Breaking down voice biometrics
24 February, 2014
category: Biometrics, Corporate, Financial
Other innovations in voice
Another company helping chart the future of voice biometric is U.K.-based VoiceVault. The biometric vendor offers a voice recognition system that places a premium on the mobile environment.
VoiceVault’s platform is a software-based solution that can either be vendor hosted or on-premise, says Julia Webb, VoiceVault’s vice president of sales and marketing
VoiceVault provides voice solutions to a number of financial institutions in the U.S. and the U.K., including an unspecified top-three global U.S. financial institution as well as the UK branch of a U.S. based stock trading company. In addition, VoiceVault has seen a number of health insurance companies adopt the its voice biometrics as well, a list that includes WellPoint/Anthem, Aetna, Blue Cross Blue Shield of Kansas City, and phone-based clinical documentation service Dial-n-Document.
VoiceVault needs just 10 seconds of enrollment audio and less than five seconds of verification audio for operation.
First, VoiceVault maintains an identity verification solution to ensure that users are who they claim to be. “Voice biometric identity verification involves a person providing their claimed identity, which might for example be an account number, and a sample of their voice,” says Webb. “This voice sample is then compared to the enrollment voice model associated with their claimed identity. It is a process that requires less than five seconds of actual speech and is applicable for both call centers and mobile device authentication.”
The second of VoiceVault’s offerings is a voice e-signature solution that, as Webb explains, provides a “speak on the dotted line” capability to landline as well as Android and iOS phone-based transactions. “It enables the implementation of legally binding transaction authorization applications where your voice is used to perform an e-signature,” says Webb.
VoiceVault also provides an out-of-band authentication process. “Its primary function is to confirm that the transaction details originated with the user,” explains Webb. “Our voice biometric solution is phone-based and uses either an out-of-band call to a user’s registered phone number or an Android or iOS app. In this instance, the phone line or app is regarded as one of the trusted parts of the multi-factor authentication process, and the voice biometric element adds yet another factor.”
The pros and cons of voice
A disadvantage associated with voice biometrics is that it may be impacted by extraneous background noise, for example on a noisy street, on a plane or on public transportation. Utterances are not as pristine as they would be in a quiet room or office.
A robust voice biometric solutions need to implement software and algorithms complete with counter measures to account for background noise.
The fear of an eavesdropper catching wind of your passphrase, however, is minimal. Voiceprints only work with the enrolled user so a passphrase doesn’t need to be a secret as would a password or PIN.
The danger associated with spoofing voice comes in the form of recording attacks. “Someone could, in theory, obtain a high-quality recording of you speaking your passphrase and use that to hack your accounts,” says Hamilton.
There are known counter measures in place to account for such attacks. One such counter measure is to employ Nuance’s method that eliminates the passphrase altogether.
Another counter measure that can be used in those scenarios requiring passphrases sees a user set up multiple passphrases at the time of enrollment. Using this method, the user would be prompted on screen to speak a randomly generated enrolled passphrase at the time of transaction.
Comparing voice to fingerprint
“Fingerprint is more convenient, unobtrusive and depending on how smart phone manufacturers design their instruments the sensor can be hidden beyond recognition,” says Hamilton. “Fingerprint, however, is primarily a local authentication function.”
The advantage that voice biometrics has over fingerprint is that it takes place on the authenticator’s side, giving enterprises more power and assurance when conducting transactions.
“If I want to remotely conduct a transaction with my bank in New York from my mobile phone, they don’t know about my fingerprint and they don’t have it on file,” explains Hamilton. “Even if they did, I’m not sure that my bank would trust the device – they would likely trust an utterance more than an unknown hardware sensor in a mobile device.”
“For external transactions, voice biometrics seems much more appropriate, particularly from an infrastructure perspective,” says Hamilton.
Hamilton also believes that voice biometrics make more sense for cloud-based authentication. “Logistically speaking, I would think that voice would be preferable to fingerprint because the enterprise can use their own voiceprint algorithm – not your device’s algorithm – and are only dealing with raw sample .wav files.”
It is for this reason that Hamilton, and others see promise in voice biometrics, but ultimately he sums up the difference between the modalities by stating, “Voiceprint trumps fingerprint for the cloud, but fingerprint trumps voiceprint for the device.”
