The Dangers of Using Legacy Technology for Voice Biometrics.
A BBC article detailed a voice biometric ‘hack attack’ by twin brothers on their HSBC account. It highlights weaknesses in the legacy technology used by some solutions that can be avoided by implementing next generation voice biometrics.
Next Gen Technology
Next generation technology has a number of threat detectors and features to defeat fraudsters and hack attacks. This ensures system security and user privacy whilst being easy and simple to use.
A properly designed and deployed solution would not allow multiple verification attempts. As soon as a user’s behaviour indicated a potential security threat such as attempting multiple verification’s within a short period, the system would trigger security protocols to protect against fraud and identity theft.
While legacy systems use a single background model for all speakers, next generation voice biometrics use a model for each individual to improve performance and lessen the risk of ‘spoofing attacks’ on users.
Additional Security Measures
Another technique is the use of random ‘spoken tokens’, as opposed to fixed passwords or phrases. This approach uses random digit strings or words to verify users to prevent the threat of pre-recording. The system needs the authorised account holders voice saying the correct response to a random question to gain access.
A good voice biometrics solution is designed with the ability to recognise the underlying characteristics of a synthetic voice (where technology is used to manufacture speech to sound like the account holder) which have a distinctive characteristic that can be detected by technology. If a synthetically manufactured voice is identified, security procedures can be invoked to protect that account and potentially identify the hacker.
Additionally, technology brings in information known about the device that is being used and the location it is being used from. If there is heightened uncertainty based on the device being used or its location, then the security settings are increased to counter any potential threat.
There are many other security features which are not publicised as some of these unpublished features help banks and other organisations to identify fraudsters and prevent identity theft. A good biometric solution ensures user privacy, helps prevent identity theft and fraud and, of course, makes it easier to deal with businesses and government departments as there is no PIN to remember, no password to forget.
“We believe voice biometrics offers a significant step forward in improved customer experience, fraud prevention and cost of service delivery (through reduced average handling time) when compared to traditional identification & verification processes, such as passwords, PINs and memorable words. This is especially true for the next generation technologies which we champion, which not only provide secure and private access when dealing with contact centres, but also across digital channels such as apps on mobile phones and web chat on company websites. The success of the technology not only relies on the capabilities of that technology but crucially how the customer experience is designed and implemented along with how the technology is architected and integrated to other systems to more effectively identify and then adapt its response to possible fraudulent activity”.
Martin Cross, CTO, Connect Managed Services