Say goodbye to the password as you know It

Passwords and PINs are more vulnerable than ever before. Proving this point have been a number of recent high profile security breaches, including Twitter, Evernote and most infamously LinkedIn, where 6.5 million user accounts were stolen and placed in the hands of criminals. If these breaches highlight anything, it’s that cyber-attacks are not only increasing in frequency, but also sophistication. And even more importantly, they’ve indicated that while the traditional password and PIN has served organisations well in the past, they are quickly becoming antiquated in today’s world of connected smart devices and even smarter hackers.     

This trend has been reflected in the Deloitte 2013 TMT Predictions report, which marks 2013 as the end of password-only security. The move away from password-only or knowledge-based authentication has brought a greater focus on alternative security measures, with particular attention on voice biometrics. Unlike passwords and PINs, voice biometrics cannot be compromised through hacking. Additionally, it only requires a user’s voice, meaning customers no longer need to remember several password combinations – they simply need to speak a phrase such as ‘my voice is my password’ to gain access to their account easily and securely.

These benefits alongside the decline of passwords have placed greater pressure on organisations to re-evaluate their security. While there are a number of security solutions to consider, the following will argue why voice biometrics will be one of the key methods of authentication in the future, leaving passwords, PINs and security questions in the dust.

The smartphone revolution

The trend away from password or knowledge-based authentication has partly been brought on by the age of the smartphone. As more individuals migrate to mobile experiences, it becomes increasingly apparent that a user name and password system is poorly suited for mobile devices. In fact, recent research conducted by Roy Morgan on behalf of Nuance indicates that the average Australian has up to 20 passwords, and more than 60 percent make mistakes while typing in their password using a mobile phone. Voice biometrics on the other hand, eliminates the need for awkward passwords as the system is able to identify a user based solely on their voice.

But it’s not only the inconvenience of the password on the smartphone that is calling for change. Customers are increasingly using their phones for high-risk transactions, such as banking or shopping. A recent report by eBay and PayPal found that the value of retail purchases on mobile has increased more than 30-fold in the last two years. With so many Australians completing transactions and carrying increased amounts of sensitive information on their smart devices, the need for a more secure authentication process that is better suited to the smartphone has become paramount.

Organisations are finding that voice biometrics helps address these challenges because it is inherently more secure. A person’s voiceprint is unique, much like a person’s fingerprint. Someone can’t guess your voice, whereas fraudsters can guess a password or PIN. Highlighting this point is a recent report

Organisations are finding that voice biometrics helps address these challenges because it is inherently more secure. A person’s voiceprint is unique, much like a person’s fingerprint. Someone can’t guess your voice, whereas fraudsters can guess a password or PIN. Highlighting this point is a recent report on the top 10,000 passwords, which indicates that close to 8.5 per cent of customers use the passwords ‘password’ or ‘123456’. While a separate study showed that 10.7 per cent of four digit PINs are “1234”. With voice biometrics, customers can avoid using passwords all together, ensuring a simpler and more secure authentication process.

The rise of fraud within the call centre

Another trend drawing attention to the limitations of password and knowledge based authentication is the rise of fraud in the call centre. Typically, call centres use either PIN credentials or knowledge questions to verify a caller’s identity. In the case of knowledge questions, an agent will ask for information such as the caller’s address, phone number, birth date or mother’s maiden name. If the caller answers correctly, the agent will consider the caller’s identity valid.

However, the vulnerabilities of such systems include database hacking, internet searches for personal information and social engineering. The last of which, social engineering, is where a fraudster uses tricks and psychological manipulation in order to gain sensitive information from a customer service agent. Call centres are particularly vulnerable to this type of attack because, instead of being rewarded for preventing fraud, call centre agents are encouraged to minimise Average Hold Time and deliver a quick and easy customer experience.

As of 2011, about 67 per cent of social engineering attempts at Australian bank call centres were successful. This is because call centre agents often lack the training and incentives to detect social engineering attempts. Additionally, organisations that have required agents to comply with stringent security procedures often see disastrous impacts on customer care. As such, organisations tend to implement security procedures that impose the minimum amount of inconvenience to the caller. However, this creates an important security vulnerability that fraudsters can leverage with increasing frequency.

A benefit of voice biometrics is that voiceprints can be verified quickly during a call to confirm identity and let the caller complete their enquiry or transaction. However, the same technology will also flag if the voice and voiceprint do not match, keeping fraudsters out and ensuring security for customers.  

An improved customer experience

The final key factor influencing this trend is the use of voice biometrics not just for security, but also to provide improved and more personalised experiences for the customer. With voice biometrics, customers no longer need to answer intrusive security questions or remember passwords in order to verify their identity. By simply speaking with an agent, a customer’s voice is verified, making the authentication process quick, secure and transparent. This starts the conversation with the customer off on the right foot, with a conversation, as opposed to an interrogation.

Additionally, with the ability to easily and efficiently verify a customer, businesses can create personal experiences through the call centre, mobile apps and even the customer’s own personal devices. Picture a Siri-style customer service app that is able to recognise you by your voice and instantly. 

Michael Steinmann is the director of regional technology at Nuance.