Voice is long recognized as a viable authentication method, because just like a fingerprint or iris, voice is unique to the individual. But now a variety of factors – including the widespread acceptance of speech-enabled services and smart assistants such as Siri, the advance of smartphones and tablets, and the explosion of mobile commerce and banking – are moving voice biometrics up the global business agenda. Voice biometrics, a numerical model of the sound, pattern and rhythm of an individual’s voice also known as a “voice print,” sits at the center of solutions and technologies aimed at preventing fraud, protecting privacy and improving security. To offer the industry an opportunity to share experiences and trade best practices Opus Research, an analysis firm providing research around voice services and conversational commerce, organized Voice Biometrics Conference 2012. We catch up with Dan Miller, Opus Research Senior Analyst, to discuss highlights from the recent voice biometrics conference and identify the key trends and developments driving new growth in voice biometrics implementations around the globe.
Nuance: You just held your annual Voice Biometrics Conference. What insights did you take away from the event?
Dan Miller (DM): The conference was timely. It’s not just because the technology is mature; it’s because the discussion in the industry is more about what can happen now that we can combine accurate speech recognition with artificial intelligence to really understand the intent of callers. That’s when a lot of lights go on about where voice biometrics is going.
At the same time we can think of new use cases for voice biometrics, we are also seeing significant growth in implementation and take-up. I estimated that we’re at around 10 million voice prints. But then Nuance showed the slide at the conference- based on their implementations alone – that reveals we’re at well over 15 million voice prints. So, it’s growing rapidly.
Nuance: What is driving this tremendous growth?
DM: There are three layers to this. One is the technology. Vast improvements have been made around the ease with which people can enroll. Enrollment is the capture of voice samples from an individual with the intent of creating a voiceprint from the unique characteristics or features of their speech patterns. Up until now enrollment has been something of a speed bump. But now consumers understand and use speech services, and companies have also gotten better at training their staff and setting up the protocols and procedures that make it easier to enroll customers.
The second is geographic expansion. We’re witnessing huge implementations of voice biometrics across more countries by more verticals. What’s funny is this all started in Australia, for some reason. The banks, the government and the healthcare providers in Australia have been the most aggressive. They were quick to use voice biometrics and voice signatures as part of their authentication strategies. But now there are initiatives elsewhere. In Canada BellCanada has been able to enroll roughly 4 million registered customers. In Turkey Global Bilgi, a fully owned subsidiary of Turkcell, made the decision to incorporate voice signatures into the flow of customer care – a move that has proven to be a watershed moment for the cause of voice biometric-based authentication proving the technology supports secure and expeditious customers care. At the same time, in Western Europe, North America and across Asia, a number of large enterprises have incorporated voice prints into their password management protocols, specifically surrounding password reset. That’s an “evergreen application” with a built in ROI.
Third, voice biometrics is driven by mobility and mobile commerce. We use our phones much more than every before; it’s going to be our wallet, our loyalty card, the remote control for our TVs and how we control our homes – turning down the lights and regulating the temperature. At the same time, voice is how individuals search, command devices and interact with mobile assistants like Siri and Dragon Go! All the pieces are coming together, and voice just makes much more sense when we’re already using our phones to do so much more.
Nuance: The mobile phone, as you pointed out, is the remote control of our lives – and much more. How does this all come together to power secure commerce?
DM: Connect the dots, and voice biometrics becomes a precursor and a prerequisite for what I call ‘trusted commerce.’ When you start thinking of developments that have been going on in the identity management and security industry around irrefutable assertion of identities, and when you look at how a voice print is a strong enough indicator of who I am, then you start to realize the real and powerful potential of voice biometrics to enable e-commerce and mobile commerce. Consumers can use voice to authorize a payment – and within a larger context that takes into account everything the online merchant knows about the customer and what the customer wants revealed about themselves at that point.
As people carry out more e-commerce and other routine activities on their phones, biometric-based security will help prevent fraud in general. Moreover, during each conversation, strong authentication promotes “trust,” meaning that both parties can have confidence that they are in touch with the individual that they want to carry out business with.
Nuance: Please walk me through the other use cases that support your view that voice biometrics is on a growth trajectory.
DM: In the enterprise voice biometrics was all about enabling specific tasks, such as password reset or authenticating employees before allowing them access to corporate information. But we’re also seeing that voice biometrics has a new role now that the whole ‘Bring Your Own Device’ movement has arrived, and business executives expect their IT departments to support their iPhone, iPads or Android phones and tablets. As soon as the CEO and CMO start using their devices for both work and personal use, it becomes more important to the CSO (chief security officer) to make sure his systems authenticate the person who’s in possession of that device. The move to mobile in the enterprise makes user authentication more important than ever because it is no longer sufficient to merely secure hardware endpoints. Participants want assurances that the individual at that endpoint is the person he or she claims to be. Companies need more robust security methods, and this is where voice biometrics comes in.
We’re also seeing an acceleration in the use of voice biometrics in high volume contact centers where there is a clear ROI around shortening the time it takes to authenticate an individual caller. Finally, we’re seeing more deployments by financial institutions and commercial banks aimed at authentication in order to provide excellent customer service. This activity is also driven by government efforts to prevent fraud and protect privacy.
You are seeing more implementations across more verticals, and you envision a huge impact on e-commerce and mobile commerce. What are some best practices you have observed or can offer?
A big part of this, particularly when we talk about ‘Trusted Commerce’, is about delivering a good user experience. It’s not clear who will actually implement commerce services – it could be a telecommunications carrier, or it could be a company more involved in handling the actual payments – but it is clear that it’s about identifying and authenticating customers quickly and easily, without having to educate the public to use the service, so everyone can get down to business.
Financial service providers and government agencies are going to propel voice biometrics-based authentication into their customer care workflows. As they do, they will be reciting the latest mantra in for best practices in secure trusted, commerce, that it support “multi-layered, multi-factor and risk-aware authentication.” Multi-layered simply means that more than one approach be taken to user authentication and risk-aware means that the number of layers that are applied should be based on the level of risk involved in a transaction. In other words, a four-digit PIN may be all that is needed for an individual to find out the balance due on a credit card because it is a “low-risk” transaction from the bank’s perspective.
Transferring $200,000 to an offshore bank account should require stronger authentication and another layer would definitely be applied. In this case, the transaction may be held up until a bank representative confirms the identity of a caller, most likely by asking “challenge questions.” Other “unexpected” instances may trigger suspicion from a financial institution. For instance, an individual may initiate a transaction from a phone or PC that is in an unexpected location – Bangor, Maine, when they were last detected in Bangalore, India (for instance). Strong authentication is “multi-factor” by definition. The three possibilities are “something you know” (like PIN or password); something you have (like an ID card, phone or electronic token); or something you are – meaning a biometric – which is where voiceprints come in.
Alternatives to voice prints include fingerprints, face recognition, iris scans, DNA samples and any number of other forms of pattern recognition – like gait analysis (how you walk) or keyboard dynamics (how you type). Voice prints are proving to be easy to capture. Comparison of voice samples to voice prints is proving to be as good as or better than other biometrics in terms of supporting reliable imposter detection when used in the field.
But the real drivers of adoption are the ease with which mobile subscribers can be authenticated and the ease with which solutions providers in government, banking and security can incorporate voice biometric-based authentication into their products and services.