-
Security researchers say criminals are turning away from malware-only attacks and preying on unsuspecting call center reps, merchants and bank-website users with simpler, more traditional schemes.
June 17 -
Voice biometrics, fingerprint recognition, device ID and behavioral analytics are at long last becoming accurate and convenient enough for prime time.
May 12 -
The San Antonio financial services provider says 101,000 members have already logged into mobile banking with a spoken phrase or a selfie. It may be a sign that after 50 years, biometric authentication is finally hitting the mainstream.
February 3
Grumblings from customers about the way their identity was checked in the call center "three-question hell," some called it made Eastern Bank realize it needed an alternative to knowledge-based authentication.
"This was, believe it or not, the single biggest specific complaint we got in customer research," said Dan O'Malley, head of Eastern Labs, the Boston bank's innovation center. "It was really bad. People would call in because they couldn't get into their account and then we would ask them for information about their account. It could really drag on."
Eastern Bank is in good company. Banks all over the country are seeking a better way to verify callers as they simultaneously try to improve customer service for mobile- and online-first customers and strengthen security in the midst of
The $9.5 billion-asset Eastern Bank announced Thursday that it is deploying voice recognition software from Nuance that silently and invisibly authenticates customers in the background while they have a normal conversation with a call center rep.
What's new here is the free-ranginess of this up until now, banks that have deployed voice authentication in call centers (Wells Fargo, for instance) have required a specific spoken passphrase, such as "my voice is my password." Eastern Bank is the first to roll out the FreeSpeech technology in the U.S. (Barclays was first worldwide, in September 2012).
Instead of having to ask customers a lot of questions like who their best friend in elementary school was (and wouldn't it depend on which year?), call center reps can simply serve the customer. Agents have been happy to drop the interrogation process, O'Malley said.
"This is a significant development because it is bringing the potential use of biometrics to the forefront, and allowing customers to decide if they want to register their voices," said Shirley Inscoe, senior analyst at Aite Group. "Knowledge-based authentication questions can be quite difficult; 15% of legitimate customers cannot answer them correctly, while fraudsters can compile information from various data breaches and social media sites and often answer the questions successfully."
Inscoe said she expects to see other banks pick up the technology.
"The use of biometrics can greatly assist financial institutions in authenticating their clients in a convenient, often nonintrusive way, which will also improve customer service," she said. "It really is a win-win, so we should see growth in this practice."
The FreeSpeech software picks up patterns of speech after listening to several seconds of a person talking to a call center rep. This type of voice recognition is called "text independent," according to Brett Beranek, director of product strategy at Nuance.
How long it takes the Nuance software to authenticate a user varies.
"Some customers will call in and start rambling, telling their story to the agent, and within the first 10 seconds they could be authenticated," Beranek said. In other cases, such as when a customer is giving only yes or no answers, authentication could take a minute or more. If the software can't recognize the person, the old "shared secret" method of authentication kicks in.
"The reason we like this technology so much is there's no additional effort required of the customer when they call in," O'Malley noted. "The technology in the background automatically authenticates the customer based on their natural voice. There's no requirement for a passphrase. That's really outstanding, and that's where, in my opinion, biometric authentication is going to go."
To combat fraud, the Nuance software not only compares the speech snippet against the recording the person made at enrollment, it also compares voices from one call to the next.
"If the same voice appears on multiple accounts, we'll flag that as a potential fraudster," Beranek said. "You may have two separate bank accounts, but you probably don't have ten. We work with customers to understand reasonable or unreasonable behavior."
It's taken years to train voice recognition algorithms to accurately pattern-match infinitely variable language.
"One day a customer might be calling because they want to pay a bill, the next day they may be angry about something," Beranek said. "From a speech perspective, there's little commonality and the problem is complex."
Eastern Bank piloted the system for several months, testing and fine-tuning it to make sure this technology, designed to reduce friction, would actually do the job. Tens of thousands of customers have already signed up for the voice authentication.
Agent training is key for deployments like Eastern Bank's, Beranek said. They need to not only be able to enroll and verify the customer, but also be able to answer the basic questions that come up all the time, like, "What if my twin calls?" (Even identical twins have unique voiceprints, according to Nuance.)
"It's important that agents know the basics so they can have an informed conversation," he said.
Bank customers generally welcome voice authentication as security questions have become more challenging to answer, Beranek said.
"If you called the bank 10 years ago, you would have been asked for name and address," he said. "Now that any hacker can gain that and a lot more, bank policies have had to evolve. The questions have become really difficult what's the balance on the account and the value of the last transaction? I would log in to my web account because I knew they were going to ask me all these questions, and didn't want them to think I'm a fraudster."