A bank has just introduced a novel form of biometrics for initiating payments in its mobile app. It’s using voice instead of the usual passcodes to authenticate users.
Netherlands-based bank ING, who says it already has 100,000 customers using voice control to check bank balances, is now letting customers initiate payments too.
The system uses voice biometrics which authenticates customers through natural voice patterns, rather than PINs, passwords and questions.
The sound of the customer’s voice authenticates the log in and is used to confirm the transfer.
It’s one more example of password progress. I wrote about emoji as passwords recently in “Emoji passcodes are easier and more secure.”
The bank’s voice system is supplied by Burlington, MA-headquartered Nuance, who explains on its website that the “customer’s voice is analyzed for hundreds of unique characteristics that are then compared to a voiceprint on file.”
Advantages over knowledge-based authentication is that security through voice biometrics provides 80 percent faster authentication than those knowledge-based methods. Plus, authentication, with Nuance’s product occurs in five seconds, Nuance says.
Knowledge-based authentication consists of PINs and passwords combined with security questions.
Nuance has two security products in this sphere. One of Nuance’s products, called FreeSpeech verifies the caller during the course of a natural conversation.
The other, VocalPassword, verifies the speaker by comparing a passphrase to a voiceprint. It says it can do it in any language, with any accent, and with any call quality.
Voiceprints are needed for sign-up. In the case of VocalPassword the customer creates a voiceprint by repeating a passphrase three times.
When verifying the user, the spoken passphrase is compared to the stored voiceprint. At the same time, the user’s spoken passphrase is compared to a blacklist of known scammers’ voiceprints.
‘Immune to fraud’
Nuance reckons its system is better than a PIN, which it says can be subject to cracking with “brute force.”
“The four-digit PIN is the weakest credential,” Nuance says.
FreeSpeech is in the same vain. It verifies the caller’s identity using natural conversation. What’s said isn’t important.
Nuance says that the advantage to this is that in a call center environment, for example, the customer can get to any agent straight away, without having to enter security details.
It says this saves money for the client by shortening the call length and leads to “more loyal customers.”
Nuance says that its systems are more secure than knowledge-based ones because they can't be compromised like older methods.
In some cases “passwords and security questions can be successfully answered with simple web searches of the account holder,” it says.
Voice biometrics in comparison can’t be guessed that way. This is partly because the company stores the voiceprints as indecipherable hashed strings of numbers and characters.
There’s another advantage of voice over PINs too, in that each time a cheat tries to dupe the system with fake biometrics, or a call to a call center, the biometrics database is added to—with the bad guy’s voiceprint.
That can be used to keep them out of the system, Nuance says.
This article is published as part of the IDG Contributor Network. Want to Join?