Conversational Voice Authorization Is a Natural Over the Phone

Sometimes it helps to have multiple personalities. However, it is generally not helpful when someone else borrows one of these personalities to make unauthorized purchases on one's charge account. For phone-based access to financial services, health records, technical support or more routine customer care, "conversational sign on," which mixes voice biometrics with multi-factor authentication methodologies, should be the preferred method for identity validation.

That being said, voice authentication continues to meet resistance among the businesspeople who would benefit most directly from its deployment. It simply isn't in their vocabulary. I participate in an online discussion group surrounding deployment of Asterisk (a suite of open source software that performs the functions of a telephone switch). A high percentage of list members were in the business of providing low-cost international calling plans linked to a calling card number and PIN.

These alternative long-distance carriers are finding as much as 40 percent of the calls to a small number of "offending countries" originated by people who are using stolen credit cards. Credit card issuers take as much as 30 percent of the top line revenue in the form of "charge backs" for such calls. Carriers were willing to go to Draconian lengths to prevent such calls from becoming more commonplace.

The group discussed blocking all calls to country codes serving the offending nations. They suggested that all new customers fax in a signed document authorizing use of a credit card for making international calls. In the midst of this thread I wrote one of the very few notes I've logged on this particular group. I simply asked, "Why don't you have your callers register their voiceprints as they arrange for legitimate payment? Then they can call in and validate their identity by speaking a pass phrase every time they call."

I'm still waiting for an answer.

In too many cases, PINs are deployed as the most common cure for unwanted access to personal accounts and information. Even though employers and financial services companies provide guidelines for building secure PINs, users commonly use a limited number of mnemonic devices to generate their PINs. Knowing only an individual's middle name (backwards and forward) and a narrow subset of personal information, like street names, children's names and the like, security experts were able to crack 80 percent of user-generated PINs.

What's more, individuals have a bad habit of writing their PIN numbers on the very cards that they may be carrying to give them access to cash in an ATM or to gain access to their places of business.

The most tangible evidence that voice authentication is ready for prime time is the interest of solution vendors to participate in a globally established set of "common criteria" for security. Common criteria is an international effort that is managed in the United States by the National Institute of Standards and Technology and provides independent and externally verifiable security ratings (EAL or Evaluation Assurance Level) to everything from firewalls to biometric authentication systems. For most voice technology software providers, the expense of becoming certified has not been justified by the revenue potential associated with conformance. However, some voice biometric solutions are making their way through the common criteria process with the first approved solutions expected later this year.

Recognition that voice biometrics has intrinsic advantages over alternatives (especially in multifactor, conversational installations) can break through the chicken-and-egg business decision that has kept voice authentication on the back burner, while biometric alternatives such as fingerprints, retinal scans and facial scans are taken seriously. If anybody should buy into the idea of conversational authorization, international dial-around service providers are a natural. Integrating voice authentication with basic IVR services, for example, as the "greeting" to a financial services company, provides a mechanism for other factors to be taken into account in a comfortable, conversational interaction.

Concern for identity theft built on purloined tidbits of personal data will elevate public acceptance of conversational biometrics as the most cost-effective alternative for identity authentication in real time. In the meantime, the only thing that can stop the uptake of voice biometrics is the voice biometrics industry itself. Phone-based services are a natural place to start.