Traditional login systems have enjoyed a remarkable longevity, writes Piergiorgio Vittori. Today, though, they’re no longer fit for purpose. The problem is not with the concept of the username and password combination. Rather, it’s that the system relies on the weakest element of any information security chain: the human being.
The inventor of the ATM, namely John Shepherd-Barron, famously chose four digits as the standard PIN code because his wife claimed that she couldn’t remember a longer one. The payment card/PIN combination has not traditionally been a problem because it’s a two-factor form of authentication, requiring a token and a password. However, in the digital world, where no token is required, we tend to opt for an insecure, easy-to-crack password such as ‘123456’, ‘qwerty’ or that perennial favourite ‘password1’ as we’re no longer able to remember several dozen passwords now required at home and at work.
Thankfully, weak passwords will soon be a thing of the past, replaced by a far more secure method of authentication: our voice.
Biometric authentication has a long history – first in our imaginations and then in reality. In the 1968 Science Fiction epic ‘2001: A Space Odyssey’, the spaceship’s computer HAL 9000 could identify humans by their “voice harmonics”. Fast forward to 1987 and ‘RoboCop’ realised facial recognition. Two years later, ‘Back To The Future 2’ predicted fingerprint scanners. Today, we’re beginning to see these technologies replace passwords as a secure means of authentication.
Fast forward to today and we start to see these technologies replacing passwords as a secure means of authentication. In the UK, some large organisations – among them Lloyds Bank, the Halifax and Vodafone – are starting to deploy voice biometrics.
Replacing password authentication
Advances in Artificial Intelligence (AI)-led voice biometrics technology now mean that it’s ready to replace traditional password authentication systems, bringing many significant advantages not just limited to logins. However, not every biometric authentication system is created equal. It’s important to recognise the differing capabilities of several authentication systems on the market today.
Traditionally, we’ve tended to consider biometrics as a whole without looking at the various advantages and disadvantages of voice recognition, fingerprints and facial recognition. It’s easy to think that each one provides the same degree of protection against hackers, but in truth each of these methods provides very different levels of accuracy and usability.
Much is made, for example, of the uniqueness of human fingerprints, but this owes more to our fascination with the wonders of the human body than it does to the actual security benefits. It’s perfectly possible to ‘clone’ someone’s fingerprint to break into their device, while there have been disturbing reports of people using a sleeping person’s finger to unlock their phones. It’s true that most of the new generation smart phones have built-in fingerprint recognition features, while some offer ‘four fingers’ authentication for greater security. The problem with these systems is that they require a smart and fairly expensive device with a built-in HD camera to capture the prints, and this significantly limits the accessibility of this method.
When it comes to facial recognition, many security concerns have surrounded the technology itself, with San Francisco banning facial recognition outright.
In light of these weaknesses, the most reliable and practical way to authenticate users could well be voice biometrics.
More secure customer experience
Companies are increasingly aware of the potential damage of data breaches, both from a reputational viewpoint and, of course, in terms of the hefty fines mandated under the General Data Protection Regulation, etc. At the same time, they understand the consequences of time-consuming and complex authentication procedures that can lead to a great deal of frustration and damage consumers’ perception of their brand.
Businesses are, therefore, searching to balance information security with protecting the customer experience. Voice biometrics technology promises one of the safest and most convenient methods of authentication available today. One of the key advantages is that there’s no need for specialist equipment to use voice biometrics. The technology is transparent and doesn’t require user or device activation, an expensive HD camera or an external application.
Consumers can use a traditional telephone line, a smart phone or a web-based application, which then also enables organisations to deliver more inclusive customer services to all users irrespective of their age, income levels, proficiency with smart tech or their ability to afford a smart phone in the first place.
Voice verification happens ‘live’ throughout the conversation, safeguarding against any change of circumstances – or people – on the other side of the line. Another important point is that, with voice biometrics, there’s no need for the user to share any personal or confidential data to be authenticated. Their voice sample is all that matters.
Overall, voice biometrics technology provides a much safer and universally-accessible method of securely authenticating customers. What’s more, such intelligent AI-led technology is able to pick up and recognise callers’ sentiment and intent. If you’re calling your bank and asking them to transfer a large sum of money over the phone with an undertone of frustration in your voice – let’s say that there’s a possibility you’re being held at a gunpoint – the technology will give you a ‘lifeline’ by suggesting that the system’s currently down and ask you to come into one of the nearest bank brunches to process the payment.
Technologies such as Passive Voice Biometrics go even further by facilitating customer on-boarding. Instead of making the user repeat a sample phrase several times until the system captures enough samples required for authentication during the on-boarding stage, Passive Voice Biometrics allows for the user ‘voice print’ to be created during a normal conversation. Once the user gives their consent, the agent can capture their ‘voice print’ and verify the identity of the caller. Next time the user calls the organisation, they can speak freely to authenticate themselves – all while resolving their problem and having a meaningful conversation.
The technology provides a practically seamless way of passing through security: it’s quick, intuitive and secure, ensuring a great customer experience.
Harnessing the power of AI
Voice biometrics technology has come a long way in the last few years, not least thanks to AI. AI-driven voice biometrics tech works by ensuring a user’s unique voice (in a natural language live interaction) is compared with the voice print stored in a database in real-time over the course of the entire conversation based on numerous parameters. The solution is therefore very difficult – if not nearly impossible – to hack. Since there’s no set of static data required in the interaction that could be recorded, it’s incredibly difficult for a fraudster to gain access to someone’s account or profile.
What’s more, voice biometrics can also be used actively in the fight against the same fraudsters. If an attempted fraud is detected, it’s possible to use the audio obtained to create the fraudster’s ‘voice print’, which will then be added to a blacklist of fraudsters. The result is that anyone who has been caught committing fraud over the phone will be reported and obviously easily detected in the system at any further attempt.
As a method of detecting and discouraging fraud, voice biometrics is an incredibly convincing solution for many business sectors. Above all, it’s the basis of a superior and user-friendly customer experience.
Alongside these advantages, the great thing about voice biometrics is that it doesn’t rely on the user remembering a password or having a physical token to hand. The technology can recognise speech patterns and modulations that are impossible for even the best impressionist to mimic.
Of course, organisations don’t have to rely on voice as their sole means of authenticating customers. It’s both possible and advisable for businesses, and in particular security-conscious industries such as banking, to combine voice with other methods of two-factor authentication such as tokens and – yes – passwords where appropriate.
Voice biometric systems provide the simplest, most effective and secure way to identify any caller. Moreover, this technology promises to solve one of the most pressing problems facing organisations in a range of industry sectors: how to deliver secure, yet seamless authentication for the customer base.
Piergiorgio Vittori is Global Development Director at Spitch