Caller ID

By Dan Miller

Speaker verification and voice biometrics present more user-friendly and secure methods of customer identification in telephone banking.

One of the banes of phone-based commerce is the phrase, "Your call is important to us." When calling a bank, it tends to be the last thing a customer hears from an interactive voice response system before being put on interminable hold. It would be much more reassuring - and accurate - if the bank's phone system said, "your identity is very important to us" and then, rather than indiscriminately placing each call on hold, to treat each caller according to his or her expressed preferences, status, or other known attributes.

When it comes to customer support, both businesses and technology providers repeatedly affirm that caller experience is of paramount importance. Yet, that does not mean that they place risk management or security in a lesser role. It is important to recognize that speaker verification and voice biometrics provide a mechanism to serve these seemingly contradictory goals - highly usable, highly secure interactions.

For too long a bank's most common practice for handling inbound calls was to put even their best customers through onerous question-and-answer routines to validate their identity based on "knowledge-based authentication." While deemed "good enough," it is neither customer-friendly (because it takes so long), nor particularly secure (because the information is often available through a number of physical or online sources).

Instead of making the spurious claim that "your call is important to us," leading-edge service providers, like Bell Canada, TD Waterhouse, and the National Australia Bank are showing customers in practice that identity is indeed important. These companies utilize voice biometrics and speaker verification to address both the user experience and security concerns, providing a "win-win" for customer and company alike. Both recognize that quick, accurate authentication is beneficial to the customers as well as to the business enterprise.

Strong authentication raises confidence

As the number of customer-facing voice verification implementations grows, enterprises and their technology providers have already learned the value of strong caller authentication. They've also learned that voice biometric authentication never exists in a vacuum. Low levels of confidence in a voice biometric match seldom leads to outright rejection of a call. Instead, they trigger routines to obtain other information that can include Caller ID or ANI (automated number identification) as well as "risk profiles" based on customer records, transaction history, "last known location" and the like.

Voice biometric-based authentication can replace or augment the entry of the caller's account number. When the captured utterance matches a stored voiceprint, the authentication engine returns a high-confidence indicator ("green light"). If there are no other concerns, the caller can proceed toward accomplishing the purpose of the call. 

The biggest challenge is developing expeditious call flows for handling calls which, for any number of reasons, might fall into one or more gray areas in user authentication. Perhaps the risk profile is high and the call originates from a noisy environment. Automated, phone-based authentication could be difficult. Businesses, and their technology providers, must also build the business logic to govern situations where there is a strong match to the voice biometric, but the risk management system calls for additional authentication based on other metadata (such as a report of a lost payment card).

Solutions providers offer a considerable number of options to deal with the instances where other resources (such as the risk management system) yield a "yellow," or worse "red" light. Calls may originate from unknown devices, in unexpected geographic locations. The voice biometric may indicate strong confidence in the caller's identity, but he or she may not remember a pass-phrase or know the actual response to a wallet-based query. (How many of us can accurately answer, "What was the exact amount of your last purchase at a bar or eating establishment?") Companies have considerable leeway in designing call flows and agent scripts for these instances.

A well-designed authentication routine will minimize the instances that require lengthy, agent-based authentication. Experience in the field is helping to establish best practices for dealing with those "caution light" situations when a caller cannot be totally rejected, nor can a company readily allow them access them to sensitive information or personal funds. Agents have important roles to play in establishing caller expectation and, in essence, training them to use the system. They may end up resorting to KBA (knowledge-based authentication) but they will be able to explain to the customer why they are being subjected to further questioning.

The customer care pendulum is swinging away from a short list of company-driven choices toward a wide-range of customer-defined interactions and transactions. Rapid recognition and protection of a caller's identity and associated information is the basis of higher quality customer care. Over the phone, deployment of voice biometric-based identity proofing can make such authentication simpler, faster and more pleasant.

Banking and insurance applications (finally) taking shape

Identity theft - both real and imagined - has spawned a ubiquitous stream of marketing pitches from banks on the technology solutions that serve as protection. Voice biometrics technology is among those solutions. Therefore, it was expected that banks and financial institutions would be first-movers in widespread deployments of phone-based customer authentication strategies. (Additionally, an FFIEC guideline in 2006 to require "multi-factor authentication" for electronic banking figured into driving the momentum for voice-biometric installations.)

But while a great number of banks and financial services organizations have privately launched pilot projects, very few have matured into full-blown deployments. To be sure, for now it is still a world of isolated deployments. Still, just in the last few months - and especially in Australia - some financial services and insurance organizations have finally gone public with voice biometric-based authentication services.

Additionally, as the inevitable growth of mobile banking relies on improved security of mobile transactions, the market for mobile authentication is ripe. Voice biometrics has the potential to provide inexpensive, accurate user authentication. Overcoming the challenges of deploying across multiple mobile platforms, there will be a surge of mobile applications to support payment authorizations and protect information access.

These achievements have spurred by this often-heard phrase regarding voice biometric deployments for many banks and financial institutions for North America: "It's on our roadmap for 2010." Both for "internal" and customer-facing applications, executives have told us that they are investigating and implementing voice biometric-based solutions not just for fraud-loss reduction, but also to improve the customer experience and raise confidence that a company is taking every measure to protect the public from identity theft. "Support for voice biometric authentication" is a standard line item on RFPs for enterprise IT, customer care and mobile communications infrastructure procurements.

With voice biometrics quickly morphing from competitive differentiator to competitive necessity, Opus Research is hosting the Voice Biometrics Conference 2010 (May 4-5, www.voicebiocon.com). Corporate decision-makers join technology providers and integrators to hash out the realities of today's voice biometrics solutions both in the lab and in the real world. Panel discussions include opportunities in customer care, mobile payments, data security, and multi-factor authentication, and presentations from the banking and healthcare sector on launching customer-facing deployments.

Dan Miller is Senior Analyst at Opus Research. He has over 25 years experience in marketing, business development and corporate strategy for telecom service providers, computer makers and application software developers.