Voice Authentication for Fraud Prevention in Contact Center Environments
Voice authentication is rapidly becoming the preferred method of verification in contact centers to balance member experience and fraud prevention. According to research from Aite Novarica, over 60% of fraud losses from account takeovers involve the call center (as fraudsters often talk to an agent when attempting to change passwords or contact information). It’s not surprising that banks and credit unions are turning to more advanced authentication methods to help secure accounts. In fact, financial institutions are at the forefront of adoption for voice biometrics as they seek stronger protection methods.
Voice Authentication Is Replacing Knowledge Based Authentication (KBA)
Identity verification methods fall into one of three categories:
What You Know
(Things others shouldn’t know or be able to guess)
- Out of wallet questions
- Recent transactions
- Personal pins
What You Have
(Something that should only be in your possession)
- One-time passcodes
- Mobile apps
Who You Are
(Your unchangeable attributes/unique characteristics)
- Voice biometrics
- Face biometrics
- Fingerprint biometrics
Some Caller Authentication Methods Are Highly Vulnerable
KBA falls into the “What You Know” category. Unfortunately, this is the type of identity authentication that is easiest to defeat. Data breaches have become so common that virtually no one is immune from having their personal information bought and sold on the dark web. According to Security Magazine, in 2021 alone there were 4,145 publicly disclosed breaches that exposed over 22 billion records. And 2020set an all-time high of 37.2 billion records exposed.
Stolen information is readily acquired by fraudsters. According to Flashpoint, individual digital profile and financial info can be purchased for as little as $4 each. What can’t be bought is just as likely to be available for free by consumers revealing far too much personal information on their social media accounts. Gartner analysts have found that a well-prepared fraudster has about a 60% chance of getting all the answers right when challenged with knowledge based authentication. Identity thieves can also spoof caller IDs or even intercept a one-time passcode even without a caller’s physical device in hand. This makes it frighteningly easy to make it past common layers of technological authentication in the contact center.
Older Caller Authentication Methods Create Unwanted Friction and Expense
According to Gartner research, for customers or members calling their financial institution, about 25% of every interaction with a live agent is spent on authentication. It’s not surprising that callers are dissatisfied with time consuming Q&A style “out of wallet” authentication. If they forget an answer to a security question that requires them to remember a detail (such as the model of car they bought 20 years ago), legitimate callers may not even be able to access their own account. Being grilled with personal questions is an experience that can feel both frustrating and disconcerting.
A bad experience for a bank customer or credit union member has an impact that may not be easy to define in dollars and cents. However, the time agents across the U.S. spend annually on KBA can be calculated. On average, it takes about 90 seconds to verify a caller using security questions. But it can take several minutes for sensitive transactions. Time is money on every call, and the annual operating expense of $12 billion a year across the U.S. alone is a steep price to pay for a security process that frustrates consumers while still leaving their accounts vulnerable to fraud.
Active vs. Passive Authentication for Financial Institution Call Centers
Active authentication includes any method that prompts customers and members to take specific actions to verify themselves. This could include answering personal questions or interacting with a mobile app or device. Even voice recognition technology can be deployed in an active manner by requiring a member or customer to speak a specific password or passphrase to set up their initial voiceprint and subsequently verify their identity on each call. Unfortunately, any form of active authentication tends to add friction to the process and reduce adoption.
In contrast, passive voice biometrics allows authentication to happen in the background without disrupting or delaying the agent’s ability to address the caller’s service request. Caller ID is one example. Passive voice verification that occurs during natural speech in the course of conversation is another. Identity verification can happen in the background while the agent and caller are exchanging greetings or when the caller speaks their ID or account number. Passive authentication occurs in real time, eliminates friction in contact center interactions, and has very high adoption rates. Illuma’s credit union clients are reporting over 95% adoption rates for our voice authentication solution.
Voice Verification Is the Strongest Form of Authentication for Call Center Interactions
Because an individual’s unique vocal patterns can’t be faked or stolen, voice recognition is a powerful call center fraud prevention technology. By using voice biometrics software to create a unique voiceprint, modern platforms have the ability to match callers with their stored identity with a very high degree of certainty.
Adding in the unique characteristics of the caller’s device to create a unique AudioPrint™ further increases security through multi-factor authentication. Artificial Intelligence and Machine Learning come into play in creating these unique biometric prints and refining the accuracy of matches even more over time.
Why Voice Biometrics instead of Fingerprints or Facial Recognition?
As a method that can be deployed via traditional call center telephony systems and online, voice makes more sense than other popular biometric authentication methods.
“While many other biometric technologies like fingerprint and retina scanning are relatively popular and equally secure, Voice Biometrics remains the only practical means of authenticating any user over a remote channel e.g. a phone or PC. This factor has led to the rapid growth of real-time voice recognition-based biometric solutions.” – Mordor Intelligence
Deeper Dive: See answers to FAQs about Voice Biometrics.
Passive Voice Authentication Improves Operational Efficiency and Customer Experience
The average hold time to talk to an agent in a call center is 17 minutes. However, the average amount of time consumers are willing to wait on hold is 6 minutes. By eliminating active authentication such as security Q&A, the verification process with Illuma Shield™ can be cut from 90+ seconds down to less than 15 seconds. Freeing agents to serve members or customers more efficiently helps improve satisfaction for the current caller, and for those waiting in line.
If they have to call repeatedly to speak to a live agent and face the frustration of long hold times, it’s no wonder they complain. Unfortunately, only 33% of consumers post a nice review after a positive interaction, whereas 42% post a poor review after a dissatisfactory interaction. Passive voice authentication helps improve average handle and hold times, reduce abandon rates, and improve the quality of interactions on every call. Customer or member experience gets a boost as a result. Voice authentication can even be used in the IVR to create a more seamless experience while serving callers that would otherwise have to wait on hold for a live agent.
“By skipping the gauntlet of security questions, callers also feel that they are being recognized just as they might be in their local branch. For credit unions and community banks that pride themselves on the personal touch, this is a way to replicate a warm experience in the contact center.” – Milind Borkar, Founder & CEO of Illuma Labs
Questions to Ask When Selecting a Passive Voice Authentication Solution
Voice biometrics solutions targeting large banks can cost over a million dollars and take months to deploy. These platforms are out of reach for most credit unions and community banks. Fortunately, voice authentication software is available that is specifically designed to deliver value to smaller financial institutions with no tradeoff between quality and price. When considering the options that are within budget, here are some key selection criteria to review.
- Is it easy to enroll in the system and do consumers feel good about it?
If members or customers must dial a specific number, go through a particular IVR, or repeat a preselected phrase several times, this adds to the friction of enrollment. Low enrollment reduces ROI on the system and tarnishes the overall caller experience. Consumers who are participating in voice authentication must feel good about the solution. This means it needs to be easy for call center agents to explain, easy for callers to enroll in, and seamless to use on subsequent calls. Naturally, the system must work in real time to make sense in a dynamic contact center environment.
- How easy is it for contact center agents to use during every call?
Agents are typically dealing with complicated telephone and software systems. Having to switch between screens or take multiple steps to verify a caller’s identity adds unnecessary complexity to the workflow. A system that generates value for contact center agents is one that reduces steps, saves time, and allows them to resolve customer service requests faster with less frustration.
- Can the system be fine tuned for accuracy?
There are two kinds of false results that can occur with even the most sophisticated biometric verification system. With false negatives, legitimate callers can’t be matched to their voiceprint and have to be taken through other authentication processes (such as the old-fashioned security Q&A) in an attempt to verify their identity. These may occur when the threshold for a match is set too high. False positives (that could allow fraudsters through) are caused by setting the threshold too low. The solution you select should be tunable for the ideal balance between convenience and security, keeping both false positives and false negatives very low.
- Is consumer information kept truly secure?
Voice verification systems that reside on-premise are highly secure but very costly in terms of up front investment and ongoing management. Cloud is convenient, more affordable, and easier to deploy and maintain. However, it can be less secure IF the phone call and the voice of the member leave the network to go to the cloud.
For credit unions and community banks that have maintained on-premise telephony systems to safeguard customer and member data, capturing a callers’ voiceprint and verifying it should never involve the call itself leaving the contact center. Only the voiceprint itself should go to the cloud to be matched to the previously enrolled sample. The sample should be encrypted and converted into a proprietary irreversible format that makes it useless in the hands of a fraudster. A customer’s voiceprint should never be stored in pure audio format since a data breach could result in this unique biometric signature being stolen and used for nefarious purposes.
- What is the effort for integration?
This includes people, time, and money that must be dedicated to a successful launch. Voice authentication solutions used by mega telcos or big banks may require a sizable team of system engineers and other experts to integrate, configure, and troubleshoot the deployment. Right-sized solutions for smaller financial institutions should take into account that these resources are scarce. Deployment should take weeks, not months, and be fully supported by the software vendor without placing excessive burden on internal IT resources.
- Does it conform to regulatory requirements in the state or states in which your organization operates?
Privacy laws and regulations vary widely from one state to the next. This includes how personal information such as voice biometrics is gathered, stored, and managed. These rules may govern notices and disclosure, retention limits for voiceprints, rules for obtaining member consent, breach notification requirements, and more. The FinTech solution you choose should support compliance.
Voice Authentication Supports Digital Transformation
For credit unions and banks, voice verification provides a way to move call center digital transformation forward while capturing gains across multiple fronts.
- Seamless verification process augments the brand’s reputation for taking tangible action to improve customer and member experience during every contact center conversation.
- Enhanced fraud prevention shields account holders against the increasing threat from fraudsters who use social engineering and data breaches to compromise accounts.
- Reduced operating costs with shorter handle times allow agents to serve more callers and make the most of available resources.
With more and more consumers embracing the use of biometrics in everything from smartphones to wearables, they will soon come to expect it from their banks and credit unions. Financial institutions that adopt voice authentication now have a unique opportunity to lead their industry in what will soon become the standard for convenience and security across the financial services sector and beyond.
For more information on selecting and implementing the right voice verification technology for your call center, contact us today.
Voice biometric recognition works by inputting the the voice of the individual whose identity has to be stored in the system. This input is kept as a print for authentication. The input print is made with software that can split the voice statement into multiple frequencies.Is voice verification secure? ›
Is voice recognition secure? Yes, voice recognition is secure, especially when compared to classic logins that require a username and password. Similar to other biometrics, voice recognition is more secure because a person must interact with a login rather than simply enter a code.What is a voice authentication? ›
Voice authentication is a form of identifying someone based on unique biometric characteristics - in this case, their voice. A voice is unique as a fingerprint and consists of a combination of characteristics such as dialect, pitch and speed.What is the voice Security? ›
Voice authentication is a type of security authentication that relies on a person's unique voice patterns for identification in order to gain access.How accurate is voice identification? ›
“However, despite the harsh circumstances, NEC's voice recognition system was able to uphold an accuracy rate of approximately 95%. As the baseline system accuracy rate set by NIST was at approximately 89%, the error rate was recorded at lower than half than that of the baseline system.What are the 3 methods of authentication? ›
The three authentication factors are: Knowledge Factor – something you know, e.g., password. Possession Factor – something you have, e.g., mobile phone. Inherence Factor – something you are, e.g., fingerprint.Can a scammer use your voice? ›
There's no way for a scammer to use a recording of your voice to do any serious damage, according to researchers at snopes.com. It's more likely that the scammer will try to intimidate you into paying by claiming that the voice recording is authorization of charges.Can someone steal my identity with my voice? ›
Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Usually, voice phishing attacks are conducted using automated text-to-speech systems that direct a victim to call a number controlled by the attacker, however some use live callers.How do you implement voice authentication? ›
There are two main approaches to voice authentication: Text independent: Voice authentication is performed using any spoken passphrase or other speech content. Text-dependent: The same passphrases are used in enrollment and for verification.Why is authentication important in a call center? ›
When it comes to a call-center environment, utilizing dynamic KBA – knowledge-based authentication is an effective way to verify a customer is who they say they are without putting your business or your customer's privacy at risk.
Four-factor authentication (4FA) is the use of four types of identity-confirming credentials, typically categorized as knowledge, possession, inherence and location factors.What are 3 uses for voice recognition software? ›
- Teachers. ...
- Authors & Writers. ...
- Security Personnel. ...
- Medical Professionals. ...
- Customer Service Representatives. ...
- Legal Professionals. ...
- General Users.
Voice Control This technique is used to intercept inappropriate behavior as it begins. The dentist alters voice tone and volume to interject more authority.How does the voice steal work? ›
Coaches have a one-time opportunity to use their "steal" button for a singer who loses during the battle round — giving the contestant a second chance in the competition. Coaches can save one team member, too.Can you trick voice recognition? ›
While technically it is possible to fool voice biometrics, it continues to be among the most secure authentication systems today, especially when used alongside other authentication mechanisms like OTPs or knowledge-based authentication.Why is voice recognition not accurate? ›
Poor speech recognition performance frustrates consumers. ASR systems are not accurately processing and understanding human speech due to background noise, multiple people talking, signal disruption, and distance.Can voice biometrics be beaten? ›
While voice biometrics is a reliable form of authentication, it is not foolproof. Like any other type of security, there are ways to bypass it. For example, if someone were to record your voiceprints, they could then use these recordings to access any accounts protected by voice authentication.What authentication method is best? ›
- One-Time Password (OTP) An OTP and its sibling, time-based one-time passwords (TOTP), are unique temporary passwords. ...
- Biometrics Authentication. If there's one thing that you always have with you, it's your body. ...
- Continuous Authentication. ...
- The Three Factors of Authentication.
- The challenge of accuracy. The accuracy of a speech recognition system (SRS) needs to be high if it is to create any value. ...
- The challenge of language, accent, dialect coverage. ...
- The challenge of security and privacy. ...
- The challenge of cost and deployment.
Voice data stored in the cloud poses risks where hackers can gain access, or the voice technology companies themselves may misuse it. Once cybercriminals gain access to stored data on a device or cloud system, they can access recorded conversations and sensitive information.
It is far easier for a human to decode words and turn it into meaning, than it is for voice recognition software to do so. The software's limitation of understanding the contextual relation of words, may cause disruption to any given task assigned to the software along the way.Can hackers hear your voice? ›
Hacking with Inaudible Voice
Neural Networks can 'listen' and process sound waves that are inaudible to humans. This means that hackers can potentially control your voice-activated assistants by playing your voice at an inaudible frequency.
- Hang up if a caller asks you to hit a button to stop receiving calls. ...
- If you answer a call that is questionable, record the number and add that to your FCC complaint.
- Ask your telephone service provider if it has a robocall blocking service.
- Tries to gain trust. An online scam will often try to gain your trust in some way. ...
- Emotional. ...
- Asks for action. ...
- Unexpected contact. ...
- Asks for personal info. ...
- Overpays you. ...
- Promises something. ...
- Wire transfer request.
When you hear your voice on a recording, you're only hearing sounds transmitted via air conduction. Since you're missing the part of the sound that comes from bone conduction within the head, your voice sounds different to you on a recording.Can someone steal my identity with my name address and phone number? ›
Commit Identity Theft
Once identity thieves know your name, address and date of birth, they can plug this information into an online database on the Dark Web, enabling them to steal more data, such as your: Social Security number. Credit card numbers. Home phone number.
Criminals seeking to perpetrate fraud over the telephone have been known to use TTY services (which are intended to help deaf people communicate by phone) to disguise their voice.What is the easiest way to achieve authentication? ›
- Passwords. One of the most widespread and well-known methods of authentication are passwords. ...
- Two-Factor Authentication. ...
- Captcha Test. ...
- Biometric Authentication. ...
- Authentication and Machine Learning. ...
- Public and Private Key-pairs. ...
- The Bottom Line.
The five main authentication factor categories are knowledge factors, possession factors, inherence factors, location factors, and behavior factors.Which is the main purpose of authentication? ›
Authentication is used by a server when the server needs to know exactly who is accessing their information or site. Authentication is used by a client when the client needs to know that the server is system it claims to be. In authentication, the user or computer has to prove its identity to the server or client.
Authenticating a user with a user ID and a password is usually considered the most basic type of authentication, and it depends on the user knowing two pieces of information -- the user ID or username, and the password. Since this type of authentication relies on just one authentication factor, it is a type of SFA.What is basic authentication example? ›
Basic authentication is easy to define. In the global securityDefinitions section, add an entry with type: basic and an arbitrary name (in this example - basicAuth). Then, apply security to the whole API or specific operations by using the security section.What is the most common form of authentication? ›
In the enterprise, passwords remain the most common digital authentication method. User or devices typically have their own username that is not secret. This username is combined with a unique and secret password known only by the users or devices to access company data, applications and services.Which is best voice recognition? ›
- Apple Dictation for a free app for Apple devices.
- Windows 10 Speech Recognition for a free app for Windows users.
- Dragon by Nuance for a customizable dictation app.
- Google Docs voice typing for dictating in Google Docs.
- Gboard for a free mobile dictation app.
- SpeechTexter for occasional use.
Examples of Voice Recognition in Use
Hands-free Calling: Making hands-free calls to specific people in a contact list is another example of voice recognition. Voice Biometrics: User verification is another example of voice recognition in use.
- Public Speakers. Having a good speaking voice is one of the biggest skills someone can have in today's business world. ...
- Automobile Safety. ...
- Handicap Usage. ...
- Posture Control.
- Resonance. ...
- Relaxation. ...
- Rhythm. ...
- Hydrate. We all need it, some more than others. ...
- Breathe. The breath is an important part of speaking. ...
- Stretch. Regularly stretching your voice with some basic exercises will keep your voice strong and in good condition. ...
- Lip Trill. ...
- Open your device's Settings app .
- Tap Accessibility, then tap Voice Access.
- Tap Use Voice Access.
- Start Voice Access in one of these ways: ...
- Say a command, such as "Open Gmail." Learn more Voice Access commands.
After the vocal battle, the coach must choose which of his/her singers will advance to the next round of competition, while the losing artist is available to be stolen by another coach. Each coach has two steals during the battle rounds.
The show's format features five stages of competition: producers' auditions, blind auditions, battle rounds, knockouts (since 2012), and live performance shows.Is The Voice pre recorded? ›
Based on the reaction of the studio audiences, the performances on The Voice are live.What type of authentication factor is voice recognition? ›
Voice recognition is considered a type three MFA, or “something you are.” This includes any part of the human body that can be offered for verification, such as palm scanning, facial recognition, or retina and iris scans. MFA is much more difficult for an intruder to overcome.How does phone call authentication work? ›
The following devices support using phone callback to verify your identity:
- Mobile phone.
In authentication, the user or computer has to prove its identity to the server or client. Usually, authentication by a server entails the use of a user name and password. Other ways to authenticate can be through cards, retina scans, voice recognition, and fingerprints.How does face authentication work? ›
It works by identifying and measuring facial features in an image. Facial recognition can identify human faces in images or videos, determine if the face in two images belongs to the same person, or search for a face among a large collection of existing images.What is authentication in call center? ›
WHAT IS CALLER AUTHENTICATION? Caller authentication is the process of verifying the identity of persons via the phone channel. From email to bank logins, many companies have employed tools like two-factor verification to make their services more secure.How do you authenticate a customer? ›
Therefore, online authentication often requires two steps. First, verify that the name and other personal details submitted in a given transaction correspond to a genuine identity. Second, verify that the person online is in fact the genuine person asserted.What is authentication short answer? ›
Authentication is the process of determining whether someone or something is, in fact, who or what it says it is. Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server.What is the first step of an authentication process? ›
Authentication may vary from system to system, but everybody needs some tangible steps to make it most secure. There are two main steps in authentication: first is the identification, and the second is the central authentication. In the first step, the actual user's identity is provided in user ID and validation.
In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report. Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks.What type of authentication is facial recognition? ›
It is a method of biometric identification that uses that body measures, in this case, face and head, to verify the identity of a person through its facial biometric pattern and data.How accurate is facial verification? ›
According to the report, when utilised in this manner, face recognition algorithms can achieve accuracy ratings of up to 99.97 percent on the Facial Recognition Vendor Test conducted by the National Institute of Standards and Technology. However, accuracy rates are typically lower in the real world.