Softjourn

How Voice Authentication is Changing the Tech Landscape

With voice biometrics, your voice could be your next password as this popular biometric starts to make waves in many different kinds of consumer-driven industries

March 06, 2020 by Softjourn

It’s almost normal now to secure your phone with a fingerprint; but how comfortable are you offering a passcode using your voice?

Voice recognition, also sometimes referred to as voice authentication, is the next big biometric going global. By 2023, there will be 8 billion voice assistants like Siri and Google Home in use globally, according to Juniper Research.1 If you have one in your home, you might be comfortable asking it what tomorrow’s weather will be, or to find out if that really was that Avenger’s guy in a new Netflix special. 

Smart speakers are on the rise, growing by 78 percent between 2017 and 2018. Our phones come packed with digital assistants like Bixby and others just waiting for us to speak a passphrase to order them into action.

But would you use your voice to verify your identity? There are many questions swirling around how it works, how secure it is, and how it can benefit both businesses and customers.  

voice authentication

How Does Voice Authentication Work?

Voice authentication works through digitizing a person's speech to create a template, also known as a stored model voice print. The technology reduces each spoken word to segments composed of dominant frequencies called formants. Each formant has several tones that collectively identify a speaker's unique voice print. These prints are stored in secure databases, just like fingerprints or facial scans. 

A good quality voice print is usually made from reciting a specific text or passphrase, which can be either a verbal phrase or a series of numbers. Just like when you use a touchpad on your phone a few times so that the scanner can capture all angles of your fingerprint, a passphrase is spoken a few times to create a comprehensive sample. When a person uses the passphrase, certain words are compared with the stored voice print. 

Some systems don't rely on stored recordings, and instead are trained to recognize similarities between individuals' voice patterns.

How is Voice Authentication Being Used?

Financial institutions have been a big adopter of voice authentication technology. Citibank (Citi) uses voice authentication to verify customers within the first few seconds of calling into a help center, and has the largest deployment of a voice biometric in the U.S. as of 2016.2

Citi started using the technology so that customer service representatives could skip tedious questions regarding customer’s pets, favorite sports team, or sibling’s current place of residence. The technology, provided through NICE, identifies 130 different physical and behavioral characteristics within a person’s vocal pattern in real-time, over just a few seconds. As of 2017, Citi reported enrolling a million Asian Pacific customers into their voice authentication program.3

Another example is the $1.2 billion Kennebunk Savings Bank in Maine.4 When the bank detected fraudulent calls to its call center multiple times per day, it deployed voice authentication. Customers opted into the program and recorded a short 30-45 second clip of themselves. This allowed Kennebunk to identify a customer within two to three seconds and shorten the length of time needed to verify and validate who’s calling.

Kennebunk reported 1,400 customers signing up for the program and that multiple fraud attempts were halted with the technology.

Overall, voice authentication helps banks and other businesses offer a more convenient customer experience for their clients while helping to fight fraud.

voice authentication security

How Secure is Voice Authentication?

But does that convenience come at the cost of security? There have been numerous stories in the news about hackers being able to infiltrate homes and businesses to the detriment of their owners. As with any security measure, believing it is foolproof is foolhardy.

The current state of voice recognition is vulnerable. Research has shown that voice samples from something like YouTube videos can be accepted as approved speech patterns, and some hackers have been able to bury malicious commands in white noise to control voice-enabled devices.5 

According to Lior Atzi,6 Director of Product Management, Multi-Channel Recording & Real-Time Authentication at NICE, there are two major technologies being used to combat fraud in voice authentication: liveness detection and continuous authentication.

Liveness detection, as the name implies, is ensuring that the fingerprint or voice sample being used is real. Some attempts to thwart this security measure are synthetic voices and other implementations of artificial intelligence, but they haven’t yet progressed enough to cause a real threat. 

Continuous authentication repeatedly verifies an individual’s identity over the length of a session, rather than just once. This helps to overcome potential issues like callers changing in the middle of a phone call, or other tricks that a bad actor might use to get into someone’s account. 

The best way to secure accounts is with multiple layers of security. Using two-factor authentication, which requires multiple steps of validation like a password and a biometric, offer additional protection against theft and fraud. 

What are the Benefits of Voice Authentication?

Even with these security concerns, convenience is not the only benefit of voice authentication. So far, it is the only biometric that can enable remote verification, and even allows users to be identified and validated without needing to share personal or confidential information like Social Security numbers over a phone line.

This brings a level of equitable support to new demographics such as the elderly and disabled, enabling them to access accounts without having to remember passwords or answers to obscure questions. 

There’s also no need for special equipment like an expensive camera or external software. All a user needs is an existing phone line, smart phone, or web-based app, which allows businesses to be more inclusive of customers irrespective of their ability to understand or own different technologies. 

With a “bring your own device” process, no information needs to be stored on the user’s device as is required to use biometrics like fingerprints. The voice authentication process happens live and is managed by a remote, secure server. 

Best Practices

As with any type of security method, there are some basic best practices that organizations should follow to ensure their clients’ information isn’t at risk.

  • Establish a primary authentication method before any other method; this means choose one form of validation, be it a PIN, passcode, or biometric, before agreeing to using additional authentications.
  • Acquire explicit consent of the intended use from users for the security measure; for example, agreement of using facial recognition to enable payment transactions. 
  • Require the primary authentication method every 72 hours. 
  • Use a completely secure pipeline for all biometric data and handling. 
  • Keep all biometric data in a secure, isolated environment to prevent its acquisition by fraudsters. 

Conclusion

Voice authentication is here to stay, and it will only get bigger. The convenience and security it offers makes it a verification method that we predict whose use will only increase across industries.

If you’re interested in exploring how voice authentication can be used in your business, contact us today!

Headquartered in Silicon Valley, California, with R&D Centers in Ukraine and Poland, Softjourn, Inc. is a global technology services provider that finds custom solutions for our clients’ toughest challenges. 

Our 200+ employees skillfully evaluate, identify, and plan innovative, creative solutions. We become a trusted partner by proactively collaborating on all design, build out, and deployment. Contact us to give life to your ideas!   

 

1Juniper Research. (2019, December). Digital Voice Assistants
2Groenfeldt, T. Forbes. (2016, June). Citi Uses Voice Prints To Authenticate Customers Quickly and effortlessly.
3Citibank. (2017, March).  Citi Tops 1 Million Mark for Voice Biometrics Authentication for Asia Pacific Consumer Banking Clients.
4ABA Banking Journal. (2019, June).  Podcast: How Voice Biometric Authentication Improves Bank CX.
5Tektonika. (2019, November). The future of voice recognition security.
6Atzi, L. (2018, May). Can You Fool Voice Biometrics?

Softjourn is a global technology services provider that finds custom solutions for our clients’ toughest challenges. We leverage our domain expertise in Fintech, Cards & Payments, and Media & Entertainment (with a special emphasis on ticketing), to apply new technology that brings our clients' growing needs to life. Contact us to discuss how we can make your idea a reality!