Community

I am sure that this "base research" is all true, as it matches what we already know, BUT, if you read the Yodlee user agreement, Section G, Rights You Grant to Yodlee, you are giving in effect an open licence to them to use your personal data.

Was that fact/question part of this research and, if so, what was the response? Surely if we use services like this it should be on the absolute basis that we are anonymous, our usage data is free from interrogation and data mining activities, and we are not continually pestered by un-solicited advertising?

Humm, not what I've heard, or know :-)

In response to Rik's comment, no one has ever claimed that biometrics are 100 per cent even on DNA, as we haven’t all had our biometrics collected and compared. That said the probability of uniqueness when associated with other factors to create a true two factor authentication process gives substantial certainty and in our case the ability to underwrite financially a transaction which is biometrically signed to our standards.

When I guaranteed Internet payments in 2001 the security people expected our rapid demise however that business (Worldpay) still exists today. If you don’t try, you don’t learn, and it's dead easy to think of reasons to wait, however, if you innovate you learn, and  whilst it is not all good news, a lot often is! 

Thanks for your comment Andrew.

The guarantee on the fraudulent transaction is 100%. If it's a business they are completely protected against fraud, and we know the identity of the account holder through appropriate know your customer procedures which we are required to perform as a Regulated Financial Services company.

This was an accident waiting to happen. It is bizarre that only one US processor to my knowledge Heartland, has introduced encryption at the POS level to prevent this type of occurrence.

Ironically I patented a POS device that included a GPS chip so that geo location could be used as part of the transaction authorisation process, so transaction could only occur from approved locations in 2000. There is always a trade off between hardware cost and functionality, and the ability to open a retailers wallet to pay for additional features, but with the Heartland system also resolving retailer PCI issues, there may be a change already happening, which this incident may accidentally accelerate.

Thank you all for the contributions and debate is exactly what is required.

Of course nothing is 100% secure, and some systems today meet certain demands, however all these systems have failings in one way or another. In biometrics much has been played about false accept and false reject ratios and to be honest many system vendors, and this is not only in the biometrics world, pass acceptance and failure tolerances to their customer. I believe that voice biometrics does meet significantly many of the issues that other systems face, mobility is clearly a winner, and by combining as we do voice biometrics with say e-commerce we create out of band authentication, which is adds substantially to the security and authentication process.

At the end of the day today we have relatively little choice about how we secure our financial instruments or identity, and tomorrow that will change. Not because we say so but in a recent Harris Poll, changes are being demanded by consumers. Voice Biometrics can and will enable consumers and business to chose how they are authenticated, and this will be an evolutionary process, and perhaps will be widely available sooner than you expect.

Hi Stephen, thanks for your comment. To answer your questions, it’s necessary to stress that we are talking about voice verification using biometrics and not voice recognition, so the system is distinguishing who is speaking rather than what is being said.  In terms of mimicry, impressionist Rory Bremner tried and failed to fool it in a three-hour test session that was conducted in 2007. In a similar way to how fingerprint matching and blood DNA works, voice biometrics are trained to a particular user based on their unique voice biometrics so it’s level of security speaks for itself.

In regards to whether people are going to feel comfortable using voice controlled phone banking in the workplace shouldn’t present an issue since they will only be required to say authentication phrases such as ‘voice signature’ or ‘Stephen Wilson’ to verify themselves. They won’t ever be asked ‘expose’ personal information out loud as this will all ready be stored in the trust centre.

Thanks for your feedback Nick. Indeed, what you thought was going to happen 10 years ago with the evolution of the two technologies is happening now, and with additional capabilities.

Voice signatures are not only used for payments in our view, but also as identification and verification tokens. Our Voice Transact network is currently in the process of adding national Trust Centres to enable consumers to manage and control their own identity, security and payment verification with a number of businesses they chose to do business with. As technology evolves and we see the growing shift towards online and mobile, security and identity fraud is a significant issue. As a result, consumers not only require but are now demanding the right to control how, when and for what reason their personal financial data is used.

Stephens’s comments are very interesting and to be clear as I said at the meeting no biometric system, including DNA and fingerprints have been tested on everyone, but the probability is that they are unique. All biometric systems have their own individual challenges as well, and for those who heard me talking on Tuesday morning and didn't on Tuesday night laryngitis is a serious software bug for voice biometric systems!

We have developed a highly complex system and have gone through all the challenges of false accept and false reject to get to a system that will give us a 99.6% FTA (first time authorisation). Our platform uses what we call a "voice signature" which is a complex device that uses voice biometrics as part of its overall score to then approve or decline a transaction. We probably, like Stephen, have gone through discussions with various " voice biometric software vendors" who as opposed to delivering a system that works, attempt to pass the buck onto the customer to set FAR's and EER's and FRR, and any other acronym that their marketing department happens to have invented at the time, to try and make their software sound more complex.  Our biometric verification core, which is developed on the Nuance platform who we have a very close development and working relationship and this platform is working 24x7x365 within 300 organisations, today.  Some of the issues that Stephen raises are also the reasons behind why last year, Voice Commerce Group, started to establish a framework for global interoperability on voice signatures within financial services, and why we are members of PCI.   

In 2001 whilst CEO at WorldPay I convinced my Board that we should guarantee Internet payments, which we did, and this protection is still in place today. Today with Voicepay and our voice signature system we are again using our own systems for our own payment processing services and we guarantee our transactions against repudiation. Over the next few years no doubt we will create improvements and refinements to our systems, and also why we have 2 R+D teams working 6 days a week on our future technologies.

Sometimes if you don’t do, you can’t learn, and every day we learn. By having the advantage of our own global customer base from which to draw experience, and from the fact that we know the solution works, we trust it and the fact that we underwrite it financially gives us a lead, and if we find from that real experience that some changes are required, we will be the first make them.