| Telephone banking is increasingly
popular with customers, and will be increasingly attractive
to banks and other financial institutions as they start to implement
highly cost effective automated speech
recognition technology to handle routine transactions (the
subject of another "financial futures" web page).
But the procedures for verifying customers over the telephone
are unsatisfactory, both in terms of customer convenience and
also, increasingly, from a security point of view.
The usual approach to verifying
customers - proving that they are who they claim to be - is
to use some sort of PIN or password. To avoid the customer
having to say the password out loud, they are usually prompted
for, say, the second and fourth letters in the password.
There are several problems with this
approach. Firstly, passwords and PINs are difficult to remember
and unwieldy for customers to use in this manner. Secondly,
it takes time - identification and verification of the caller
is often the lengthiest component of a transaction and this
translates directly to the bottom line. Thirdly, the security
itself leaves a lot to be desired - many customers write down
their passwords or reveal them to the operator (in extreme
cases they may self select the same PIN that they use for
ATM withdrawals). Many call centres prompt the caller for
additional 'secret' items such as their mother's maiden name,
but this only exacerbates the other two problems.
The solution? Voice verification
. Technology now exists which enables individuals
to be reliably, rapidly and cost-effectively verified on the
basis of the physical characteristics of their voice.
Several vendors now supply commercial
voice verification technology. A good example is Nuance Communications,
based in California, using essentially the same technology
which underlies their speaker independent speech recognition
software. But in this case recognition is speaker dependent
- the customer is only allowed to use the system if their
individual voiceprint matches their identity (normally established
though an account number).
A new customer automatically enrolls
in the system over the telephone by repeating about 10 four
digit numbers or reading a short piece of text. The software
extracts from this a number of physical characteristics which
are unique to that voice. In all subsequent transactions,
the caller, once identified, is asked to repeat a couple of
randomly generated PINs or, for example, names of cities (this
is to prevent fraudsters tape-recording a customer saying
their password or PIN). If the voiceprint matches the one
stored against the account number the transaction proceeds;
if not, the customer is referred to a supervisor.
Pilot tests of the technology are encouraging.
A high accuracy of correct verification can be combined with
a low probability of false rejection which is suitable for
most banking operations and the whole procedure is faster,
easier and much more cost effective. Surprisingly, only a
few kilobytes of storage are required for each voiceprint
and because the claimed identity of the customer is already
established, a single comparison is all that is required,
so verification is quite rapid (using the same technology
for voice identification is of course much slower since the
system must find a match out of many voiceprints).
Voice verification is particularly appropriate
for automated speech recognition dialogues and we expect that
a seamless combination of the two technologies will rapidly
become the norm for most simple telephone banking transactions.
Of course voice verification is much less applicable to other
delivery channels such as branch banking or screen-based systems
(although pilot systems have been built). For an intriguing
new approach to customer verification over the Internet based
on face recognition, see the "financial futures"
web page on Passfaces or check
out the ID-Arts
web site.
|
