Wednesday, March 31, 2010
• The enrollment process is voluntary and takes approximately three minutes
• Customer is prompted to repeat a series of words
• This process creates the client’s “base” voiceprint and stores it in the database for future use
• Customer calls NAB and is prompted to say their account number and date of birth
• This process creates the customer’s “sample” voiceprint which is then compared to their “base” voiceprint in the database
• If the voiceprints match, the customer’s identity is verified
Speech Security was initially rolled-out to 3.3 million NAB customers.
Friday, March 26, 2010
A 2009 Speech Technology article, by Judith Markowitz, described the enrollment and verification processes as follows:
• During the online registration process, the student provides their phone number
• An automated outbound call is made to the student and they are prompted to repeat six separate five-digit phrases (i.e., “base” voiceprint is captured and stored in the database)
• At key course intervals (e.g., completion of chapter, etc.), an automated outbound call is made to the student and they are prompted to verify their identity by repeating a five-digit phrase (i.e., “sample” voiceprint is captured)
• If the “sample” voiceprint matches the “base” voiceprint, the student’s identity is verified and they are permitted to advance to the next phase of the course
Since 2008, I DRIVE SAFELY has enrolled over 60,000 voice prints and completed over 300,000 verifications.
Thursday, March 25, 2010
Judith Markowitz began the session with a review of voice biometrics basics. According to her, organizations deploy voice biometrics to:
• Combat identity theft and other fraud
• Protect personal data - privacy
• Comply with regulations
• Enhance convenience and simplify the authentication process
Judith also mentioned that voice biometrics has been deployed in the following sectors: financial services, healthcare, distance learning, telecom, transportation and government.
Chuck Buffum next presented an interesting overview of voice biometrics metrics. He discussed business, solution and technology metrics. Business metrics measure reduced operating expenses, improved customer experience/satisfaction and improved security. Solution metrics include: automated authentication rate, security rate (1 – imposter rate), offer acceptance rate, enrollment success rate, and re-use rate (opposite of opt-out after enrollment). Technology metrics include: false reject, false accept and enrollment success rate.
Chuck also discussed some of the factors that influence voice biometrics performance, including: richness of voice enrollment (i.e., broad and deep phonetic coverage), quality of audio sample (e.g., signal noise ratio) and environmental characteristics (e.g., background noise).
William Morrow stressed the growing rate of identity theft and fraud as a driver for deploying voice biometrics. From 2007 to 2009, there was a 37% increase in the number of victims. He said that the cost of identity fraud in 2009, in the U.S., was $54 billion. William ended by presenting a brief case study about the use of voice biometrics to ensure academic integrity for distance learning company “I DRIVE SAFELY” (IDS).
The final panelist, Paul Heirendt presented an overview of TradeHarbor’s voice biometrics product (VoiceSignatureService(SM)). He also addressed many of the benefits that organizations can realize by deploying voice biometrics.
When the presentations were over, the panelists addressed questions submitted by the participants.
The archived webinar should be available for viewing on Speech Technology’s Website.
Tuesday, March 23, 2010
Bob Nelson, Vice President of Partner Development at TradeHarbor said that the Voice Signature Service(SM) will be deployed to authenticate inbound calls, as well as “online authentication for transactions made from computers and mobile devices based on outbound calls to their wired or mobile phones.”
I am pleased that USAN recognized the value of deploying voice biometrics to secure call center transactions.
Monday, March 22, 2010
Personal Privacy. For some people, the use of biometrics is seen as inherently offensive. Being required to verify one’s identity through a finger-scan or voice-scan can be seen as intrusive, impersonal, or mistrustful. These objections to biometrics are based on personal privacy.
[My two-cents: I’m surprised that IBG considers finger-scans and voice-scans to be equally “intrusive.” Voice-scans can be captured via a telephone or microphone in a natural way – speaking.]
Informational Privacy. A more common objection to biometrics is based on informational privacy; how biometric data might be misused, tracked, linked, and otherwise abused. Potential privacy-invasive misuses of biometrics are as follows:
Unnecessary or unauthorized collection – gathering biometric information without the user’s permission or knowledge, or gathering biometric data without explicitly defined purposes
Unauthorized use – using biometric information for purposes other than those for which it was originally acquired
Unauthorized disclosure – sharing or transmitting biometric information without the user’s explicit permission
Unique identifier – using biometric information to track a user across various databases, to link different identities, and to amalgamate personal data for the purposes of surveillance or social control
Improper storage – storing biometric information in logical proximity to personal data such as name, address, social security number
Improper transmission – transmitting biometric information in logical proximity to personal data such as name, address, social security number
Forensic usage – using biometric information to facilitate investigative searches, which may be categorized as unreasonable search and seizure
Function creep – gradually using biometric data for a variety of purposes beyond its original intention and scope
[My two-cents: With the exception of military and law enforcement applications, I believe it is absolutely critical to provide full-disclosure (e.g., how data will be used, stored, etc.) to people who use a biometrics system.]
Friday, March 19, 2010
A 2004 whitepaper issued by the SANS Institute, provided the following description of the railroad's application:
“Union Pacific moves railcars back and forth across the United States every day. The railcars travel loaded in one direction and empty on the way back. When the loaded railcar arrives, the customer is notified to come pick up the contents. Once emptied, the customer needs to alert Union Pacific to put the railcar back to work. Union Pacific now has an automated system that utilizes voice authentication to allow a customer to release empty railcars. Customers enroll in the voice authentication system over the phone. When they call back to release an empty railcar, the system authenticates them and allows them to release their railcars. In this case, voice authentication has allowed customers to get off the phone faster, and Union Pacific to guarantee that a customer is not releasing a railcar that doesn’t belong to him.”
When a customer called the railroad's IVR, they were given the option to enroll in the system (i.e., provide a “base” voiceprint). Once enrolled, a customer could verify their identity by providing a “sample” voiceprint. If the voiceprints matched, the customer’s empty railcar was released. If the voiceprints did not match, the customer was transferred to a live agent.
Does anyone know if this application is still in use by the Union Pacific Railroad?
Thursday, March 18, 2010
Voice biometrics, on the other hand, can provide robust security and is also a natural fit for smart phones and other mobile devices with a microphone. Let’s see how the technology would work with mobile devices. There are two approaches:
• Embedded – all voice biometrics functionality (enrollment and verification) is self-contained on the mobile device
• Remote – some voice biometrics functionality (e.g., “voiceprint capture”) resides on the mobile device and the remaining functionality lives on a server
Several organizations are actively engaged in developing voice biometrics solutions for the growing mobile device market.
Tuesday, March 16, 2010
According to the article, the biometric door works as follows:
When a resident approaches the door to their building, a facial recognition camera captures a “sample” image, which is then compared to their “base” image in the database. If the images match, the door is unlocked for the resident.
If the facial images don’t match, the resident is prompted to say their name and where they are going. A “sample” voiceprint is captured through this process. If the “sample” voiceprint matches the resident’s “base” voiceprint, the door is unlocked. If there is no match, the resident is subject to further remote verification by central security staffers.
On February 22nd, I wrote about an Israeli company, FST21 Ltd., that is offering a similar technology.
Monday, March 15, 2010
• Something the person knows (e.g., password or PIN)
• Something the person has (e.g., security token, smartcard, cell phone)
• Something the person is (e.g., biometric such as voiceprint)
Combining two or more factors, where one of the factors is a biometric, provides the strongest level of authentication. For example, passwords or PINs can be shared, observed or broken. Smartcards or cell phones can be lost or stolen.
Friday, March 12, 2010
The agent covered a number of topics including: how fraudsters get personal information, how fraudsters use that information, what to do if personal information is stolen and, finally, how to safeguard personal information.
How Fraudsters get Personal Information
According to the Secret Service, some of the methods used by fraudsters to get personal information are:
• Stealing mail (e.g., credit card statements, tax information, etc.)
• Rummaging through trash
• Bribing employees who have access to personal information
• Hacking databases containing personal information
• Stealing personal information from a place of work
• Obtaining a person’s credit report by posing as their landlord, employer, etc.
• Stealing card numbers by capturing data in an electronic “skimming” device
• Stealing wallet or purse
• Breaking into a home to steal personal information
• “Phishing” for personal information via email
How Fraudsters use Personal Information
According to the Secret Service, some of the ways fraudsters use personal information are:
• Call credit card issuers to change victim’s billing address
• Open new credit cards in victim’s name
• Establish new phone service in victim’s name
• Open a bank account in victim’s name and write bad checks
• Counterfeit checks or credit cards in victim’s name
• Authorize electronic transfer of victim’s funds
• File for bankruptcy in victim’s name to avoid debts fraudster incurred using victim’s name
• Taking out a loan in victim’s name
• Seeking employment in victim’s name
• If arrested, giving victim’s name to police
What to do if Personal Information is Stolen
According to the Secret Service, the following four immediate steps should be taken if personal information is stolen:
• Review and place a fraud alert on credit reports
• Close all accounts that may have been tampered with or opened fraudulently
• File a police report
• File a complaint with the Federal Trade Commission
How to Safeguard Personal Information
According to the Secret Service, these are some of the ways to safeguard personal information:
• Setup “strong” passwords for all accounts (e.g., avoid easily available information)
• Secure personal information at home
• Be vigilant when providing personal information on the phone, through email, etc.
• Deposit outgoing mail at post office and remove mail from mailbox promptly
• Shred personal information before placing in trash
• Don’t carry Social Security Card
• Limit amount of identification information and credit/debit cards when going out
• Install virus protection software
• Don’t open files sent by strangers
• Don’t store financial information on laptops
• Delete personal information from computers before disposing
After the presentation, the agent and I spoke about how voice biometrics can help stem the rising tide of U.S. identity theft and fraud. For example, financial institutions could deploy voice biometrics in their call centers. Fraudsters who obtained a victim’s personal information (e.g., mother’s maiden name, date of birth, etc.), would be thwarted when they are prompted to provide a sample voiceprint (which would then be compared to the victim’s base voiceprint). Also, credit card companies could require voice biometrics identity verification, at point of purchase, for certain transactions. These are just some of the ways that voice biometrics could be used to reduce identity theft related crimes.
Wednesday, March 10, 2010
According to PerSay, the primary drivers for Voice Signature were to enhance customer service and improve security. Subscriber benefits include the ability to perform secure self-service transactions such as resetting a blocked mobile device. Enrollment in the Voice Signature application is voluntary.
Vodafone Turkey also benefits by a reduction in call center costs. According to them, thanks to Voice Signature, call durations decreased by about 15%, while customer satisfaction increased 85%.
As a testament to their voice biometrics implementation, Vodafone Turkey won “The Best Technology Solution” award at the “Istanbul Call Center Awards 2009” ceremony.
Tuesday, March 9, 2010
Dr. Rodman’s research, “Joint Frame and Gaussian Selection for Text Independent Speaker Verification,” will be presented at the International Conference on Acoustics, Speech and Signal Processing (ICASSP) in Dallas, March 14-19.
Stay tuned for more on this topic.
Monday, March 8, 2010
• Enhanced convenience and speed – automates verification of client’s identity allowing quicker access to their accounts and transactions
• Improved security – voice biometrics verifies that the client is who they claim to be
• Client calls TD Waterhouse’s contact center and, when prompted, says “I’m not enrolled.” The client’s identity is manually verified by a rep, who also explains the Voice Print System. The client is then connected to the enrollment system
• Client is prompted to speak their phone number
• Client is prompted to say the phrase “my voice is my password”
• Client is prompted to speak a secret date (month & date), as well as a hint
• This process creates the client’s “base” voiceprint and stores it in the database for future use
• Clients call the TD Waterhouse contact center and, when prompted, say their phone number and secret date. This process creates the client’s “sample” voiceprint which is then compared to their “base” voiceprint in the database. If the voiceprints match, the client’s identity is verified
According to Nuance, most TD Waterhouse clients have elected to participate in the Voice Print System service. This may be due in part to their personalized approach of having a rep explain the process to clients. The Voice Print System has also allowed TD Waterhouse to reduce agent talk time by 30+ seconds.
Friday, March 5, 2010
Bell is Canada’s largest communications company. According to Persay’s Website, the principal project driver for Bell was to fight identity theft and make the privacy protection (i.e., verification) process more convenient for customers.
• Customer calls Bell’s contact center and is presented with the option to enroll using an IVR system
• If the customer opts in, the enrollment process is initiated. Or, if the customer opts out, they can ask for a re-prompt to enroll in 60 days
• Customer enrolls by repeating a pass phrase “At Bell, my voice is my password” three times (process takes approximately 2 minutes). The captured “base” voiceprint is stored in the database for future verification
• The enrollment is secured by the customer’s PIN and an account number and they are notified (via callback or SMS) when the enrollment process is completed
Click here for a demo.
• In subsequent calls to Bell’s contact center, the customer is prompted to repeat their “At Bell, my voice is my password” pass phrase. The captured “sample” voiceprint is then compared to the customer’s “base” voiceprint
• If the voiceprints match, the customer is successfully verified and is automatically granted access to the IVR or a live agent (who is alerted that the customer’s identity has already been verified – saving time)
• Customer can add multiple voiceprints per account to enable access for additional authorized co-users (e.g., spouse)
Click here for a demo.
To date, more than 2,000,000 Bell Canada customers have voluntary enrolled and verification rates exceed 4,000,000 a year.
Thursday, March 4, 2010
As you can see from the chart, the market is expected to grow from $124 million (2009) to $260 million (2014). This represents a compounded annual growth rate of approximately 16%. According to the chart, the steepest growth is expected to occur between 2010-2011. So let's make this the year of voice biometrics!
• Enrollment rate – % of authorized users who successfully enrolled (i.e., “base” voiceprint captured)
• Verification rate - % of authorized users who are successfully verified (i.e., “sample” voice print captured and matched against “base” voiceprint)
• False acceptance rate (FAR) - % of unauthorized users who are accepted by the system. Also known as false positive or type I error.
• False rejection rate (FRR) - % of authorized users who are rejected by the system. Also known as false negative or type II error.
• Crossover error rate (CER) – point of intersection when FAR and FRR are plotted against each other (i.e., FAR = FRR). In general, the lower the CER the better.
It’s a fine art to tune a voice biometrics system to achieve simultaneously low FARs (i.e., keeping the unauthorized folks out) and low FRRs (letting the authorized folks in).
Wednesday, March 3, 2010
I’m puzzled by the % growth decrease (i.e., 62%-->15%) projected for next year. I would expect % growth to continue increasing once voice biometrics systems gain momentum in the marketplace.
What say you?
Tuesday, March 2, 2010
Text-dependent voice biometrics systems require a person to speak the same pass phrase(s) during enrollment and verification. Text–independent systems do not. The person can be asked to repeat a series of random pass phrases to capture a “sample” voiceprint. Or, the “base” and “sample” voiceprints can be obtained in the background – even without the person’s knowledge (ideal for forensic applications).
Monday, March 1, 2010
According to their Website, Planet Payment works with merchants to set up their mobile commerce (“Voice”) stores. Shoppers also need to enroll and provide a “base” voiceprint. Enrolled shoppers can see a product in an ad, browse a storefront after hours, or respond to an in-store display, then call Shop BuyVoice and buy the item simply by saying the product code and verifying their identity (i.e., by entering their phone number and providing a “sample” voiceprint). Click here for a demo.
Another step closer to making voice biometrics a commercial reality.