Object reference not set to an instance of an object.

It’s been an interesting week for those interested in Financial Services and how biometrics could be used in the industry. It was the subject of my last post on Finextra (“Voiceprints can counter ID theft, but other threats remain”), looking at Barclays’s use of Nuance and Cisco Voice Portal and last week on Finextra brought out some of the industry trends.

One major trend was in the story “US Bank trials voice biometric access to mobile app” . The move towards apps and mobile is creating some very significant changes in the nature of authentication and security. The traditional use of voice biometrics has been to authenticate callers who have dialled in over a land-line to contact centres. Biometrics have been seen as specific to the voice channel, expensive but potentially more secure for ID&V (as it checks who you are, not what you know) and potentially offering better customer service (as voice can allow more flexible menus than the traditional “….press 1 for…., press 2 for….” functionality of IVR).

Mobile devices have changed this paradigm in a couple of ways.

First, mobile voice tends to be a much lower quality than land line. Although this can be compensated for, in general terms the lower quality the input, the harder it is to use voice patterns to authenticate an individual. Voice biometric authentication can still be effective for mobile users but it does mean that a higher number of calls will need to be handed over to an agent for them to check the caller’s identity. This might appear to diminish the usefulness of voice authentication, but a second trend is working in the opposite direction.

Secondly, it may seem obvious, but mobile devices have a level of compute power and intelligence that was un-thought of when phones were landlines. Authenticating at the front-end now means authenticating at the app and authenticating the device’s current owner once a call is made. If a mobile device is stolen, then authenticating a call on the basis of what the caller knows is potentially inadequate. This is a very significant change from only authenticating once the call arrives at the bank. It’s a subtle change, but one that makes voice biometrics all the more important as mobile devices can be attacked in ways that landlines never could. It’s perhaps this that last week led Google to buy SlickLogin. Sound based authentication for a lap top or a PC might be a niche market but it could be hugely important for mobile devices that can carry a lot of data and are easily lost or stolen.

That’s why one of this week’s other stories “Nigerian banks begin biometrics registration project” was so interesting as part of the Nigerian banking industry’s efforts to fight fraud and money laundering. This isn’t a voice biometrics project, rather a face and fingerprint registration program. I can see strengths and weaknesses to this approach. Fingerprints tend to change much less over time than a person’s voice and facial recognition can be done passively (for example on security cameras at the teller counter). The weakness to both these authentication methods is that they depend on either physical presence or decent quality video and as banking shifts to mobile devices neither of those options may be readily available. Indeed, a look across to East Africa and Safaricom would suggest that mobile might arrive in African banking faster than it does in Europe or the US.

In short, the traditional use of voice authentication will remain and potentially grow as part of the contact centre but the really big drive for biometrics is how banking apps will link voice authentication into bank’s contact centres