The New Fraud-Proof Standard in Voice Authentication Technology
Verizon's Alla Reznik talks voice biometrics 2.0
When it comes to identity theft and cyber fraud, voice channels remain a major liability. From 2013-2017, the rate of fraud on voice channels climbed over 305 percent, according to the 2018 Voice Intelligence Report by Pindrop, a provider of authentication and anti-fraud software for call centers. In 2017, one in 638 calls were fraudulent.
Why the initial technology failed
The first wave of voice authentication technology was fraught with cracks. Some businesses used voice biometrics to authenticate a caller by having them utter a specific passphrase. However, these systems were vulnerable to replay attacks, where a fraudster impersonates a victim by playing a recording of their voice. Some tricksters deploy voice modification software to convert their voice to match the victim’s using electronic pitch control, while the wiliest criminals use social engineering to trick an agent into divulging account information.
HSBC landed in hot water last year after a BBC reporter fooled its voice recognition system to gain access to his non-identical twin brother’s account, using the passphrase: “My voice is my password.” After seven tries, the system granted him access.
The next wave of voice biometrics is text-independent
Voice Biometrics 2.0 attempts to rectify these chinks, with technologies such as Verizon’s new VoIP Inbound Anti-Fraud and Authentication service, a cloud-based solution that analyzes inbound calls to toll-free numbers within the Verizon network.
Rather than asking for a passphrase, the system passively captures voice biometrics data throughout the course of a normal phone conversation with a live agent to create a unique voiceprint for each customer - making it “text-independent.”
“When the caller talks to an agent they don’t have to be prompted to repeat a specific phrase,” said Tom Smith, senior manager of customer experience innovation at Verizon Wireless. “Just in the course of the conversation their voice is validated in the background.”
The system integrates voice authentication with more than 1300 other parameters, such as the origin of the call, the make and model of the caller’s cellphone, behavioral biometrics and even keystroke patterns from when a user enters a DTMF code.
“It measures the way the voice is generated in the vocal cords as opposed to all the surface things that we are thinking,” said Alla Reznik, director of product & innovation: customer experience solutions at Verizon. “It actually takes into account things we don’t even hear, such as the background noise of the location.”
Verizon uses media forking technology to generate multiple streams of audio associated with a single call and send it to Verizon partner Pindrop’s anti-fraud and authentication cloud service. Pindrop then provides an authentication score of green, yellow or red, depending on the tolerance thresholds specified by the call center.
A “yellow” caller might be further authenticated through security questions or a random number generator, while a “red” caller would be routed to an agent specialized in fraud prevention. The service is available for all toll-free numbers within the Verizon network.
Voice biometrics smoothes the customer and agent experience
Most organizations struggle to find the right balance between security and customer service. Cumbersome authentication processes not only lengthen call times but often require customers to repeat information, or to recite sensitive personal information out loud. Often, customers will opt for convenience over security, such as reusing passwords for multiple accounts, which makes it more difficult for businesses to protect their data.
With passive enrollment into a voice authentication system, customers don’t have to know they are being authenticated, with the exception of certain industries with compliance regulations. Smith points out that aside from smoothing the customer experience, the technology offers operational efficiencies as well.
“Because it’s a multi-factor authentication process and it’s passive, it’s very secure,” he says. “And it can easily cut anywhere from 30 to 75 seconds off the duration of the call, so there are operational savings.”
Agents, too, feel less burdened and can jump right into helping the customer instead of spending time interrogating them, Reznik adds, pointing out the industry’s unusually high attrition rate. “You improve the user experience from the agent perspective and you potentially extend the agent’s professional life with this particular company and just make their life better.”