Convenience Is King
According to the Better Business Bureau and Javelin Strategy and Research, the average amount of fraud per incident is $6,383. Losses stemming from fraud in the United States alone were estimated at $56.6 billion in 2006.
The potential security and financial benefits of biometrics—and voice biometrics, in particular—are substantial. These primarily include reduction of fraud and improved efficiency in resetting passwords and other repetitive tasks related to security maintenance. In most business cases, however, consumer adoption is taken for granted. It is assumed that consumers will be pleased to use voice biometric technology because they want greater protection without having to remember complex passwords, but other factors come into play.
We make tradeoffs between security and convenience every day: We have one deadbolt instead of two; we don’t bother setting the alarm on the security system because we are going out only for a short time; we hide a spare set of keys under the flower pot by the door. All of these actions reduce security in exchange for increased convenience and access. How do the same tradeoffs enter into the use of biometrics? Will consumers make the same types of decisions when it comes to biometrics and access to accounts and information? How could this impact adoption and use within an organization?
Verification of an identity claim within an organization centers around one or more of the following components: something unique that you know (password or private information), something you have (keys, tokens, or cards), or something you are (biometric characteristics). Each of these has direct implications for the convenience of use. Passwords that are easy to remember are increasingly easy to compromise. This has resulted in complex alphanumeric, case-sensitive passwords that have to be periodically changed, which makes them hard to remember. To remember passwords, people write them down or use the same one for multiple accounts, which defeats the purpose of improved security.
Keys and tokens are secure, but not particularly convenient if you have to carry more than a few. It is not practical to carry a different random-number token for every credit card or account a person owns. Like house and car keys, they can be forgotten or misplaced, and they can be relatively expensive for mass-market usage.
Voice biometric technology seems to fit the convenience bill for most users. You can’t forget your voice, and it is always with you. The security can be measured statistically, with equal error rates for false acceptance and false rejection ranging from 4 percent to fractions of a percent depending on the implementation methods and technology used. With even the larger error rate, a crook is unlikely to bother trying to crack an account with a voice lock, just as a thief will usually look for houses that don’t advertise having alarms. This makes a compelling argument for using voice biometrics.
So what remains to be done? In focusing on the financial and technological aspects of deployment, end-user education has lagged, and organizations, in general, do not have correct expectations as to what implementation of a voice biometric solution will entail.
Voice biometric solutions require storing information particular to an individual. The data stored in a voice biometric database cannot be used to gain entrance to an account by calling in. In that way, it is unlike a password. As an industry, we need to recognize some consumers will react strongly to any storage of private data. Privacy concerns need to be addressed proactively, allaying fears that data can be compromised or misused.
Organizations also need to understand and acknowledge that replacing PINs/passwords is unlikely because some knowledge-based system for fallback will always be required. Since multifactor authentication seems to be gathering proponents, the voice biometric may just be one of several factors—such as calling from the phone of record—that are used optionally to authenticate the caller. To improve trust in solutions, users need to be assured that other options can be used if voice verification fails.
User education is the key to ensuring that consumers see the value of taking time for the enrollment procedure and view the voice lock as they would the dead bolt on their front door. Identity theft and fraud have been well-publicized, and the industry can take advantage of this background knowledge to encourage the use of technology. If a few companies started emphasizing their voice locks on accounts as a competitive advantage, user adoption is unlikely to be a real problem.
Ron Owens is director of multimedia professional services at Nortel, where he is responsible for managing the design, development, and project management of IVR, contact center, and high-capacity messaging solutions in the Americas. He can be reached at firstname.lastname@example.org.