Brian Martin, Regional Director – U.K. & Ireland – Spitch
Fraud is one of the most common and fastest-growing crimes in the UK. In fact, research estimates that there are around 500 incidents of identity fraud every day. The banking and finance sectors are especially vulnerable to this threat. Whether it’s a conversation about telephone banking or a retail query, almost every conversation is full of security gaps and weaknesses – and hackers are always ready to jump on an opportunity to defraud a consumer and defame a business.
A simple look at the major hacks of the last few years quickly highlights the financial sector’s vulnerability. From a supermarket bank’s 2016 breach which saw attackers withdraw money from 20,000 of its customer accounts, to a major high street bank’s denial of service of attack in 2017 – it’s clear that there’s a lot more to be done when it comes to staying cyber secure in finance.
Historically, these weaknesses have not been difficult to find. Criminals often favour phone fraud because voice is one of the easiest channels to hack. Through sophisticated social engineering methods, they can manipulate operators to allow them access to customer information or make transactions from a third party’s account.
And because protection for so many consumer-facing services is only a password, as soon as any fraudster figures out what a customer’s might be (often gleaned from a few publicly available pieces of personal information), they have unfettered access.
As hackers develop more advanced means of committing phone fraud, organisations in every industry must step up their security measures to mitigate the risks. With voice biometrics, such as automated speech recognition, providing a compelling means by which to protect customers, must be a part of the future fraud fight.
How voice biometrics keeps the bad guys out
Innovative, future-ready technologies such as voice biometrics systems are already being used by numerous industries across many verticals, in order to eliminate the need for customers to remember passwords when talking to businesses over the phone. They work by taking a recording of live speech, then creating a digital voiceprint that contains all the identifying features of a voice and storing that on a secure system. From that point on, whenever the customer speaks to the business on the phone their voice is analysed against the digital voiceprint – either passively (as in, while the conversation is ongoing) or actively (as in, having to repeat a stock phrase before continuing). Thereby negating the need for a password.
This aspect is what makes voice biometrics such a secure verification method. The system will run a comparison between the customer’s voice and the digital voiceprint based on numerous parameters making the solution near impossible to hack. And it’s not the case that a fraudster could do a good impression of the customer and gain access – the analysis is deep enough to confirm that a caller really is who they say they are.
At the same time, voice biometrics can be used against the attackers themselves. If a fraudster is detected trying to gain access to customer accounts, call recordings can be used to create a voice profile of them on the system. An organisation can thus create a database of known fraudsters and use the biometrics system to analyse all callers against that database.
The result is that anyone who has ever been caught committing fraud, successfully or unsuccessfully, will forever be locked out of the system. No matter when they call up or whichever name they use, the system will detect their voice and automatically flag the call to the operator, who can then take appropriate action.
Voice biometrics in the future
As a method of detecting and deterring fraud, voice biometrics is an incredibly compelling solution for numerous industries. Retailers could use voice verification to ensure only customers can make transactions, even if card details are saved on the account. Healthcare organisations could use it so that only patients can access their records or receive test results. And, if used as part of automated self-service systems, voice biometrics can offer a service that’s more convenient for the end user and inherently secure.
Voice biometrics is also something that will deliver greater benefits as the technology develops and more sophisticated capabilities will come into play. The ability to detect stress, tiredness, unhappiness or a range of emotions in someone’s voice already exists. Going forward, these kinds of innovations will evolve to make the system increasingly helpful to vulnerable businesses.
It’s also not long before voice biometric data becomes heavily utilised in legal proceedings. Digital voiceprints could become a reliable way of proving the identity of phone fraudsters, for example. Similarly, the metadata collected by voice biometrics systems (time, date, location, device) could be used anywhere from courtrooms to benefits claims departments, eventually deterring hackers from engaging in voice fraud in the first place.
It’s important to remember that the right tool should be able to exist, cooperate with and enhance current processes. It should make life easier, and not add further layers of complexity to the security back-end. Nor become another node through which data can escape.
Above all, it’s vital that banks recognise that modern threats need modern responses. The traditional idea of a bank as a safe house needs updating – biometrics must be a part of that work.