IoT brings great opportunities for both customer service improvements and data breaches. Organizations must find the balance between being secure and layered systems that users often find time-consuming and cumbersome. Voice biometrics is emerging as one approach that may resolve security worries without overloading users with complexities -- and some telecommunications service providers are listening up.
This year, for example, British operator TalkTalk unveiled voice biometric feature TalkSafe. "[It's] a simple, secure service" that allows users to confirm their identities via a simple phrase, allowing customer service to more rapidly assist callers, says Tristia Harrison, TalkTalk's consumer managing director, in a statement. (See: Google Cloud Speech API: A Step Forward for Voice Activation.)
Voice biometrics offer a convenient alternative for identification verification to a slew of questions, passwords or PINs. With these solutions, service providers increase customer efficiency and reduce frustration associated with knowledge-based authentication, like forgetting which user name and password goes with which sign-on or running through three different security questions to prove you are the authorized user. Many devices are now designed to respond to voice, and even the most basic tablet includes a microphone, so voice activation is already built into systems.
Cloud provides greater efficiencies for voice security since it allows organizations "to leverage data and security resources that can be shared across multiple companies," finds Opus Research's "Best Practices for Voice Biometrics in the Enterprise."
How to set up voice biometrics
There are two approaches to setting up voice biometric identification. The first is a specific passphrase. "My voice is my password," is what Nuance showcases. A phrase should be longer -- five seconds is the minimum length for "high confidence," Opus Research says. The report suggests a longer version -- something like "At [your business name here], my voice is my password" -- which is the approach TalkTalk uses in TalkSafe.
Operators Amplify the Power of Voice
Service providers use voice biometrics solutions that ask customers to recite pre-selected phrases to access phones and data.
Service providers should consider customers' feelings about using phrases with the operator's name. Some may object to using the name in a commercial way, especially if they're calling with a problem. To counter that, people may add numbers to the passphrase, though it is not a good idea to use their account numbers or other confidential information.
Alternately, service providers can establish text-independent voice authentication. This eliminates the need to get a recording of a set phrase, but it does require more recorded speech to work with. That's because the voiceprint is established on the basis of "capturing and distilling over 20 seconds of continuous speech," Opus writes. Once in place, it can be held as the standard and identify an attempted impersonation within ten seconds of speech.
Voiceprints alone are not 100% proof against spoofing. Service providers should not solely rely on voice biometrics for contexts that require greater security, cautions Opus. That doesn't mean employees or customers are back to the days of memorizing various password and PINs or answers to a string of questions, though. It is possible to attain simplicity and security through multi-factor authentication via a single-step authentication process. For best practices, operators can layer additional biometrics like fingerprints or iris scans, as well as passive factor technologies such as device identification.
— Ariella Brown, Freelance Contributor. Special to The New IP