The future is upon us. Companies are now starting to adopt technologies that can verify identity which were once thought overly futuristic (HAL had no problem identifying Dave in 2001: A Space Odyssey). Fingerprints are no longer the only unique body identifier: irises and even ears are now on the list of biometric authentication tools. But the identification opportunity that’s the least understood is voice biometrics, mostly due to misconceptions about what voice biometrics actually is and whether it is secure.
Let’s take a couple minutes to dispel some of these misunderstandings, so you can determine if voice biometrics is the best way for you to provide a seamless authentication experience for customers.
Myth #1: People can overhear me and will be able to steal or use my password.
For more than 20 years the internet has been telling people to “Never give out your username and password or very bad things will happen.” Even my own son was leery of typing his password with me looking over his shoulder (granted, that may have been due to good reasoning). Keeping one’s password safe is just good sense. Why would I speak my password somewhere where fraudsters could hear me?
The important distinction with this misconception is your voice is your password. Voice biometrics leverages more than 100 unique speech characteristics to create a unique voiceprint (just as individual as a fingerprint) for each customer. The words you speak do not grant you access to your account – the unique characteristics of your speech pattern are your password. There are both physical and behavioral characteristics of a person’s voice. Physical characteristics such as the shape of your vocal tract, how your mouth moves when you speak, and the size and shape of your nasal passages are unique to a given individual. In addition, voice biometrics recognizes unique behavioral traits such as pronunciation, speed of speech, pitch, and accents. No one can steal your account information simply by hearing you speak a passphrase.
Myth #2: Everyone says I sound just like my Dad; wouldn’t he be able to log into my account?
You may sound just like your Dad to everyone around you, but to the voice biometrics system you are two distinct individuals. As a matter of fact, WIRED Magazine recently put Nuance’s voice biometrics to the test by comparing famous people to master mimics – including Kevin Spacey. While the mimics sound just like the originals, voice biometrics was not fooled.
Myth #3: My voices changes all the time. I’m worried I won’t be able to get into my account if I have a cold.
This misconception is one of the most common ones, and many CIOs, contact center managers and other people consider it a show-stopper. But numbers prove otherwise.
For example, Nuance’s VocalPassword solution has delivered successful authentication rates within customer-facing IVRs 97 percent of the time. On average, a person with a cold tends to experience an error rate that is about double the average. As such, a person with a cold has a 94 percent chance of getting successfully authenticated, which is still significantly higher than the 40 to 60 percent success rate customers typically experience with a PIN or password. The high success rate for people that have a cold is made possible by Nuance’s approach of analyzing more than 100 aspects of each caller’s voice, and a cold affects only a handful of those.
Myth #4: If someone hacks the company’s database they will have access to my voiceprint.
After the Target security breach of 2014, everyone has been talking about what happens when a hacker gets your credentials. Unlike with a username and password, the hacker cannot use what they have stolen because it requires the back-end to process the voiceprint. Even if they were able to steal the recorded voice, Nuance provides playback detection to protect from spoofing. This feature tests incoming audio to see if it represents live speech or if it fraudulently uses a recording of an authorized speaker, mitigating the risk of fraudsters using voice recordings of legitimate speakers.
Infiniti Research estimates that voice biometrics can address 90 percent of fraud in a voice channel, as well as address 80 percent of fraud in a mobile channel. So even with hackers on the prowl, your data is safer with voice biometrics.
Myth #5: I don’t like biometrics because it is based on something that cannot change (Fingerprint, iris, voice) and if I need to change my password it cannot be done!
Unlike fingerprints or iris’, which are static biometric credentials, voice biometrics is a dynamic biometric credential. A static biometric, like a fingerprint, is unchangeable, while a dynamic biometric is constantly evolving.
Most of us have ten fingers, so there is a small amount of variability that is possible: if you enroll your right index finger to authenticate into a system, and a hacker compromised your fingerprint, you could enroll another finger. But at the end of the day, you have a maximum of ten possible credentials with fingerprint biometrics. With iris, that number drops down to two. With voice biometrics, you have an infinite amount of possible voiceprints.
Let’s say that you have the following voiceprint to authenticate into your account: “My voice is my password at VB Bank.” Should a malicious individual record you saying this passphrase, you could revoke this credential and create a new one where you say “At VB Bank, my voice is my password.” You can easily see how there are an infinite amount of possibilities with voice, and so it’s important not to lump all biometric technologies into the same boat. Irrevocability is only an issue with static biometrics.