Voice Biometrics in the Banking Industry
October 29, 2021
By Pavel Jiřík in Blog
People can already use their voice to access many day-to-day services or applications. The popularity and level of adoption of voice-powered solutions and experiences shouldn’t be a surprise considering users’ points of view. Voice is a natural “tool” that people use to communicate with others, so using speech to interact with various devices is intuitive and seems natural. There’s also another vital aspect to remember about when discussing the use of speech in apps and digital services, and that’s voice biometrics. It adds an extra benefit to the already long list of advantages of voice-based tech solutions.
Voice biometrics is a technological solution that allows the authentication of an individual through recognition of voice characteristics and speech patterns. This is possible because the phonetic and morphological features of each person’s vocal apparatus are unique.
In order to leverage voice biometrics, a company implementing this technology must carry out a one-time enrollment process involving the extraction of a unique voiceprint from each user. In the case of passive voice biometrics, enrollment can take place seamlessly during a regular conversation, and a voiceprint extracted from the user's speech is securely stored in code. Each time someone reaches out to a call center or uses their voice while interacting with an app or a device, the system compares their speech with the stored voiceprint to confirm the users’ identity. As such, users don’t have to remember a passphrase or PIN number, for example, because they are authenticated based on the traits and patterns of their voice rather than what they actually say.
Voiceprints Change Authentication
Voice biometric authentication has many different uses, but the most noteworthy feature of systems utilizing this technology is probably their ability to detect and stop attempts at identity theft. The technology can therefore be used to secure operations that are the most exposed to fraud attempts such as call center conversations, banking app usage, confirmation of money transfers, and more.
Voice biometric authentication makes it possible to authenticate a user with extreme accuracy, preventing them from being the victim of impersonation by another person. It’s worth emphasizing that this process happens in a non-intrusive way and takes only seconds from the start of the users’ interaction with a system using voice biometrics.
Technologies that leverage speech as the main form of interaction will play an increasingly important role in the coming years. Internet searches, managing apps, and controlling particular objects using only voice are all already possible. Unsurprisingly, voice-based authentication is also gaining traction among companies that must authenticate their users in order to interact with them. In banking, more traditional authentication methods will most likely give way to a person’s voiceprint as a unique and personal identifier for confirming transactions, making payments, or simply logging in to banking apps or services.
How Do Banks Authenticate Their Customers?
Mobile banking and digital financial services are really convenient tools for managing money, but they also come with security challenges. While financial organizations have always gathered their customers' banking and personal information, nowadays, all of that data is stored online. Reliable authentication solutions are therefore required to prevent any type of fraud attempts and stop cybercriminals from accessing users’ data.
Banks use various authentication methods to safeguard their customers' banking transactions, most of which are knowledge-based. Some financial institutions implemented two-factor authentication (2FA), requiring users to enter their logins and passwords as well as provide other pieces of information before they can gain access to a banking app or confirm a transaction.
Let’s discuss the current solutions that banks and financial institutions use to authenticate their clients.
Password or Passphrase
Yes, they do still exist and probably remain the most common authentication method, used by customers for many different purposes like logging in to a mobile or web app.
The length of a password and the type of characters used to create it depend on each bank’s requirements. Although typical security recommendations suggest using special characters (such as &, $, #, etc.) in passwords, many consumers decide to set passwords that consist only of letters or digits because they are easier to memorize and use.
A passphrase is a possible alternative to a password that can be used to access similar services. Usually, a passphrase is a sentence or a series of words containing spaces between each one. It does not have to be grammatically correct and can consist of completely random words. Like with passwords, strong passphrases also include capital letters, special characters, and numbers.
The main advantage of passphrases over passwords is that the former are easier to remember because they can be meaningful to the users who set them, but at the same time are harder to crack or guess thanks to their length and complexity. Nevertheless, it is still not an authentication method that is considered highly secure.
The abbreviation PIN stands for Personal Identification Number. Usually, it is a four- or six-digit number that users must enter to log in to their banking app or validate an online transaction. A PIN number is also used to confirm transactions at ATMs or interact with IVR systems. Because four numbers are not the most difficult combinations to guess or crack, it is recommended to change them often.
Sometimes PIN (a short code consisting only of digits) numbers are also sent via text message to users in order to verify that it was them who requested access to a particular service. A different number or code is sent every time an access request is made in order to increase the level of security.
A PIN in this form is usually sent when users access services for the first time, e.g., to activate apps or log in to banking services from new/different devices. In other words, some entities use a PIN as a second layer of protection for transactions that it considers high risk.
SMS or Email Verification Codes
Verification codes that are sent by SMS or email are authentication methods that involve entering a randomly generated password sent to the users’ phone or email inbox, respectively.
The length and complexity of such a code depend on the bank’s policies. In most cases, they are used to confirm banking operations when users update their personal information or want to change credit card transaction limits. SMS or email codes expire quickly to increase the security of this method.
A token is an authentication tool for generating security codes that are constantly changing automatically and are never repeated.
A banking token can be a physical device, such as a USB stick or a smart card. Typically, tokens are not used as a standalone authentication method but rather as a part of the two-factor (2FA) or multi-factor authentication (MFA) processes.
Most often, tokens provide one-time passwords that can be used to validate financial transactions or authenticate users when they log in to a banking system.
Use Cases of Voice Biometrics in The Banking Industry
All of the authentication methods listed above are highly vulnerable to fraud attempts carried out by both cybercriminals and fraudsters who target bank customers offline. This is because most of the typical authentication methods are knowledge-based, and it is relatively easy for criminals to obtain users’ PINs or passwords. In many cases, even two-factor authentication does not prevent bank customers’ data from being compromised.
That’s why banks should take advantage of the more secure and reliable authentication methods that are available, like the aforementioned voice biometrics technology.
Authentication of Transactions
Voice biometrics could entirely replace knowledge-based authentication methods that highly rely on users’ vigilance. Financial institutions constantly educate their customers and carry out awareness campaigns, but scammers keep finding new ways to access users’ data and impersonate them. As things stand, unless users keep their own data safe and change their passwords regularly, their personal information and money will remain vulnerable to the risks of fraud.
Knowledge-based authentication measures will never completely eliminate bank fraud. A better way to solve this problem is the implementation of authentication solutions based on biometric methods, especially voice ones. These kinds of systems are already leveraged in call centers that confirm the identity of users based on their speech. However, in order to provide bank customers with a secure, convenient, and seamless experience, voice authentication should be introduced on a larger scale and apply to most transactions.
Voice biometric authentication methods can be used to authenticate users while they are logging into mobile apps as well as validating online operations like money transfers, online payments, and changes to account settings, for example. Users can then simply use their voice rather than dedicated commands to confirm such transactions in a fast and secure way.
We usually associate the use of voice-based solutions with young, tech-savvy users. However, voice biometric authentication can also change how the elderly or people with disabilities such as limited mobility use banking services. For example, imagine that a person who doesn’t have fully functional hands or fingers wants to use a banking app, or someone who is used to running most of their financial errands in the physical bank can no longer leave their house very often.
Voice-based authentication would allow these users to authenticate their transactions and access all banking services from the comfort of their own homes.
Voice biometrics can be used as one of the authentication steps in two-factor systems. It can be paired with a knowledge-based authentication method like a password or a passphrase, or combined with another biometric factor using a person’s retina, fingerprint, or face, etc.
From a technical point of view, the implementation of voice biometric authentication technology is relatively straightforward for banks. This is because most bank customers already own the necessary devices to undergo voice authentication, which are simply their smartphones. As such, the banks do not need to provide customers with new equipment in order to authenticate them using voice biometrics. What’s more, voice verification software can be seamlessly connected with the bank’s existing internal telephone system (PBX) and managed on-premises or with the use of cloud storage.
At the same time, because voice-based solutions have become quite popular and voice biometrics is increasingly being associated with extremely high security, financial institutions can introduce this technology and familiarize consumers with it in conditions that feel safe to them.
Widespread adoption of voice biometrics as a part of two-factor authentication systems may, in turn, lead to the expansion of multi-factor authentication involving various biometric methods and different types of unique inputs. These inputs may be knowledge-based, but they can also be established based on a users’ location, device used, and the results of behavioral analysis, etc.
Voice biometrics will soon become a dominant element in security systems using voice-powered interfaces because it is a seamless and extremely secure technology that can run concurrently with other authentication methods without requiring additional user attention.
The current solutions used by banks to authenticate their clients and validate transactions usually do not offer the highest possible levels of security or are not user-friendly. But validation of users’ identities during their interactions with banks’ call centers or financial operations can be made secure and seamless at the same time by the implementation of voice biometric authentication methods.
This technology is extremely safe and more convenient than most knowledge-based authentication methods. It’s also worth stressing that, unlike other biometric solutions, voice authentication technology does not require special devices. Voice biometrics is accessible to everyone because all that’s required is a phone, smartphone, tablet - i.e., a device with a microphone.