Voiceprints aim to add new security

It’s one thing to know your colleagues and customers by name and face. It’s quite another to know them by the lengths of their vocal tracts and the ratios of their larynxes to their sinuses.

That’s how identity verification systems that employ voice biometrics technology distinguish between Mike in human resources and Mr. VIP, your company’s most lucrative client.

Known as voice authentication or verification, these systems take into account certain physical attributes before forking over access to whatever they’re meant to protect.

Voice verification usually works something like this: a user, be it an external customer or an internal employee, enrols in the system by speaking their name or a password into the phone. The verification system creates a mathematical representation out of what it hears and stores the information as a voiceprint.

The next time the user calls in, perhaps to check up on an account or to reset the password guarding a corporate app, the system compares the user’s voice to that stored info, and either grants access, or denies it.

Some enterprises are looking into voice verification for password resets, which can account for 30 per cent of the calls that the average help desk department receives. If users could reset their passwords without talking to help desk employees, that would decrease some of the burden on the IT staff.

Other companies view voice verification as a customer service tool, a way to expedite the authentication process so clients can do telephone banking and such.

That’s what Scotiabank is investigating voice verification for. According to Rick Davidson, Toronto-based senior manager of new technology, smart voice systems could spell improved customer service at this financial services firm.

“Our customers love telephone banking, but something some customers have an issue with is they have to remember their 16-digit Scotia card number,” he said, pointing out that 16 digits, plus the four-to-eight-digit password, is a lot for users to remember. And if the user punches the wrong number on the phone keypad, she has to start from scratch. “It’s just not top-quality customer service,” Davidson said.

Voice verification could change that. “Using this type of technology, they would say something they know, like their phone number for example, or maybe their date of birth, and we can do the voice verification match, as well as match the answer to the question we ask them through voice recognition, and authenticate them right away.”

Davidson said Scotiabank is doing a proof-of-concept on Vocent Solutions Inc.’s voice verification system. That’s not to say Scotiabank is ready to turn it on today. Davidson said this is the fourth such system that his firm has investigated in the past two years or so. Although it seems good, there are still plenty of questions. What will customers think? What will managing it do to the IT department’s workload?

According to a Frost & Sullivan report commissioned by Mountain View, Calif.-based Vocent, companies have other questions about voice verification. Is it accurate? Is it user friendly? What happens if a user records their voiceprint on a cell phone and later calls in on a landline phone? Will that confuse the system?

Vendors are trying to answer those questions and prove that voice verification deserves to go beyond proof-of-concept.

On accuracy, Vocent’s spokesperson Jeff King said his company’s DecisionMaker verification technology takes multiple factors into account before offering access. It compares the user’s voice to the voiceprint, checks the caller ID for a match, and asks for the person’s password, to see if he knows what he’s supposed to know.

“The benefit to the business is their live agents don’t have to ask a bunch of questions,” King said. “They can simply say, ‘How can I help you?'”

User friendliness depends on the security threshold. A super-high threshold might reject genuine callers from accessing the information they seek. A lower threshold is more user friendly, but if it’s too low, fraudsters could get in.

“Striking that balance in the past was a kind of black art,” King said. “We’ve incorporated that into our product, so we know how to meet the balance between security and convenience. We work closely with the customer to make sure DecisionMaker is mapping to their existing business rules.”

According to Sarah Lyall, marketing manager at The Ottawa Telephony Group Inc. (OTG), a voice verification vendor headquartered in Ottawa, security is a matter of user education. OTG offers a tutorial to help users along.

“If users view that tutorial, they’re more inclined to create a better voice enrolment sample, so when they verify their voice, they’re much more likely to provide a precise sample to compare to the robust, stored model. The better the user is at understanding how voice verification works — don’t chew gum and try to enrol; don’t enrol on a speaker phone for background noise — then we can set the acceptance threshold higher.”

OTG’s applications — SecurPBX for phone system security and the Help Yourself suite for things like password resets — run on ScanSoft Inc.’s SpeechSecure verification engine, which employs a number of algorithms (dynamic time warping, Gaussian mixture model and natural tree network, Lyall said) to ensure accuracy to such a degree that recordings cannot fool the system.

As for installing voice verification systems, Lyall said OTG’s apps require some hardware preparation on the customer’s site, but it’s not particularly burdensome. The firm stands by clients with first-year support.

“Really the greatest problem people have is finding the PBX administrator or the telecom engineer able to assist with telephony preparation and PBX set-up before we even get on site,” Lyall said, pointing out that sometimes OTG’s contacts in the enterprise aren’t up on just who the telecom manager is in their 10,000-employee firms. “It’s all very simple, but you need to project-manage.”

King from Vocent said it takes 60 to 90 days to install a voice verification program. Vocent offers two apps: Password Reset and Confirmed Caller.

“We would come on site, hook it up to their telephone system, hook it up to their back-end systems, which typically consist of customer profile databases and such. We would configure the dialogue to meet their security and convenience requirements, and customize the prompts for their customer base.”

Lyall said Canadian companies are not as quick as U.S.-based multinationals to embrace voice verification, although the federal government seems interested in the technology as a way to ensure security for its public access systems.

Davidson at Scotiabank said his company is taking the slow road. “We’re not saying we’re looking at launching voice verification. We won’t know that until we finish more of our pilots.”

Still, “the stuff we’ve looked at so far looks promising,” he said.

Related Download
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center Sponsor: Lenovo
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center
Find out how Hyperconverged systems can help you meet the challenges of the modern IT department. Click here to find out more.
Register Now