'Spoken tokens' touted as ultimate security

An Australian market for biometric voice authentication is taking shape from early adopters in the banking, government and service industries.

According to Chuck Buffum, who is Vice President of Caller Authentication Solutions for Nuance Communications, more Australian companies are likely to be authenticating their customers with ‘spoken tokens’ within the next few months.

In Sydney to meet with customers this week, Buffum expects the local voice authentication market to grow to within three months of more mature markets such as the U.S., U.K. and Canada by mid-2009.

“It’s very early in the market take up,” he said, estimating there to be eight to 10 consumer-facing biometric voice authentication deployments in the world currently.

“That will change in the next few months,” he said, citing discussions with Australian banks and government agencies, which are expected to deploy the technology within six to nine months.

Currently, Nuance’s voice authentication technology is used by subscription television provider Austar to handle orders for its premium services and movies.

The authentication and call steering system is said to have achieved an initial return on investment in less than 12 months, and currently handles more than 1.5 million (51 percent) calls per year.

Besides the convenience and cost benefits of an automated voice authentication system, Buffum expects the biometric technology to provide consumers with greater account security.

“All around the world, there is more and more attention on protecting personal information and keeping that secure,” he told iTnews.

“Companies need to be encouraged to recognise that vulnerability and use suitable technologies to protect their customers,” he said.

Buffum warned of the public availability of personal information on the Internet. Such information often is used to secure accounts with traditional authentication protocols, he noted.

Social networking sites such as Facebook were highlighted as sources from which malicious persons may obtain information such as a person’s date of birth and hometown.

Search engine queries can be used to obtain yet more personal information about a target, as evidenced by the hacking of U.S. vice presidential candidate Sarah Palin’s e-mail account this week.

With the right design and security settings, biometric voice authentication methods could provide greater security by combining ‘something you know’, such as a password, with ‘something you are’, through your voice print, Buffum said.

Binary voice prints in Nuance’s software consist of 28 features, which are vocal characteristics such as the geometry of one’s vocal tract and behavioural patterns such as cadence, rhythm and volume.

The system determines the statistical likelihood of a caller and his or her saved voice print, and authenticates the caller in accordance with the security threshold set by the company.

Some transactions such as airline timetables may require lower security thresholds than others, such as banking, Buffum said.

Noting that ‘nothing is as good as iris scanning’, Buffum estimates the security level of voice authentication to be similar to that of fingerprint technology, and ahead of face scanning.

A hacker could make an audio recording of an account holder’s interaction with a voice authentication system and play it back to gain access, but such attacks could be thwarted by requesting the caller to repeat a random series of words, he said.

“The Mission Impossible squad can always break in,” he said, “but with this technology, you can at least keep everyone else out.”

“2009 is the year of the early adopters,” Buffum said of the Australian voice authentication market.

“Hopefully you’ll be counting them [deployments] on more than one hand -- but that’s around the figure we’re looking at.”