With mobile banking security a top priority, many banks' security and IT departments have long sought a better means of authentication — proving that incoming mobile banking customers are who they say they are. The emerging science of voice biometrics could be the answer, or at least part of the answer, some in the industry feel.
PINs, passwords and personalized security questions still largely dominate mobile banking authentication in the U.S. But new authentication tools have been coming to market in recent weeks. Those rollouts stem from the mounting security threats in mobile. Indeed, as mobile banking functionality deepens, and customer usage continues to trend up, the risk banks are taking on becomes greater.
"Customer demand and product groups are pushing out higher risk functionality [on mobile]," says Julie Conroy McNelley, a research director at Aite Group LLC. "It's a great opportunity for bad guys."
Among the new, multi-tiered, methods banks are experimenting with to troubleshoot these greater risks is voice biometrics. Indeed, Aite has been renewing its remote authentication research and is already finding that banks "have done a 180" in how they view voice biometrics, says McNelley.
"This time last year, you'd be hard pressed to find a banker say something positive about [the technology] for fraud," says McNelley. "[Now], banks are very interested in voice biometrics."
Her research thus far shows that banks plan to use the technology in the next one to two years for both their mobile and call center efforts. Plus, some financial institutions already have pilots in place — but the tests of the technology aren't exclusive to helping prevent fraud. Given mobile phones' limited real estate, executing more complicated transactions on the devices is, well, complicated, explains McNelley. As such, voice command technology can help troubleshoot the challenge.
This summer, USAA announced it is testing out ways to use voice command technology within its mobile banking. Fiserv Inc. (FISV) announced a new voice mobile tool at the recent FinovateFall. And E-Trade Financial Corp (ETFC) already has voice recognition mobile technology in place.
InAuth introduced a new authentication module Tuesday that aims to help verify a mobile banking customer's identity by his voice. The company views voice biometrics as part of a bank's multilayered defense against fraudsters.
"This was our customers' idea," Mike Patterson, CEO, tells Bank Technology News. "All of our best ideas come from our customers."
Voice Biometrics Authentication Module, the name of the new identity tool, works like this: When a customer who opted into the service wants to transfer money above a certain threshold through his mobile phone, voice biometrics would help the bank verify his identity. The consumer would previously have had his voiceprint taken by InAuth and encrypted and stored on his mobile device. Each time after that, when he wanted to next do a financial transaction on his phone, he could speak a certain phrase to verify his identity and authenticate the transaction.
"Everyone's voice is unique," says Patterson, pointing to timbres, pitches, and the way in which someone says a particular phrase as some of those nuances. If it's a noisy situation, he says that a customer can repeat the phrase to authenticate himself.
"It's not a perfect authentication method, but none are," he says. "It's a further factor to authenticate. We're providing multiple layers of authentication to make the bank more comfortable in who they are dealing with."
For those banks wanting to roll out InAuth's module with their mobile banking apps, InAuth offers up a software development kit for integration. Beyond InAuth, vendors participating in the space include Nice Actimize and ValidSoft.