Enterprise Fertile Area for Voice Biometrics
Jan 15, 2005 1:30 AM PT
Biometrics technology is nothing new. Biometrics security devices have been available in one form or another for several decades with little fanfare. However, the prospects for developing biometrics as a reliable security device for consumer computers were viewed by many industry watchers as a nice idea with little applicable potential.
The use of biometrics for computer security and user authentication has not been very enthusiastic because of ill-placed perceptions that the procedures were costly, inconvenient and intrusive. Over the last 18 months, however, interest in biometrics devices for communications security has grown.
Iris scanners and fingerprint readers now are showing greater promise in raising the bar for locking down access to computers, networks, Web sites and even cell phones. Meanwhile, voice recognition technology has quietly become a primary access tool at call centers.
Biometrics devices have been slowly finding favor with business IT managers and some high-tech consumers. Specifically, voice recognition technology has been enthusiastically embraced by financial institutions and enterprise operations that rely on phone access to services.
Biometrics security devices authenticate a person's identity on the basis of physical characteristics, such as a fingerprint, iris scan or voice pattern.
Biometrics for use in security appeals to different segments of the work force. However, a device that works well for consumer computer access, such as a fingerprint reader, will not have strong applications in all business settings.
"The biometrics industry is no longer in its infancy," Grant Evans, CEO of A4Vision, told TechNewsWorld. "Vast changes in the marketplace are the driving forces for biometrics."
Older authentication techniques such as keystroke pattern recognition are being replaced with a combination of new biometrics technologies.
"Biometrics is becoming a billion dollar market," Evans said. "The marketplace is now fueling biometrics research."
ID Theft Counter Measure
Financial services organizations and telecommunications carriers are searching for ways to protect themselves, their call centers and consumers while reducing costs and improving convenience. That is where voice biometrics technologies are earning high interest for adopters and investors.
Identity theft and fraud affect nearly 10 million people and cost businesses upwards of US$60 billion per year, according to the Federal Trade Commission.
Among the products available, Nuance, a voice automation expert, has developed a packaged speech application that authenticates callers' identity over the phone before allowing access to private information. Company officials said Nuance Caller Authentication also secures self-service transactions of all types.
The voice security software can be employed within a range of environments and scenarios from authorizing credit card transactions and stock trades to enabling automated bill paying and name and address changes.
How It Works
Nuance's voice authentication engine uses "voiceprints" to secure access to specific information and transactions over the phone. The voiceprint functions much like a fingerprint to verify a person's identity.
Before transactions are authorized, users' spoken voiceprints are compared to those previously enrolled. When an exact match is verified, the transaction is performed.
Instead of entering cumbersome PINs into the phone's keypad or answering lengthy personal questions, callers simply speak a set of digits. They are authenticated based on the unique characteristics of their voice.
The system requires minimal voice recognition training by the customer, according to Larry Heck, vice president of Research and Development for Nuance Speech Engines.
"A caller utters a short script. The initial training with the software requires three readings. Based on that input, the software builds a template of the caller's vocal pattern," Heck said.
Tough To Trick
"This kind of voice recognition technology has come of age," Kevin Chatow, principal product manager for Nuance Speech Engines, told TechNewsWorld.
At this level of biometrics security, Nuance's Caller Authentication software is for enterprise applications rather than consumer use.
Chatow said the software's speech recognition module is so secure that the company has not had any attempts at intrusion or hacking.
He said prerecorded responses from a caller do not trick the system. Attempts to use such voice recordings are blocked by requiring the caller to repeat three random phrases the software generates or repeat a digital sequence.
Even the wide variety of phone equipment has no affect on the reliability of the voice pattern recognition, Heck said.
"The type of phone device doesn't affect the quality of the voice scan. Our speech recognition engine took a little longer to perfect because of this," he said.
Contains Security Intelligence
Once it is deployed at an enterprise's call center, Nuance Caller Authentication delivers business intelligence to call center managers and security intelligence to security managers.
Nuance Caller Authentication reports and tracks the number of users who have completed enrollment, call volume, caller frequency and security events.
This allows companies to better understand caller behavior, identify potential fraud situations, target marketing and sales programs and adapt their automated systems to better meet the needs of their clients.
While the voice recognition system developed by Nuance currently targets enterprise clients, it might eventually become a consume tool to fight fraud.
Nuance's speech recognition software is used by more than 1,000 enterprises and telecommunications service providers around the world.
"Its use will proliferate into the consumer base because of the growing threat of identity theft and the huge cost of fraud," Chatow told TechNewsWorld.
"We see it as a pretty widespread replacement of existing security measures," he said.
The voice recognition engine can identity known fraudulent callers based on its database.