Embedding Speech Biometrics on Devices
Some see biometrics as one of the best ways to positively identify a person. Personal identification numbers (PINs) and passwords can be relatively easy to crack, often because they are left in insecure locations or are amazingly simple, like 12345678 or “password.” Challenge questions like a mother’s maiden name are easy to discern from public records. But biometrics such as fingerprints, speech recognition, and facial recognition are all but impossible to duplicate—at least for the common criminal.
According to Nuance, there are more than 1 billion account credentials (user name/password) for sales online; but speech biometrics is 80% percent faster than PINs and passwords for verification while also offering better security. According to the company, speech biometrics can help reduce the cost of fraud in the call center by 90%, and by 80% for mobile communications.
Nuance expects that biometrics could ultimately kill passwords while also improving CSAT and Net Promoter Scores, reducing risk, and improving key operational measurements along the way. Of course, Nuance has a stake in the biometrics game. Nuance Security Suite, which offers a variety of biometric capabilities, uses deep neural networks (DNN) and advanced algorithms to detect synthetic speech, recordings, and brute force attacks.
With the continuing growth of smartphones and consumer’s reliance on them to do everything from browsing to paying credit cards, checking bank and brokerage accounts, and conducting other sensitive transactions, these devices will provide a major market for biometrics in the future.
In “Mobile Payment Security: Biometric Authentication & Tokenization 2018-2023,” Juniper Research predicts that built-in biometrics will identify 1.5 billion mobile payments by 2023, up from an estimated 429 million this year.
“There can be no denying that smartphones have democratized the use of biometrics, which was previously an exclusive domain or high cost and low customer experience,” says Ravin Sanjith, program director, intelligent authentication at Opus Research. “Now users do not have to think twice about registering their biometrics on devices, and have taught themselves to get the best out of the capability.”
Speech and, to a lesser extent, facial recognition are used today on mobile devices for users to change passwords, to authenticate users for financial transactions, and to authenticate someone to retrieve sensitive account information. For instance, the USAA banking app uses facial recognition and voice recognition to provide easy and secure multifactor biometric security, the voice component adding an extra level of liveness detection to the process.
For voice recognition, the user simply needs to tap “Voice Recognition” and agree to terms and conditions, then tap “record” and speak the given phrase and repeat it three times.
In general, the biometric methods, including voice and facial recognition, are device-agnostic, so it doesn’t matter if a person is using an iPhone, an Android, or other mobile device, a feature that will drive adoption, Juniper predicts.
A Simple, Secure Identification Method
Also driving adoption will be the need for an easy-to-adopt and install but extremely secure authorization/identification method. Speech biometrics uses a set of algorithms that analyze hundreds of behavioral and physical speech characteristics, including sound, pattern, pitch, frequency, tone, and accent, to produce a unique voiceprint for every individual. The speech biometric software then compares the speaker’s utterance to a voiceprint, producing a confidence rating that the utterance belongs to the speaker.
The uniqueness of the voiceprint is due to the uniqueness of how the human voice is generated—using 15 different internal organs of a person’s body, including the tongue, jaw, tonsils, larynx (voice box), floor of the mouth, oral cavity, nasal cavity, sinuses, epiglottis, lips, and multiple palates, according to VoiceTrust, which offers voice-, face-, and knowledge-based authentication technology. (The company was scheduled to merge with LumenVox in the middle of September.)
Most users of biometrics don’t use it as their lone identification/authentication solution, instead using it to either augment PIN/password/challenge questions or as an alternative identification method. Some of the speech biometric providers also offer facial recognition solutions for additional end user verification.
Speech biometric providers pride themselves on minuscule false acceptance and false rejection rates, both of which improve as providers collect more voice data and further tune their systems to offer their customers the best balance between accuracy and convenience. Systems recognition are false rejection and acceptance rates have what is known as an equal error rate, the point at which the two rates intersect. The lower the equal error rate, the better the system is performing.
A University of Eastern Finland study found that the equal error rates of some voice biometric systems could run nearly as high as 11%. But according to Nuance, those with the higher ranges aren’t using some of the latest technologies for continued improvement, like deep neural networks and machine learning. Seasoned industry veterans tend to rely on these and other advanced technologies that they continue to refine to minimize equal error rates and false acceptances—which are more of a problem to users than false rejections.
Nuance says that its voice biometrics solutions have secured more than 5 billion transactions to date, and not once has an impersonation attack been reported. The company has conducted several voice impersonation attacks with famous voice impersonators in the United States and the United Kingdom, and it says none have proved successful.
Nuance FreeSpeech verifies a caller’s identity during a natural conversation. The FreeSpeech system analyzes more than 100 unique voice characteristics while the customer is talking to a call center agent and compares these characteristics with the relevant stored voiceprint within seconds, without interrupting the call.
Nuance points out that voiceprints (of which its customers have more than 120 million) are stored in a proprietary format with 25-bit encryption in the system’s databases, and even if one is stolen, it cannot be reverse-engineered or used for authentication. Voiceprint IDs are assigned a unique key and cannot be used outside the system or in other biometric systems.
The speech biometrics industry has been continuing to improve for more than two decades, says Mudar Yaghi, CEO of AppTek. By continuing to refine technology as speech systems evolve, “there’s a lot of quality in the accuracy of speaker identification.”
Voice biometrics is vital, and it's only the beginning. AI and speech technologies are helping drive new levels of security and pioneering new ways to keep the public safe.
Voice biometrics is becoming popular with big corporations but is still out of reach for many
Companies and Suppliers Mentioned