Amplified security

As criminals develop increasingly sophisticated techniques to hack into computer systems, Paul Way of Nuance Communications investigates how the European Network and Information Security Agency is making consumers more alert to the risks of fraud

 
Feature image

Fraud is a rapidly growing problem for today’s businesses. The National Fraud Authority calculated that the private sector loses £12bn annually through fraudulent activity, while it costs each adult consumer £765 every year.

The debate around ultimate responsibility for fraud continues unabated. It’s often argued that the greater responsibility lies with organisations to provide more stringent levels of protection for their customers. This principle is encapsulated in the Banking Code, putting the liability to compensate consumers for any loss resulting from fraud firmly with the financial institutions, unless they can prove that the victim acted in a negligent manner.

However, businesses themselves have felt hamstrung by the sheer volume of the challenge facing them as the techniques used by criminal gangs become more sophisticated and the economic crisis simultaneously tightens their purse strings and restricts their ability to respond with force.

The economic climate continues to put companies under pressure to cut costs, including security budgets. Cancelling or postponing security measures essentially renders an organisation a soft target, leading to much deeper, longer lasting loss. It’s also a marketing disaster. During economic instability, inspiring trust in one’s customer base is essential. Robust security procedures to protect against fraud and ID theft are a crucial part to ensuring customer confidence.

While the introduction of chip and PIN is considered to have reduced the occurrence of fraud, the number of fraudulent card-not-present transactions is rising and provides a stark reminder that criminals adapt quickly to circumvent security barriers. It’s also worth bearing in mind that fraudsters are pragmatic and will alter their methods, depending on the changing level of risk. As organisations invest in securing online transactions, fraudsters are shifting their attentions to unsecured domains, moving the phone channel to the front line in the fight against identity theft.

The best defence is to stay one step ahead of the criminals, as well as the competitors’ security measures in the market place; which is why we’ve seen a groundswell of interest in biometric technology gather pace in recent years. Voice biometrics has come of age and is now becoming more widely used by businesses to secure transactions.

Voice authentication technology essentially proves a person is who they claim to be based on the unique characteristics of their voiceprint. It does this by analysing voice samples and logging their vocal tract length and shape, their pitch and speaking rate. These, and other characteristics taken together is called a voice print. When a genuine customer enrols with a system, a voice sample is collected and a voice print extracted and stored for future use. When the caller speaks to the organisation again, a second voice sample is collected and compared to the stored voice print.

This comparison generates a confidence score as to whether the voice matches the existing voice print – the caller is either accepted, and gains access to the system, or rejected as a poor match and passed to a security trained agent team. As a state of the art technology with a high accuracy rate, voice authentication is capable of accommodating changes in a person’s voice as a result of a cold or ageing. The adoption and flexibility of these solutions provide both the organisation and consumer the convenience to encounter different levels of security based on the task at hand. For instance, a simple bank balance check may require less or different security checks than transferring money between accounts.

Given a voice print is almost impossible to impersonate, it is infinitely more secure than a credit card or PIN. It is also the only biometric that can be verified remotely, making it the most convenient biometric to use. In fact, recent research from Nuance conducted via a Twitter poll found that nearly a third of consumers believe voice biometrics is the best method for verifying identities on their mobile devices.

It also provides a quicker mechanism to authenticate a user’s identity than traditional methods, enabling organisations to save time and money, while improving the customer experience. Furthermore, it is less invasive for the customer as it removes the need for lengthy and unpopular interrogation by call centre agents. By using automated voice authentication to fight fraud, organisations can recoup money and make identification and verification more convenient and more secure for the customer. Research from the centre for economics and business found that implementing automated voice authentication could save UK companies £1.4bn a year.

These benefits explain the escalated adoption of voice biometrics. According to Opus Research, over seven million registered voice prints support user authentication around the globe and the forecast of 25 million by the end of 2012 moves voice biometrics closer to fulfilling its market potential, estimated to be roughly $250m. It is particularly advanced in Canada, Australia and the US and is attracting increasing interest in the UK. Voice authentication is already being used, for example, to enable employees to securely reset their passwords and in curfew monitoring systems to verify that offenders are at home during restricted hours. It is also being used in banking and share trading in the US.

As a precise identification process, voice biometrics allows organisations to offer new automated services, previously only available via agents. These include personalised caller menus – such as “Your account balance is £650.00, and your last deposit was recorded yesterday, can I help you with anything else?” – as well as the opportunity to record a change of address without having to wait on the line to speak to an agent. These and other applications, lead to a more convenient and secure user experience and is a key asset in attracting and maintaining customers.

While other security measures add hurdles to accessing one’s own account, voice authentication effectively removes these barriers while keeping the good guys in and bad guys out. In short, voice authentication is a candidate for widespread adoption. Expect the “spoken token” to replace the prevalence of passwords and PINs in the near future.