Australian insurance company, ahm, is successfully using voice biometrics to verify the identity of members
Harnessing voice talent
VeCommerce's Brett Feldon explains why the unique characteristics of voice biometrics can help in the fight against fraud, money laundering and terrorism and how Australia is pioneering the developing technology
There is no doubt that fraudulent activity is growing at an alarming rate. In 2004 the UK's fraud prevention service CIFAS said it found 7,200 cases where fraudulent applications were successful in obtaining an insurance policy or credit agreement. By 2007 this number had rocketed to 14,500 and the numbers of cases logged had risen by more than 24% compared with three years ago, costing UK businesses an estimated £1.7bn every year. In addition to gangs of professional fraudsters, organizations are also having to act against dangers from more nefarious quarters including individuals or groups involved in money laundering for either criminal or terrorist activities. As a result there is mounting pressure on financial institutions to step up security, especially with the introduction of a new AML (anti-money laundering) Directive in December 2007. A failure to act will potentially expose customers not only to fraud but also possible terrorist attacks. There are also strong financial drivers to tighten security including hefty fines for non-AML compliance, damaged reputations and the substantial monetary losses from fraud that organizations suffer every year.
Regaining Control
What is necessary for the industry as a whole is a complete re-think of their current strategies and methods for combating fraud. Long gone are the days when professional fraudsters rifle through dust-bins for information, the smart guys recognise that they can find all the data they need to know about individuals on-line whether its through phishing or even social network sites such as FaceBook. This means that any system that relies totally on personal details such as 'address', 'mother's maiden name' and so on to protect bank accounts and/or other valued policies is fundamentally flawed. Recent data loss incidents by the HMRC and also a major UK bank show that sensitive information is not being given the protection or respect it should. Not only can data fall into the wrong hands by accident, but it is just as likely that infiltration and abuse of data can come from within. The dilemma that organisations face is that there is insufficient and inconsistent control over access of data, enabling records to be available to too many employees, whether they are call centre representatives, administrative or technical staff.
Remove reliance on personal data
So can we use technology to replace this reliance on personal data? Well the simple answer is yes we can. Biometrics, the measurable characteristics of individuals based on their physiological features or behavioural patterns can and are being used by organisations to recognise and authenticate the true identity of their customers. Furthermore, the type of biometrics which is gaining the greatest ground, especially in telephone-based operations and for remote authentication is 'voice' because it requires no additional hardware such as a reader to work and you don't have to physically present - it's also probably the least intrusive of all biometrics and is therefore likely to have minimal resistance from users. The interfaces too are already familiar, for instance it can be used via a standard telephone or if on the web, via a microphone. Compared with using personal data for identification, our voices are unique to us and cannot be exactly replicated therefore removing the chance of impersonation. As a result, using voice for verification rather than information that could be obtained by other persons means that it will no longer be so critical for organisations or individuals to safeguard vulnerable data records, the only record that would be required would be an encrypted voice print which can be stored at a central location and accessed only by qualified technicians
Fact or Fiction?
In the past biometrics has been viewed as science fiction rather than fact, but the good news is that technology has now matured and is now a commercially viable technology, and with the new ISO 19092:2008 standard, banks and other financial services institutions now have an agreed framework and standards that they can use to implement the technology successfully.
So how could voice biometrics be used, how reliable is it and how does it compare to other methods? Voice biometrics provides multifactor authentication of an individual's identity through the unique properties of an individual's voice and eliminates the need for remembering identifiers such as PINs, passwords, mother's maiden name, etc. or for having special equipment such as PIN pads or fobs. Whilst the latter can be forgotten, lost or stolen, the voice remains consistently unique and convenient to use. Over the last 12 months many financial institutions have rolled out card readers as a solution for providing second factor authentication for on-line banking customers. However these have several drawbacks. Not only are they expensive to produce but they are also costly to support with the continual loss of both passwords and the actual readers themselves. They also do not work 'out of band' and are vulnerable to 'man in the middle' attacks. On the other hand, a voice is something you will always have with you and can't be forgotten!
So how does voice biometrics work?
Given the sophisticated level of technology involved, it is surprising how simple it is to deploy a system and more importantly to enrol a voice-print. On average it takes less than 2 minutes for an individual user to enrol their voice based on specific text such as name and account number. The system measures many aspects of the user's voice, such as the shape of the vocal tract, and stores this voice print in a secure manner for the individual. When their identify needs to be verified, they can simply say their details. If their voice matches the voice print stored on file, then the person is given the authorisation to access an account, transfer money and so on. This takes less than 30 seconds and also by-passes the need for the individual to have to run through a series of tedious ID checks such as passwords, address details and so on.
Who is using the technology today?
As the technology has matured and accuracy has improved, the commercial world is finally beginning to recognise the scope and potential applications for voice biometrics. For example in Australia, ahm (Australian Health Management), the country's 8th largest insurance company is successfully using the technology to verify the identity of members when they call to make a claim or for any other customer service issue. Although the main driver for this project was originally to reduce the length of time the caller had to wait before speaking to the right department, the company acknowledges how it also combats fraud. With over 35,000 users registered, ahm is one of the World's first large scale commercial adopters of voice biometrics to identify that customers are who they say they are.
Aussie Rules
Australia can certainly be considered a pioneer when it comes to adopting biometrics and many antipodean banks are currently trialling the technology. Not only will this provide heightened security for customers and allow them to differentiate themselves in the marketplace, they will also be able to comply with AML legislation and address the problem of money-laundering, ensuring that there is complete transparency of who or what organisation is transferring funds, opening accounts and so on. Using voice biometrics enables you to unequivocally identify who is involved as well as keep a detailed record and audit trail of all transactions made. In the next 12 months, it is expected that many European banks will follow the Australian example and start to roll out voice biometrics. This will be a positive step forward for both financial institutions and their customers as well as a major blow for organised crime and terrorism.
Unique benefits of voice biometrics in combating fraud
· Consistent & standard method of verifying the identity of people
· Provides additional security and privacy for customers by protecting personal details
· Restricts employee access to customer information (Voice biometrics can also be utilised for employee login and password resets to ensure information access is for authorised persons only
· Reports can be archived and easily accessed historically to support record keeping requirements (ensures compliance with AML legislation)
· The secure voiceprint storage environment cannot be compromised or 'reverse engineered' to reveal identity information
Brett Feldon, General Manager EMEA at voice biometrics specialist VeCommerce
www.vecommerce.co.uk
