive, but insurance companies tend to have very. Uh, irregular calling patterns into their contact center. Um, so for many of us, we don’t call our insurance company for a long period of time until we have some kind of issue.
Uh, and then there may be several calls in a row as we try to resolve this issue. And so we found, that just on the Authentication front. Um, the insurance space is, an an industry where we have a handful of organizations that have realized the value, but where the majority of organizations in this space have not done that yet.
Um, and then, you know, maybe another example is, government services, and this really came to the forefront during the pandemic where there were a lot of payments that were going out to citizens from various government agencies. And, what came, to the fore is that not having a proper way of validating identities, is, hugely problematic and can lead to a lot of fraud and what we’ve seen as organizations across the world.
Uh, so whether it’s the US government, Canadian government, many European governments have lost an, an incredible amount of money as payments were sent out to, individuals that, were not in need of these, of these payments, or were, outright, taking over other individuals’ identities in order to receive those payments.
So those are just a few examples of organizations that could benefit from Voice Biometrics, and my response was very much tailored to the contact center space. Uh, once you zoom out and you look at the use of this technology within digital channels such as mobile apps and, and the website, it, it really can apply to any organization that needs a step up Authentication, which is a lot.
Right. I I, I, I could go down, for several minutes right. Just listing all of .
Matt Smallman: We, we, we are, we are, we are coming up on time, so I’m probably gonna have to draw, draw a line. Sure, sure. Draw a line there. I’m sure you could sell this. To anyone, . But I think, I think I like those, those, those three kind of sectors that you talk about.
And I would agree those in terms of, unrealized opportunities, telco’s, insurance and, and public services, government services as you, as you say.
Question: What does Voice Biometrics and it’s applications look like in the future?
Matt Smallman: Fi, final question then, as we’re wrapping up, and I apologize, we haven’t managed to get to everyone’s questions. Um, we’ve been talking a bit about, What was true 10 years ago?
What’s true now? Uh, and what’s changed? If, if you could gaze into your crystal ball or, or maybe you have the privileged insight that I don’t, what, what does this technology and its application look like in, in 10 years? What, what are the, the final hurdles, the barriers? You, you will, you will have changed or you hope to be able to have changed and transformed in that time?
Brett Beranek: Yeah. Well, I have to be very careful what I say. Yes. I do have access to some privaleged information in my role, but I will say the following, on the fraud side.
On the fraud prevention side, I do see, technologies such as Chat, G P T, assisting with, the task of hunting for fraud and, and identifying fraudsters and, and just going through case management. Uh, right now it’s a very manual process and, Some organizations have done a phenomenal job, but some organizations don’t necessarily have the staff to do that work.
And so I do see, technologies such as , augmenting that side of things. And then specifically on the Authentication side, I just see continuous improvement in, in the technology. Um, and so I, I see it just becoming even more seamless and transparent, and which, which will just make the technology more ubiquitous than it’s today.
Matt Smallman: That’s a very, very succinct, an answer as we’re coming up to time. So, th Thank you very much for that, Brett. Uh, and, and I’m sorry, we didn’t get to everyone’s questions. Who, who came up, on who, who answered? I think we covered most of the general, topic areas. Um, but I will have a look at those and see if we can, come up with, some offline answers for, for people.
So thank you very much for joining us, Brett, and, and contributing today’s session. Thank you everyone who joins online, on LinkedIn, on YouTube, and wherever else this is being broadcast. Um, thank you very much for joining the Modern Security Community. Um, as you can see, we are here really to talk about the application of this technology so it can improve customer’s, security, and the efficiency and usability of call and contact center processes.
In our next session, which is scheduled for the, just checking my calendar for the 9th of November, it’s just me, I’m afraid, but I will be digging into the, return on investments for modern security technologies as a whole, not just Voice Biometrics, really looking at what the cost of poor security and poor Authentication processes in today’s contact centers and call centers are.
And we’ll be using, some tools, from the afore mentioned book, including some new tools that we’ll be, deploying, on the day. So thank you very much for joining us. I hope you can join us on the ninth November. You’ll receive a recording afterwards. Uh, and once again, Brett, thank you very much.