Voice Biometrics Poised For a Comeback in Fraud Prevention

ValidSoft Ltd. plans to be in the forefront of what it says will be voice biometrics' triumphant return in 2012.

Voice biometrics has had its share of starts and stops as an anti-fraud and authentication tool in the past decade. But a person's voice has more than 100 unique characteristics, compared with only 40 for a fingerprint, so the technology has strong potential for data security.

ValidSoft, a subsidiary of Netherlands-based Elephant Talk Communications Inc., has promoted voice biometrics as part of multilayered defense.

Opus Research, a San Francisco company working with ValidSoft on an upcoming research report, says voice biometrics has not taken hold because of past technology failures, product shortcomings and pricing issues, as well as the security industry's failure to demonstrate past successes.

In addition, security vendors may have been too quick to present voice biometrics as a way to replace PIN and other means of identification when the technology should simply become another layer of defense, the companies say.

"Providers were barking up the wrong tree in viewing voice biometrics as a single-factor authentication mechanism because all single mechanisms fall short in some manner," says Dan Miller, Opus Research senior analyst and author of the report.

"It's better to view how well voice biometrics can augment or extend other authorization methods, mainly now because we have a better understanding of how it works," Miller says.

In addition, voice biometrics fits in with the advancement of mobile payments because it is user friendly, and consumers would see a natural connection in saying something over a phone to authorize payments, Miller says.

"Speaking into a phone and comparing the voice with recorded voice biometrics creates an extremely high confidence level that the merchant or bank is dealing with the appropriate customer," says Pat Carroll, ValidSoft's chief executive.

Carroll says his company "loves voice biometrics" because a fingerprint scan or an eye scan can be stolen off a database and reused, but a stolen voice scan would be worthless.

"The voice scan can be matched to only a certain phrase, and when asked to make other statements, the fraud would not be able to repeat and match with the recording," Carroll reasons.

Generally when a security vendor records a person's voice for biometric storage, it is used for comparison when asking the customer to repeat that phrase and then other phrases or numbers. The financial institution authorizes a transaction after the voice biometrics technology confirms a voice match.

"If the voice is iffy for some reason, because of illness or a recent surgery, the institution has the other levels of security that come into play," Carroll says. "It shows again that voice is only one factor."

Most financial institutions believe some form of voice biometrics will be essential in the near future, says Julie Conroy McNelley, senior analyst and fraud expert with Aite Group. "Whenever the industry comes up with some new defense, criminals find a way around it, so layering remains the best approach," she says.

For reprint and licensing requests for this article, click here.
Bank technology Consumer banking
MORE FROM AMERICAN BANKER