Softjourn

Is Voice Authentication Secure Enough to be Your New Password?

With voice print technology, your voice could be your next password as this popular biometric starts to make waves in many different kinds of consumer-driven industries

It’s almost normal now to secure your phone with a fingerprint. But how comfortable are you offering a passcode using your voice?

Voice recognition, also sometimes referred to as voice authentication, is the next big biometric going global. By 2023, there will be 8 billion voice assistants like Siri and Google Home in use worldwide, according to Juniper Research. If you have one in your home, you might be comfortable asking it what tomorrow’s weather will be. Or to find out if that really was that Avenger’s guy in a new Netflix special. 

Smart speakers are on the rise, growing by 78% between 2017 and 2018. Our phones come packed with digital assistants like Bixby and others just waiting for us to speak a passphrase to order them into action.

But would you use your voice to verify your identity? There are many questions regarding how voice authentication works, is voice recognition secure, and how voice print technology can aid businesses and customers.  

voice authentication

How Does Voice Authentication Work?

Voice authentication is a biometric method of speaker recognition based on measuring the distinctions in different voices to uniquely identify users. Instead of a password, which might be forgotten or not strong enough to assure security, voice recognition allows people to use their voices themselves as passwords.

There are over 70 body parts that contribute to how a person speaks. Voice recognition technology works by digitizing a person's speech to create a template. This is also known as a stored model voice print. The technology reduces each spoken word to segments composed of dominant frequencies called formants. Each formant has several tones that collectively identify a speaker's unique voice print. These prints are stored in secure databases, just like fingerprints or facial scans. 

A good quality voice print is usually made from reciting a specific text or passphrase. This can be either a verbal phrase or a series of numbers. Just like using a touchpad on your phone a few times so the scanner can capture all angles of your fingerprint, a passphrase is spoken a few times to create a comprehensive sample. When a person uses the passphrase, certain words are compared with the stored voice print. 

Some systems don't rely on stored recordings, and instead are trained to recognize similarities between individuals' voice patterns.

How is Voice Authentication Being Used?

Financial institutions have been a big adopter of voice print technology. Citibank (Citi) uses voice authentication to verify customers within the first few seconds of calling into a help center. It also has the largest deployment of a voice biometric in the U.S. as of 2016.2

Citi started using the technology so that customer service representatives could skip tedious questions about customer’s pets, favorite sports teams, or a sibling’s current place of residence. The technology, provided through NICE, identifies 130 different physical and behavioral characteristics within a person’s vocal pattern in real-time, over just a few seconds. As of 2017, Citi reported enrolling a million Asian Pacific customers into their voice authentication program.3

Another example is the $1.2 billion Kennebunk Savings Bank in Maine. When the bank detected fraudulent calls to its call center several times per day, it deployed voice authentication. Customers opted into the program and recorded a short 30-45 second clip of themselves. This allowed Kennebunk to identify a customer within two to three seconds and shorten the length of time needed to verify and validate who’s calling.

Kennebunk reported 1,400 customers signing up for the program and that several fraud attempts were halted with the technology.

Overall, voice authentication helps banks and other businesses offer a more convenient customer experience for their clients while helping to fight fraud.

voice authentication security

How Secure is Voice Recognition?

But does that convenience come at the cost of security? There have been numerous stories in the news about hackers being able to infiltrate homes and businesses to the detriment of their owners using voice recognition security issues. As with any safety measure, believing that just one measure on its own is foolproof is foolhardy.

There’s still some ways to go in achieving absolutely secure voice identification. The current state of voice biometrics is vulnerable. Research has shown that voice samples from something like a YouTube video can be accepted as approved speech patterns. Hackers have been able to bury malicious commands in white noise to control voice-enabled devices.5 

According to Lior Atzi, Director of Product Management at NICE, there are two major technologies being used to combat fraud in voice authentication: liveness detection and continuous authentication.6

Liveness detection, as the name implies, is ensuring that the fingerprint or voice sample being used is real. Some attempts to thwart this security measure are synthetic voices and other implementations of artificial intelligence, but they haven’t yet progressed enough to cause a real threat. 

Continuous authentication repeatedly verifies an individual’s identity over the length of a session, rather than just once. This helps to overcome potential issues like callers changing in the middle of a phone call, or other tricks that a bad actor might use to get into someone’s account. 

What Type of Authentication Factor is Voice Pattern Recognition?

The best way to secure accounts is with several layers of security. There are three types of multi-factor authentication (MFA), also sometimes called two-factor authentication (2FA). MFA and 2FA is a method of login verification where at least two different factors of proof are required, such as a passcode and a biometric. 

Voice recognition is considered a type three MFA, or “something you are.” This includes any part of the human body that can be offered for verification, such as palm scanning, facial recognition, or retina and iris scans. 

MFA is much more difficult for an intruder to overcome. An attack on a system using MFA must overcome several obstacles simultaneously to impersonate the victim. This is extremely difficult, and thus a more resilient login solution.

What are the Benefits of Voice Authentication?

Even with these security concerns, convenience is not the only advantage of voice authentication. So far, it is the only biometric that can enable remote verification. It even allows users to be identified and validated without needing to share personal or confidential information like Social Security numbers over a phone line.

This brings a level of equal support to new demographics such as the elderly and disabled. It  enables them to access accounts without having to remember passwords or answers to obscure questions. 

There’s also no need for special equipment like an expensive camera or external software. All a user needs is an existing phone line, smart phone, or web-based app. This allows businesses to be more inclusive of customers regardless of their ability to understand or own different technologies. 

With a “bring your own device” process, no information needs to be stored on the user’s device as is required to use biometrics like fingerprints. The voice authentication process happens live and is managed by a remote, secure server. 

Best Practices

As with any security method, there are some basic best practices that organizations should follow to assure their clients’ information isn’t at risk.

  • Establish a primary authentication method before any other method; this means choose one form of validation, be it a PIN, passcode, or biometric, before agreeing to using more authentications.
  • Acquire explicit consent of the intended use from users for the security measure; for example, agreement of using facial recognition to enable payment transactions. 
  • Require the primary authentication method every 72 hours. 
  • Use a completely secure pipeline for all biometric data and handling. 
  • Keep all biometric data in a secure, isolated environment to prevent its acquisition by fraudsters. 

Using the above steps provides a great baseline for any company to keep their clients’ information safe. It also provides a foundation to start adding more levels of authentication to create an even stronger verification system.

Conclusion

Voice print authentication is likely to grow in popularity because of improvements in accuracy, caused largely by advances in AI. This growth is also due to heightened customer expectations for quick, easy access to information. Voice biometrics enables fast, frictionless and highly secure access for a range of use cases from call centers, mobile, and online applications, to chatbots, IoT devices, and physical access.

The convenience and security it offers makes it a verification method that will only increase in use across industries.

 

1Juniper Research. (2019, December). Digital Voice Assistants
2Groenfeldt, T. Forbes. (2016, June). Citi Uses Voice Prints To Authenticate Customers Quickly and effortlessly.
3Citibank. (2017, March).  Citi Tops 1 Million Mark for Voice Biometrics Authentication for Asia Pacific Consumer Banking Clients.
4ABA Banking Journal. (2019, June).  Podcast: How Voice Biometric Authentication Improves Bank CX.
5Tektonika. (2019, November). The future of voice recognition security.
6Atzi, L. (2018, May). Can You Fool Voice Biometrics?

Softjourn is a global technology services provider that finds custom solutions for our clients’ toughest challenges. We leverage our domain expertise in Fintech, Cards & Payments, and Media & Entertainment (with a special emphasis on ticketing), to apply new technology that brings our clients' growing needs to life. Contact us to discuss how we can make your idea a reality!