Wednesday, March 31, 2010

Voice Biometrics Case Study - National Australia Bank

In 2009, Telstra , an Australian telecommunications company, deployed a voice biometrics identity verification system at the National Australia Bank. The system, dubbed “Speech Security,” uses Salmat VeCommerce‘s VeSecure® Biometric solution (which is powered by Nuance Verifier™). According to NAB’s Website, Speech Security was introduced to “improve the customer experience on NAB’s telephone banking and enhance security and privacy by removing the need for customers to remember PINs and passwords.”

Enrollment Process:
• The enrollment process is voluntary and takes approximately three minutes
• Customer is prompted to repeat a series of words
• This process creates the client’s “base” voiceprint and stores it in the database for future use

Verification Process:
• Customer calls NAB and is prompted to say their account number and date of birth
• This process creates the customer’s “sample” voiceprint which is then compared to their “base” voiceprint in the database
• If the voiceprints match, the customer’s identity is verified

Speech Security was initially rolled-out to 3.3 million NAB customers.

Friday, March 26, 2010

Voice Biometrics Case Study – I DRIVE SAFELY

During yesterday’s Speech Technology webinar, William Morrow, Chairman and CEO of CSIdentity Corporation, presented a case study on the use voice biometrics in the distance learning space. In 2008, I DRIVE SAFELY, a provider of online defensive driving and traffic school courses, deployed the VoiceVerified® voice biometrics solution to enforce the academic integrity of students.

A 2009 Speech Technology
article, by Judith Markowitz, described the enrollment and verification processes as follows:

Enrollment
• During the online registration process, the student provides their phone number
• An automated outbound call is made to the student and they are prompted to repeat six separate five-digit phrases (i.e., “base” voiceprint is captured and stored in the database)

Verification
• At key course intervals (e.g., completion of chapter, etc.), an automated outbound call is made to the student and they are prompted to verify their identity by repeating a five-digit phrase (i.e., “sample” voiceprint is captured)
• If the “sample” voiceprint matches the “base” voiceprint, the student’s identity is verified and they are permitted to advance to the next phase of the course

Since 2008, I DRIVE SAFELY has enrolled over 60,000 voice prints and completed over 300,000 verifications.

Thursday, March 25, 2010

Speech Technology Voice Biometrics Webinar - Summary

This afternoon, Speech Technology hosted a voice biometrics webinar titled “How Verifying Your Customer’s Identity Can Save You Money.” The panelists were: Judith Markowitz (Consultant), Chuck Buffum (Nuance), William Morrow (CSIdentity) and Paul Heirendt (Trade Harbor). The moderator was David Myron (Speech Technology).

Judith Markowitz began the session with a review of voice biometrics basics. According to her, organizations deploy voice biometrics to:


• Combat identity theft and other fraud
• Protect personal data - privacy
• Comply with regulations
• Enhance convenience and simplify the authentication process

Judith also mentioned that voice biometrics has been deployed in the following sectors: financial services, healthcare, distance learning, telecom, transportation and government.


Chuck Buffum next presented an interesting overview of voice biometrics metrics. He discussed business, solution and technology metrics. Business metrics measure reduced operating expenses, improved customer experience/satisfaction and improved security. Solution metrics include: automated authentication rate, security rate (1 – imposter rate), offer acceptance rate, enrollment success rate, and re-use rate (opposite of opt-out after enrollment). Technology metrics include: false reject, false accept and enrollment success rate.

Chuck also discussed some of the factors that influence voice biometrics performance, including: richness of voice enrollment (i.e., broad and deep phonetic coverage), quality of audio sample (e.g., signal noise ratio) and environmental characteristics (e.g., background noise).

William Morrow stressed the growing rate of identity theft and fraud as a driver for deploying voice biometrics. From 2007 to 2009, there was a 37% increase in the number of victims. He said that the cost of identity fraud in 2009, in the U.S., was $54 billion. William ended by presenting a brief case study about the use of voice biometrics to ensure academic integrity for distance learning company “I DRIVE SAFELY” (IDS).

The final panelist, Paul Heirendt presented an overview of TradeHarbor’s voice biometrics product (VoiceSignatureService(SM)). He also addressed many of the benefits that organizations can realize by deploying voice biometrics.

When the presentations were over, the panelists addressed questions submitted by the participants.

The archived webinar should be available for viewing on Speech Technology’s Website.

Tuesday, March 23, 2010

TradeHarbor Partners with Call Center Solutions Provider

According to a press release, TradeHarbor, Inc. has entered into a partnership agreement with USAN, a provider of hosted call center solutions, to offer its SaaS voice biometrics solution (Voice Signature Service(SM)) to USAN’s IVR services customers.

Bob Nelson, Vice President of Partner Development at TradeHarbor said that the Voice Signature Service(SM) will be deployed to authenticate inbound calls, as well as “online authentication for transactions made from computers and mobile devices based on outbound calls to their wired or mobile phones.”


I am pleased that USAN recognized the value of deploying voice biometrics to secure call center transactions.

Monday, March 22, 2010

Biometrics and Privacy Concerns

The International Biometrics Group BioPrivacy Initiative™ has published an excellent list of privacy concerns as they relate to biometrics:

Personal Privacy. For some people, the use of biometrics is seen as inherently offensive. Being required to verify one’s identity through a finger-scan or voice-scan can be seen as intrusive, impersonal, or mistrustful. These objections to biometrics are based on personal privacy.


[My two-cents: I’m surprised that IBG considers finger-scans and voice-scans to be equally “intrusive.” Voice-scans can be captured via a telephone or microphone in a natural way – speaking.]

Informational Privacy. A more common objection to biometrics is based on informational privacy; how biometric data might be misused, tracked, linked, and otherwise abused. Potential privacy-invasive misuses of biometrics are as follows:

Unnecessary or unauthorized collection – gathering biometric information without the user’s permission or knowledge, or gathering biometric data without explicitly defined purposes

Unauthorized use – using biometric information for purposes other than those for which it was originally acquired

Unauthorized disclosure – sharing or transmitting biometric information without the user’s explicit permission

Unique identifier – using biometric information to track a user across various databases, to link different identities, and to amalgamate personal data for the purposes of surveillance or social control

Improper storage – storing biometric information in logical proximity to personal data such as name, address, social security number

Improper transmission – transmitting biometric information in logical proximity to personal data such as name, address, social security number

Forensic usage – using biometric information to facilitate investigative searches, which may be categorized as unreasonable search and seizure

Function creep – gradually using biometric data for a variety of purposes beyond its original intention and scope

[My two-cents: With the exception of military and law enforcement applications, I believe it is absolutely critical to provide full-disclosure (e.g., how data will be used, stored, etc.) to people who use a biometrics system.]

Friday, March 19, 2010

Voice Biometrics Case Study – Union Pacific Railroad

In 2001, the Union Pacific Railroad deployed a customer-facing voice biometrics system to automate the release of empty railcars. The system was powered by SpeechWorks’ SpeechSecure product. [Note: SpeechWorks was acquired by Nuance in 2003.]

A 2004 whitepaper issued by the SANS Institute, provided the following description of the railroad's application:

“Union Pacific moves railcars back and forth across the United States every day. The railcars travel loaded in one direction and empty on the way back. When the loaded railcar arrives, the customer is notified to come pick up the contents. Once emptied, the customer needs to alert Union Pacific to put the railcar back to work. Union Pacific now has an automated system that utilizes voice authentication to allow a customer to release empty railcars. Customers enroll in the voice authentication system over the phone. When they call back to release an empty railcar, the system authenticates them and allows them to release their railcars. In this case, voice authentication has allowed customers to get off the phone faster, and Union Pacific to guarantee that a customer is not releasing a railcar that doesn’t belong to him.”

When a customer called the railroad's IVR, they were given the option to enroll in the system (i.e., provide a “base” voiceprint). Once enrolled, a customer could verify their identity by providing a “sample” voiceprint. If the voiceprints matched, the customer’s empty railcar was released. If the voiceprints did not match, the customer was transferred to a live agent.

Does anyone know if this application is still in use by the Union Pacific Railroad?

Thursday, March 18, 2010

Securing Mobile Devices with Voice Biometrics – A Natural Fit

Mobile devices, such as smart phones, often contain personal and confidential data -- and are very vulnerable to theft and loss. To prevent unauthorized use, most devices rely solely on single-factor password security. Unfortunately, passwords offer relatively weak protection as they can be forgotten, observed, stolen or hacked.

Voice biometrics, on the other hand, can provide robust security and is also a natural fit for smart phones and other mobile devices with a microphone. Let’s see how the technology would work with mobile devices. There are two approaches:


• Embedded – all voice biometrics functionality (enrollment and verification) is self-contained on the mobile device
• Remote – some voice biometrics functionality (e.g., “voiceprint capture”) resides on the mobile device and the remaining functionality lives on a server

Several organizations are actively engaged in developing voice biometrics solutions for the growing mobile device market.

Tuesday, March 16, 2010

Will Biometrics Replace NYC Doormen?

Yesterday’s New York Post featured a story about a security company – Kent Security Services – that is marketing a “biometric” door for NYC apartment buildings. The door, which incorporates both facial and voice recognition technology, costs $15,000.

According to the article, the biometric door works as follows:

When a resident approaches the door to their building, a facial recognition camera captures a “sample” image, which is then compared to their “base” image in the database. If the images match, the door is unlocked for the resident.

If the facial images don’t match, the resident is prompted to say their name and where they are going. A “sample” voiceprint is captured through this process. If the “sample” voiceprint matches the resident’s “base” voiceprint, the door is unlocked. If there is no match, the resident is subject to further remote verification by central security staffers.

On February 22nd, I wrote about an Israeli company, FST21 Ltd., that is offering a similar technology.

Monday, March 15, 2010

Voice Biometrics Basics: Multi-Factor Authentication

Multi-factor authentication is the process of using more than one factor to authenticate a person’s identity. The three categories are:

• Something the person knows (e.g., password or PIN)
• Something the person has (e.g., security token, smartcard, cell phone)
• Something the person is (e.g., biometric such as voiceprint)

Combining two or more factors, where one of the factors is a biometric, provides the strongest level of authentication. For example, passwords or PINs can be shared, observed or broken. Smartcards or cell phones can be lost or stolen.

Friday, March 12, 2010

U.S. Secret Service on Identity Theft

Last night, I attended a seminar on "Identity Theft" presented by a U.S. Secret Service Special Agent. According to Javelin Strategy and Research (Wall Street Journal -- 2/10/2010), identity-theft is on the rise in the U.S. A record 11.1 million adults, up 12% from 2008, were victims. The total cost was $54 billion, up 12.5% from 2008.

The agent covered a number of topics including: how fraudsters get personal information, how fraudsters use that information, what to do if personal information is stolen and, finally, how to safeguard personal information.

How Fraudsters get Personal Information

According to the Secret Service, some of the methods used by fraudsters to get personal information are:


• Stealing mail (e.g., credit card statements, tax information, etc.)
• Rummaging through trash
• Bribing employees who have access to personal information
• Hacking databases containing personal information
• Stealing personal information from a place of work
• Obtaining a person’s credit report by posing as their landlord, employer, etc.
• Stealing card numbers by capturing data in an electronic “skimming” device
• Stealing wallet or purse
• Breaking into a home to steal personal information
• “Phishing” for personal information via email

How Fraudsters use Personal Information

According to the Secret Service, some of the ways fraudsters use personal information are:

• Call credit card issuers to change victim’s billing address
• Open new credit cards in victim’s name
• Establish new phone service in victim’s name
• Open a bank account in victim’s name and write bad checks
• Counterfeit checks or credit cards in victim’s name
• Authorize electronic transfer of victim’s funds
• File for bankruptcy in victim’s name to avoid debts fraudster incurred using victim’s name
• Taking out a loan in victim’s name
• Seeking employment in victim’s name
• If arrested, giving victim’s name to police

What to do if Personal Information is Stolen

According to the Secret Service, the following four immediate steps should be taken if personal information is stolen:

• Review and place a fraud alert on credit reports
• Close all accounts that may have been tampered with or opened fraudulently
• File a police report
• File a complaint with the Federal Trade Commission

How to Safeguard Personal Information

According to the Secret Service, these are some of the ways to safeguard personal information:


• Setup “strong” passwords for all accounts (e.g., avoid easily available information)
• Secure personal information at home
• Be vigilant when providing personal information on the phone, through email, etc.
• Deposit outgoing mail at post office and remove mail from mailbox promptly
• Shred personal information before placing in trash
• Don’t carry Social Security Card
• Limit amount of identification information and credit/debit cards when going out

• Install virus protection software
• Don’t open files sent by strangers
• Don’t store financial information on laptops
• Delete personal information from computers before disposing

After the presentation, the agent and I spoke about how voice biometrics can help stem the rising tide of U.S. identity theft and fraud. For example, financial institutions could deploy voice biometrics in their call centers. Fraudsters who obtained a victim’s personal information (e.g., mother’s maiden name, date of birth, etc.), would be thwarted when they are prompted to provide a sample voiceprint (which would then be compared to the victim’s base voiceprint). Also, credit card companies could require voice biometrics identity verification, at point of purchase, for certain transactions. These are just some of the ways that voice biometrics could be used to reduce identity theft related crimes.

Wednesday, March 10, 2010

Voice Biometrics Case Study - Vodafone Turkey

In June 2009, Vodafone Turkey, that country’s second largest mobile communications provider (16 million+ subscribers), in concert with implementation partner SPEECHOUSE, began deploying a customer-facing voice biometrics application. Vodafone Turkey’s “Voice Signature” application is powered by PerSay’s VocalPassword™.

According to PerSay, the primary drivers for Voice Signature were to enhance customer service and improve security. Subscriber benefits include the ability to perform secure self-service transactions such as resetting a blocked mobile device. Enrollment in the Voice Signature application is voluntary.


Vodafone Turkey also benefits by a reduction in call center costs. According to them, thanks to Voice Signature, call durations decreased by about 15%, while customer satisfaction increased 85%.

As a testament to their voice biometrics implementation, Vodafone Turkey won “The Best Technology Solution” award at the “Istanbul Call Center Awards 2009” ceremony.

Tuesday, March 9, 2010

NC State Professor Streamlines Voice Biometrics Verification Process

Dr. Robert Rodman, a professor of computer science at North Carolina State University, claims to have enhanced the text-independent voice biometrics verification process, according to a press release on the school’s Website. He believes that the verification process take too long for voice biometrics to gain widespread acceptance. To address the issue, Dr. Rodman assembled an international team of researchers who were able to modify existing computer models to streamline text-independent voice biometrics verification response times.

Dr. Rodman’s research, “Joint Frame and Gaussian Selection for Text Independent Speaker Verification,” will be presented at the International Conference on Acoustics, Speech and Signal Processing (ICASSP) in Dallas, March 14-19.

Stay tuned for more on this topic.

Monday, March 8, 2010

Voice Biometrics Case Study – TD Waterhouse Canada

In 2008, TD Waterhouse Discount Brokerage Canada launched a client-facing voice biometrics application. The service, dubbed “Voice Print System,” is powered by Nuance Verifier™. According to TD Waterhouse’s Website, the Voice Print System provides the following benefits to clients:

• Enhanced convenience and speed – automates verification of client’s identity allowing quicker access to their accounts and transactions
• Improved security – voice biometrics verifies that the client is who they claim to be


Enrollment Process:
• Client calls TD Waterhouse’s contact center and, when prompted, says “I’m not enrolled.” The client’s identity is manually verified by a rep, who also explains the Voice Print System. The client is then connected to the enrollment system
• Client is prompted to speak their phone number
• Client is prompted to say the phrase “my voice is my password”
• Client is prompted to speak a secret date (month & date), as well as a hint
• This process creates the client’s “base” voiceprint and stores it in the database for future use

Verification Process:
• Clients call the TD Waterhouse contact center and, when prompted, say their phone number and secret date. This process creates the client’s “sample” voiceprint which is then compared to their “base” voiceprint in the database. If the voiceprints match, the client’s identity is verified

According to Nuance, most TD Waterhouse clients have elected to participate in the Voice Print System service. This may be due in part to their personalized approach of having a rep explain the process to clients. The Voice Print System has also allowed TD Waterhouse to reduce agent talk time by 30+ seconds.

Friday, March 5, 2010

Voice Biometrics Case Study - Bell Canada

In 2007, Persay and IBM Global Services Canada began the rollout of the first large-scale customer-facing voice biometrics system. It is only fitting that the client was Bell Canada. After all, in 1867, Alexander Graham Bell’s father began work on developing an early voiceprint.

Bell is Canada’s largest communications company. According to Persay’s Website, the principal project driver for Bell was to fight identity theft and make the privacy protection (i.e., verification) process more convenient for customers.

Enrollment process:
• Customer calls Bell’s contact center and is presented with the option to enroll using an IVR system
• If the customer opts in, the enrollment process is initiated. Or, if the customer opts out, they can ask for a re-prompt to enroll in 60 days
• Customer enrolls by repeating a pass phrase “At Bell, my voice is my password” three times (process takes approximately 2 minutes). The captured “base” voiceprint is stored in the database for future verification
• The enrollment is secured by the customer’s PIN and an account number and they are notified (via callback or SMS) when the enrollment process is completed


Click here for a demo.

Verification process:
• In subsequent calls to Bell’s contact center, the customer is prompted to repeat their “At Bell, my voice is my password” pass phrase. The captured “sample” voiceprint is then compared to the customer’s “base” voiceprint
• If the voiceprints match, the customer is successfully verified and is automatically granted access to the IVR or a live agent (who is alerted that the customer’s identity has already been verified – saving time)
• Customer can add multiple voiceprints per account to enable access for additional authorized co-users (e.g., spouse)


Click here for a demo.

To date, more than 2,000,000 Bell Canada customers have voluntary enrolled and verification rates exceed 4,000,000 a year.

Thursday, March 4, 2010

Updated Voice Biometrics Market Forecast through 2014


Yesterday, I posted projections for the global voice biometrics market (2009-2011). Derek Top, of Opus Research, was kind enough to send me a revised forecast covering the years 2008-2014.

As you can see from the chart, the market is expected to grow from $124 million (2009) to $260 million (2014). This represents a compounded annual growth rate of approximately 16%. According to the chart, the steepest growth is expected to occur between 2010-2011. So let's make this the year of voice biometrics!

Voice Biometrics Basics – Metrics

There are several metrics used to measure the success of a voice biometrics system:

• Enrollment rate – % of authorized users who successfully enrolled (i.e., “base” voiceprint captured)
• Verification rate - % of authorized users who are successfully verified (i.e., “sample” voice print captured and matched against “base” voiceprint)
• False acceptance rate (FAR) - % of unauthorized users who are accepted by the system. Also known as false positive or type I error.
• False rejection rate (FRR) - % of authorized users who are rejected by the system. Also known as false negative or type II error.
• Crossover error rate (CER) – point of intersection when FAR and FRR are plotted against each other (i.e., FAR = FRR). In general, the lower the CER the better.

It’s a fine art to tune a voice biometrics system to achieve simultaneously low FARs (i.e., keeping the unauthorized folks out) and low FRRs (letting the authorized folks in).

Wednesday, March 3, 2010

Voice Biometrics Market Projections (2009–2011)

According to ThirdFactor, Opus Research predicts the voice biometrics market will grow from $139.4 million (2009) to $225.8 million in 2010, to $260.1 million in 2011. This represents a substantial 62% increase 2009-2010, but only a 15% increase 2010-2011.

I’m puzzled by the % growth decrease (i.e., 62%-->15%) projected for next year. I would expect % growth to continue increasing once voice biometrics systems gain momentum in the marketplace.

What say you?

Tuesday, March 2, 2010

Voice Biometrics Basics – Verification

Verification is the process of comparing a person’s “sample” voiceprint to their “base” voiceprint obtained during the enrollment process. If the voiceprints match, based on a probability score, the person’s identity is verified.

Text-dependent voice biometrics systems require a person to speak the same pass phrase(s) during enrollment and verification. Text–independent systems do not. The person can be asked to repeat a series of random pass phrases to capture a “sample” voiceprint. Or, the “base” and “sample” voiceprints can be obtained in the background – even without the person’s knowledge (ideal for forensic applications).

Monday, March 1, 2010

My Neighbor Secures Mobile Commerce Transactions with Voice Biometrics

Planet Payment, a multi-currency payment and data processor, based in Long Beach, NY, has deployed a mobile shopping application which uses voice biometrics to secure transactions. The product is called “Shop BuyVoice™’ and it enables shoppers to purchase items securely, from registered “Voice Store” merchants, over the phone.

According to their Website, Planet Payment works with merchants to set up their mobile commerce (“Voice”) stores. Shoppers also need to enroll and provide a “base” voiceprint. Enrolled shoppers can see a product in an ad, browse a storefront after hours, or respond to an in-store display, then call Shop BuyVoice and buy the item simply by saying the product code and verifying their identity (i.e., by entering their phone number and providing a “sample” voiceprint). Click here for a demo.


Another step closer to making voice biometrics a commercial reality.