|Copyright:||(c) 2011 Information Today, Inc.|
Speech technology can protect customer data against small-scale attacks
In April, hackers broke into
As a result of those two attacks - considered among the largest and most pervasive ever - the Japanese electronics maker shut its PlayStation Network and related services for nearly a month. In addition,
On a Smaller Scale
Large-scale attacks, like the one on
When those types of attacks occur, it isn't the interactive voice response (IVRj system or call center that is breached but, rather, the databases that support them, explains
"A lot of them end up in identity fraud, with people pretending to be other people," Markowitz says. "It's all part of a whole pattern of attacks against call centers. These are becoming more and more vicious, and they're being done by professionals as part of a global effort."
Although voice security can do little to stave off large attacks, like those that happened at
"You can't steal a person's voiceprint the way you can get their PINs or
According to Miller, most attempted hacks involving voice technologies are replay attacks, in which fraudsters try to gain access to voice-guarded systems with recordings of the voice. To prevent those attacks, he recommends changing passwords. Companies also can install security software that can detect whether an audio input is live or recorded.
Additionally, recent research from contact center technology provider
Of course, most agents are honest, but the fear among consumers is real. "It's more paranoia, but there have been a few instances," Burr notes.
Still, that's good news for voice biometrics technology vendors, which have garnered more interest and a sharp spike in sales in recent months.
For What It's Worth
That interest is expected to translate into real dollars for the vendors of such technology. In fact, according to research firm RNCOS, the technology has been "stupendously growing" in recent years because of rising personal security concerns and a greater awareness of identity theft.
In a report, "Global Biometrie Forecast to 2012," RNCOS indicated that as the technology improves, prices will fall and consumers will become more accustomed to using biometrics to prove their identities and make secure transactions. RNCOS's findings also suggest that voice biometrics will gain popularity in the coming years as its superiority over other technologies, such as face, iris, and fingerprint recognition, is recognized. The voice recognition market is expected to grow at a compound annual rate of about 13 percent through 2013, according to RNCOS.
To further demonstrate the industry's growth, Miller noted, providers of voice authentication solutions generated about
Miller uses another ruler to measure growth. Currently, about 6 million people have enrolled their voiceprints in some way. By 2015, that number is likely to reach 30 million, he says.
But the key will be to get consumers to consent to having their voiceprints stored on file. Local and federal law enforcement agencies in some countries, such as
For consumers to consent, the collection process must be seamless, according to experts. "The user interface is the key to all of this," Burr says. "You need a consistent, clean interface."
For enterprises, how to collect voice data without irritating customers or compromising security causes the greatest concern regarding any security application. With modern solutions, the two do not need to be mutually exclusive. "Privacy and security are not antagonistic," Markowitz says.
Miller says, "Voice biometrics is not yet completely a must-have, but it's making its mark in some very difficult markets." He notes that the technology has penetrated the telecommunications, finance, law enforcement, and government sectors and is poised to gain traction in healthcare and insurance.
"Growth has been very small for the past three years, but now it's starting to pick up," he adds. While some say the soaring interest in voice biometrics is unprecedented, others report seeing steady growth all along. The technology's "been around for years and grown little by little over time," Markowitz says. "The interest has been there; it's not sudden."
What have changed, according to Markowitz, is the technology itself and the prices that vendors charge for it. "It's more attractive now to organizations that do not want to spend
The Cloud Conundrum
Vendors are making their products more accessible by using software-as-aservice (SaaS) models. "With SaaS, these applications are cheaper to get into," Burr says. "SaaS is making the costs go way down."
Graham Alien, director of product management at
But, while the cloud is good for those who would deploy voice security solutions, it is also contributing to the need for greater security. The threat risk grows as more data is stored in the cloud and on mobile devices, such as smartphones and tablets, experts warn. While much of the data stored in the cloud is encrypted, "each network has its own vulnerabilities and ways to get in," says
Consumers are expressing fear. According to a recent survey by Threat -
Those perceptions have made consumers less willing to use mobile banking. Only 29 percent of those surveyed said they have done banking on their mobile phones, and 51 percent said they have not used mobile banking applications for fear of diminished protection.
"Mobile, in particular, is difficult to protect from fraud,"
To illustrate that point, a team of researchers from the
In several tests, the low-profile applications avoided detection by the phone's owner and installed antivirus software. What made the applications so stealthy was that they coded the sensitive data to resemble a system file for the phone's vibration, volume, or wake-up settings.
That is a common practice, according to Skerpac. "Companies like
In response to these and other threats, the smartphone security market is expected to grow wildly in the coming years. A report by Goode Intelligence, "Mobile Phone Biometrie Security: Analysis and Forecasts 2011-2015," pegs the current mobile phone biometrie security market at slightly more than
More Is Better
Early growth will be driven by embedded fingerprint sensors and voice biometrics that will be used together as part of multifactor authentication solutions, the report says.
Experts agree that to truly secure mobile devices, multifactor authentication will have to be the industry standard. Multifactor authentication is already being mandated as part of the Health Insurance Portability and Accountability Act (HIPAA), governing the personal protection of patients' private health information. Since April, the U.S. federal government, through the National Strategy for Trusted Identities in Cyberspace, has proposed a voluntary national "identity ecosystem" based on multifactor authentication. Moreover, the Payment Card Industry's
Businesses also face mounting pressure from their partners and customers to demonstrate compliance.
But, despite the push, voluntary adoption of multifactor authentication hasn't been significant yet. That is sure to change, according to most experts.
"There's already a better understanding on the buyer side for solutions that are multifactor," Miller says. "With phones now more vulnerable, why wouldn't you look at it?"
Skerpac agrees with Miller: "Everything is leading to multifactor, multimodal authentication."
Most applications of multifactor authentication use PINs or passwords as the first line of defense and supplement them with a voice security application. Others combine voice with more complex methods, such as iris or fingerprint scans. But those tend to be far more expensive to implement, and the public views them as intrusive.
"To go across the different channels, you need to get to where the technology runs in the background, just pulling out the pieces of a normal conversation that it needs,"
One company already involved is Sensory, which about a year ago released versions of its Truly Handsfree Trigger software for mobile devices running Apple's iOS and
To keep mobile phones safe, Mozer recommends, users should install software that requires them to speak their passwords or other trigger phrases before the devices connect to their networks. That can be accomplished through the device's digital signal processor, allowing the user to activate components of the phone without the operating system, he says. "Once you're in the OS, the device is already opened and connected, so it's better to do it preOS," Mozer states.
Mozer expects to see many other security applications become available for mobile phones, and not all of them will relate to voice. "All phones have cameras now, so you can use that to perform some sort of visual check of the person for access purposes," he says.
Shoring up security in other ways helps, Skerpac advises. "Keep data in separate systems, so that even if [wouldbe thieves] hack into one system, you can make sure they can't get into the others."
In addition, swap out legacy textdependent systems for ones that are textindependent. The prevailing trend in voice biometrics has been text-dependent, meaning a person enrolls his voiceprint by repeating a standard phrase. The trend is toward systems that are text-independent, in which users can utter any phrase to register their voiceprints. Because these systems can be easily randomized, they're a lot harder to crack with recordings, analysts point out "It's the area where we are seeing the most research," Skerpac says.
Text-dependent systems traditionally have worked well in quiet environments and not so well in noisier locations. To circumvent that, Sensory is tying the voice biometrics to its Truly Handsfree Triggers, which filter out all other environmental noises and carry out a command only when a trigger word is spoken. Early tests have shown that when used with hands-free triggers, voice security technology "becomes very reliable in noisy environments," Mozer says.
While that research is important, Skerpac says, studies will have to be done to determine the effects of aging on biometrics solutions. "In the long term, this could produce real problems for systems," she argues.
"Nothing is 100 percent," Skerpac says, admitting that even voice biometrics could do a better job at times. "But what we have now is certainly better than what we had before."
And, more than that, it's better than nothing at all.
About 6 million people have enrolled their voiceprints in some way. By 2015, that number is likely to reach 30 million.
"You can't steal a person's voiceprint the way you can get their PINs or
Voice biometrics is "more attractive now to organizations that do not want to spend
"Everything is leading to multifactor, multimodal authentication."
Voice security is the most convenient for mobile, especially since all phones have microphones built in.