Hello, Is That Really You?
Big business wants your voice – not for customer feedback, but to tackle fraud.
Voice biometrics – the recording and analysis of unique voiceprints for authentication purposes – is one of the latest technological weapons being deployed in the war against fraudsters, thought to be pilfering at least £52bn from the UK economy each year, according to the National Fraud Authority (NFA).
UK financial services companies alone are conservatively estimated to be losing more than £5bn annually, the NFA says.
But the real figures are likely to be two or three times higher than this as so much fraud goes unreported.
Identity theft and account takeover are a big and growing problem, particularly in a digital era that has been a boon to fraudsters by presenting them with many more ways to harvest personal data.
Dynamic
The main advantage of voice is that it is much harder to spoof and steal.
“Voice is a dynamic form of biometrics, rather than static like a fingerprint, so it is harder to replicate and copy digitally,” says Emmanuelle Filsjean, global head of marketing for ValidSoft, which advises retail banks on security and helps European governments tackle cross-border benefit fraud.
Digital voiceprints contain over 100 identifiable elements. And, by using complex mathematical algorithms and the latest high-definition audio equipment, voice biometric companies believe they can now identify people accurately more than 97% of the time.
Most financial institutions and big service providers around the world are actively considering adopting voice biometrics.
Even identical twins, who share the same DNA, can be told apart from their voiceprints, making the technology reliable enough to be used as evidence in courts of law.
Failing
Voice is crucial because call centres are still the main way we interact with companies, despite the rise of online banking and shopping.
Traditional authentication measures, involving personal identification numbers (PINs), passwords, and “memorable” answers to stock questions, have proved fallible, largely because we are fallible – we keep forgetting them.
This is why we choose ludicrously simple PINs and passwords that are easy for us to remember – and therefore for others to guess.
Fraud investigators have found that about 10% of four-digit PINs stolen by fraudsters are simply 1-2-3-4, while banks report legitimate customers failing call centre authentication procedures 10% to 20% of the time because they cannot remember their security details.
“You can’t forget your voice,” says Prof Levent Arslan, chief executive of Sestek, a technology company that helped Turkish mobile phone company Avea register one million voiceprints in a year.
Your voice is also easy to use.
“Using our voice is the most intuitive way of interacting,” says Ms Filsjean.
Test
While no biometrics security system is totally foolproof, fraudsters using high-definition recordings of someone’s telephone pass phrase should still be caught out, voice biometrics companies maintain, because even the highest-quality recordings use some form of compression that blunts the highest and lowest frequencies.
Even a slight mismatch with the customer’s voiceprint will trigger a “live test” conversation that is almost impossible for fraudsters to spoof, particularly if they’ve only got a recording to use.
Barclays’ private banking arm, Barclays Wealth, claims great success after implementing voice biometrics.
Before introducing the technology, it found that 25% of fraudulent phone calls to its agents were able to bypass the bank’s security systems. Fraudsters using “social engineering” techniques – or blagging in the vernacular – were able to elicit security details from agents.
The bank would not disclose how much money was being lost as a result.
Barclays says that now the number of successful fraudulent calls is zero, because it uses technology from the company behind Apple iPhone’s Siri speech recognition system, Nuance, a leader in the field.
The voiceprints of suspected fraudsters are kept on a watchlist so they can be identified if they try again pretending to be someone else.
Tricky
Slovakian Tatra Bank is currently rolling out a voice biometric system that will authenticate customer identities while they are speaking to call centre agents.
About 10 to 15 seconds of natural conversation is enough to match the voiceprint with the one the bank has on record.
Turkish mobile phone operator, Turkcell, now has about 10 million customer voiceprints on its database.
“Most financial institutions and big service providers around the world are actively considering adopting voice biometrics,” says Almog Aley-Raz, head of voice biometrics for Nuance.
The tricky part is enrolling customers in the scheme, as different jurisdictions have their own privacy laws governing voice recording.
Before introducing the technology, it found that 25% of fraudulent phone calls to its agents were able to bypass the bank’s security systems.
“In many cases there is ambiguity around the collection and use of biometrics,” says Mr Aley-Raz. “But our best practice recommendation to our customers is to obtain consent for using the technology.
“Regardless of whether a given jurisdiction has specific provision for the use of biometrics, biometric data is personal, private, and should be treated with the same care as any other data of that type.”
Voice biometrics alone is not enough to combat fraud, however. Other technologies, such as communications data analytics, must come into play.
‘Profound’
All UK financial institutions have had to record phone calls for years, and this has led to gargantuan amounts of data sitting in servers, largely ignored. But now audio and video search software, coupled with sophisticated analytical tools, is making this data mountain much more easily accessible and useful.
“The enormously sophisticated technologies that dig into written communication are now being switched to the spoken word,” says Richard Newton, co-founder of OP3NVoice, a technology company specialising in searchable audio and video recording.
“This has profound implications for fraud detection. Analysis of emotions, stress, sentiment, and meaning is a fast-developing area.”
What you say, how you say it, when, where and to whom, can all be weighted by algorithms that learn to spot suspicious or anomalous patterns of behaviour.
As Glenn Perachio, forensics specialist at accountancy firm Ernst & Young, says: “It’s like searching for a hay-coloured needle in a haystack, so you need to adopt techniques, such as machine learning, topic modelling, and geo-spatial mapping, to help narrow down the search for that evidence of malfeasance.”
Voice biometrics and speech analytics, it seems, are finally striking a true – and productive – note.