In this day and age, passwords are no longer enough.
If you’ve ever watched a spy movie, you’ve seen things like vaults and secret rooms protected by multi-factor authentication such as facial verification, fingerprint recognition, and retinal scanning. It's usually the madman trying to bring down the world that uses these tools. He’s uber-rich, so of course, he could afford it.
This type of technology used to seem like something only imaginable in the context of a high-budget action film, and on top of that would only be available to the billionaire villain character. But over the years, these things have become less fictional concepts and no longer out of reach. Every time you pick up your smartphone, your face gets scanned to authenticate you as the rightful owner of the device and the information on it. Or maybe you have an older model that recognizes your fingerprint. Things we once thought of as unaffordable and unobtainable are now part of everyday life. And we've gotten to the point where we don't even think twice about it.
What are biometrics?
This technology is called biometrics, the science of uniquely identifying biological characteristics used to authenticate a person. Biometrics makes processes more simplified. You no longer must remember ten different passwords depending on the application you are using; you only need your face, fingerprint, or voice.
Businesses use biometrics for their users' convenience, security, and fraud prevention.
Your call center is the weakest link for fraud
In a recent Forbes survey, 51% of financial services companies surveyed identified the call center as the vector of choice for account takeover attacks. Most call centers use knowledge-based authentication. How often has an agent asked you for your account number, the last four digits of your social security number, or your mother’s maiden name? This information is not complex for scammers to obtain with hacks of vulnerable details (it seems every day there is a new breach reported) and the use of social engineering. Combine that with an undertrained agent, and it is a recipe for disaster.
Your voice is your password
Many organizations are implementing the use of voice biometrics to combat this. Instead of asking for a password or account information, a system authenticates a user’s identification by “listening” to their voice.
Active vs. Passive
There are two types of voice recognition technology:
- Active: This asks the user to say specific words and terms and compares them to a recorded file. "Tell me____"
- Passive: This method uses continuous validation and listens to the voice while the user has a natural conversation with an agent.
In both types, the user must go through a routine of recording their voice upon account set up to establish a baseline. With active, during enrollment, the user will go through a series of enrollment questions and be asked to say things like, “Please say my voice is my password,” two or three times. It might ask for a few different phrases or repeat a series of four or five digits. And then, it will record how the user says these things. Later, when the user calls in, the system will ask them again to repeat, say a random set of digits, and then it will compare against those previous recordings.
Passive uses a similar enrollment process, but it is a bit different. In this case, it will collect snippets of information – maybe around 15 seconds worth of audio from the customer. For example, it may ask, in a few words, to explain why they are calling. It does not affect routing, but it's being used for voice biometrics to validate.
So, is one better than the other? It all depends on preference. Active recognition goes through a routine process of saying what someone may know has been captured previously and having them say the same things over. With passive, it gets the person in more of a natural state and compares what they're saying to the collected snippets of information to determine whether it matches, looks the same, and is this the person they say they are.
How it works
I've been using "listening" in quotes because what is happening is a process of converting audio into data patterns, like voice transcription. A typical voice biometric solution essentially converts sound into an image, if you will, then compares it to the known images it has on file. The software can even tell when a live person is talking on the phone or if someone is trying to spoof the system with a recording.
Perhaps you’ve seen a television show like Forensic Files in which a fingerprint is placed over another print to see if it is a match. That's what this machinery is doing. It's looking at what it captured. It turns that sound into an image –a graph and waves. And then, it will compare it to the saved version to see if it looks the same. Either it's a 100% match, a 0% match, or somewhere in between. It then returns a confidence level and depending on the platform used; an agent may see a green, yellow, red kind of acknowledgment and then know whether or not to proceed to give any details to the caller.
What industries are using voice biometrics?
Any organization with a contact center can benefit from the use of voice biometrics to help prevent fraudulent activity and improve the customer’s experience with ease of use.
The most common industries currently implementing voice biometrics are those with the most sensitive information and the most to lose, primarily banking, financial, and medical.
Even so, there is an increased interest across industries to improve ease of use in their applications. Airlines, for instance, are seeing the benefits of an enhanced experience for their customers. Think of frequent fliers needing to change flights easily. Pharmacies are another– with customers using self-service methods to refill prescriptions. Any industry with account holders that need access to sensitive information can benefit.
But isn’t this technology expensive?
While the technology has been around for decades, the problem was that it was so expensive for any organization to implement; most just stayed away. It has become more affordable, but there is still a high added cost. However, it is considerably less when weighed out against the price of repaying victims of fraud, lawsuits, and loss of future profits from a breach incident due to lack of confidence. Businesses are tired of losing money to fraud – incorporating technology is less expensive than replacing stolen money. And with social media and the sharing of information, all it takes is one bad customer experience to sink a company’s reputation. Likewise, positive customer experiences and good word-of-mouth result in improved ROI.
Voice biometrics is just one of the many biometrics being used and developed today. Everyone has a digital footprint, and organizations no longer need to rely on just one way; they are looking at a combination of things.
Geotagging uses location to authenticate the caller. If someone calls, the technology can identify they're in XYZ location and then use voice identification to confirm the caller is who they say they are. But if all of a sudden, a call is coming from somewhere entirely new or different, the agent can be alerted that the call may be fraudulent.
Some solutions go a step further and can identify the type of phone the caller is using. For example, some software can notify an agent that the last time a user called in from a particular phone number, they were using an iPhone 12; however, this time, they are calling on an Android or using a VoIP device from a foreign country. In conjunction with voice biometrics, this information can use that information to further red flag potential fraud.
These are just two additional examples that can work with voice biometrics to ensure authentication, protect valuable information, and enhance the user experience. Businesses are learning that it isn’t about verifying only one way –not just using an account number and a password. They're using the account number, the password, voice, eyes, fingerprints, location and are putting it all together.
Biometrics are the wave of the future. Just like that villain in the spy movie, scammers will get more intelligent, and their technologies will get more advanced, so organizations must stay one step ahead.
Howard S. Leary II
VP, Solutions Consulting