Nick Collin - Collin Consulting Ltd - London 05 January, 2010, 12:16 0 likes

Yes, it's an important distinction.  I wrote a couple of white papers on this subject about 10 years ago, based on experience with technology developed by Stanford Research Institute (SRI) and commercialised by their spin-off, Nuance - see www.ncollin.demon.co.uk/Future/fin_futures.htm .

At the time, voice recognition was, if anything, more advanced than voice verification, so I'm surprised when you imply it's unreliable.  As far as I'm aware, when used with carefully designed dialogues, voice recognition is now increasingly deployed in a number of appropriate mainstream applications.

I've always thought that the holy grail would be a combination of the two technologies so that you could call up your bank or whatever, give a simple instruction ("this is Nick Collin - what's the balance on my current account?"), and be safely authenticated, all in one streamlined transaction.  Maybe we've reached that stage - any comments?

Nick Ogden - RTGS.global - London 15 January, 2010, 15:02 0 likes

Thanks for your feedback Nick. Indeed, what you thought was going to happen 10 years ago with the evolution of the two technologies is happening now, and with additional capabilities.

Voice signatures are not only used for payments in our view, but also as identification and verification tokens. Our Voice Transact network is currently in the process of adding national Trust Centres to enable consumers to manage and control their own identity, security and payment verification with a number of businesses they chose to do business with. As technology evolves and we see the growing shift towards online and mobile, security and identity fraud is a significant issue. As a result, consumers not only require but are now demanding the right to control how, when and for what reason their personal financial data is used.

Stephen Wilson - Lockstep Consulting - Sydney 05 February, 2010, 03:42 0 likes

Sorry for the late comment on an oldish thread ...

Of all biometrics in banking, I do like voice the best, especially when the system allows for varying the challenge phrases, to thwart replay attack.

Yet there's a human dimension that strikes me as problematic. Personal electronic banking in the workplace is commonplace, and so it should be: it's better than having employees standing in queues on company time. 

But in open plan offices, how comfortable are people going to be using voice controlled phone banking?  Can eavesdroppers pick up enough cues, maybe from listening to multiple sessions, to mimic a customer?

Even if the systems' specificity can stop mimicry, I would expect that customers will feel exposed using voice biometric within ear-shot. 

I wonder what sort of advice are banks giving their customers about this? Trust us, the system is impregnable?  Or, cup your hand over the handset? ;-)

Nick Ogden - RTGS.global - London 08 February, 2010, 14:52 0 likes

Hi Stephen, thanks for your comment. To answer your questions, it’s necessary to stress that we are talking about voice verification using biometrics and not voice recognition, so the system is distinguishing who is speaking rather than what is being said.  In terms of mimicry, impressionist Rory Bremner tried and failed to fool it in a three-hour test session that was conducted in 2007. In a similar way to how fingerprint matching and blood DNA works, voice biometrics are trained to a particular user based on their unique voice biometrics so it’s level of security speaks for itself.

In regards to whether people are going to feel comfortable using voice controlled phone banking in the workplace shouldn’t present an issue since they will only be required to say authentication phrases such as ‘voice signature’ or ‘Stephen Wilson’ to verify themselves. They won’t ever be asked ‘expose’ personal information out loud as this will all ready be stored in the trust centre.

Stephen Wilson - Lockstep Consulting - Sydney 09 February, 2010, 06:01 0 likes

Thanks Nick.

I was being a bit facetious, and as I said, I do reckon that voice is the most promising biometric in banking and finance. 

Nevertheless, I expect there to be some resistance to using voice biometrics in public places. If speaking a challenge phrase like your name takes over from entering a PIN (and that's the whole idea!) then people may worry that being overheard (or recorded) will compromise their security. If today they protect their PINs, then tomorrow they may expect to have to protect their voice 'signature' somehow.

So what kinds of standard advice do you find it necessary to give to users about voice authentication?  Do you coach people on the need to speak clearly, how to choose a challenge phrase, the effects of a cold, effects of telephone line quality or speaker phones etc.?

Cheers,

Stephen Wilson.