Should banks ditch passwords and move to voice authentication?
- Voice authentication could offer banks a number of advantages over existing verification methods, including greater security and a more convenient user experience.
- However, it may not be wise to use voice on its own as a complete replacement to current verification methods.
In the post-Covid world, rapid growth of online fraud has driven the digitization of the banking industry. In the first quarter of 2021 alone, the number of suspected digital fraud attempts in financial services – such as identity theft and phishing attempts – grew by 109% in the US, and by 149% globally.
Against this backdrop, banks are increasingly looking to ramp up their security measures by moving from traditional authentication tools – like passwords and PINs – to more reliable biometric verification methods that are based on physiological characteristics, such as facial recognition, fingerprints and iris patterns. In particular, voice authentication is gaining ground, since it offers the added advantage of being contactless and doesn’t require a user’s physical presence.
Voice biometrics uses characteristics and patterns in a person’s voice – called a “voiceprint” – to verify their identity. It relies on the fact that every individual has unique and identifiable phonetic features, making voice a useful identity verification tool.
HSBC UK is one of the major banks that adopted voice authentication in an attempt to mitigate fraud. The bank claims that since its launch in 2016, the technology has prevented nearly £1 billion in customer funds from falling into the hands of fraudsters, with the rate of attempted fraud down by 50% year-over-year as of May 2021.
So, what’s wrong with the existing authentication methods in banking, and does voice offer a valuable alternative? Let’s dig deeper.
What needs to change?
Banks’ current reliance on multiple authentication touchpoints hurts the customer experience, according to Collin Davis, CTO of Pindrop, an AI-based voice authentication and fraud detection firm, whose services have been used by a number of major US banks and insurance companies.
Davis says banks are struggling with password overload: users have an ATM PIN, passwords for mobile/online banking, and they also have to authenticate themselves when calling their bank or even when visiting the branch in person.
“Under current protocols, users gain access to their banking assets through one-time passcodes or go through multiple knowledge-based authentication questions, such as their mother’s maiden name, first pet, and even social security number,” said Davis. “These are not only time-consuming and inconvenient for customers but are also an easy target for fraud. Our research shows that fraudsters tend to successfully respond to these questions more than half of the time, while the actual user forgets the correct answers 20 to 40% of the time.”
Security is indeed a growing issue when it comes to current authentication methods in banking, according to Daniel Haisley, executive vice president of innovation at Apiture, a digital banking solutions provider.
Haisley says passwords will become increasingly unsafe and prone to hacks as technology continues to improve. “Quantum computing represents a death knell to the idea of keeping traditional passwords safe. While a conventional computer needs about 300 trillion years to crack communications protected with a 2,048-bit digital key, a quantum computer powered by 4,099 qubits would need just 10 seconds.”
Haisley adds that financial firms currently face a difficult tradeoff between security and customer experience: the more secure a banking service, the more inconvenient it becomes for the end user.
“The requirement of a username, password and one-time passcode via email or text message is a common standard across the industry. It adds extra time and effort to every interaction and inevitably serves as a barrier to both system adoption and engagement,” said Haisley. “With the introduction of biometric security methods like voice authentication, end users could experience both an increase in security and a dramatic improvement in user experience.”
Current authentication methods are challenging for consumers to navigate, and have gradually become more complex as layers of security – such as temporary codes in addition to login credentials – are added to make the consumer’s account and data safer.
“These multi-factor authentication methods can be incredibly painful for consumers, particularly those who save passwords and pins in web browsers – or worse, on sticky notes – and need to immediately access their account on the go,” said Allison Murray, chief growth officer at CheckAlt, which provides payment processing solutions to financial firms. “These pain points are paving the way for improved security and user experience through biometric technology, including voice authentication as well as fingerprint and retina scanning.”
Rob Krugman, chief digital officer at Broadridge, says the friction introduced by the current authentication process is a major obstacle on the path to digital adoption for banks. The need for countless usernames, passwords and passcodes results in consumer apathy and hinders the ability of financial firms to communicate and transact with their clients digitally.
“Customers often decide to abandon an attempted transaction or interaction if they forget their username or password, because it’s such a hassle to reset their credentials,” said Krugman. “Utilizing voice or facial biometrics would eliminate these frustrating obstacles, and would likely result in more frequent consumer interactions.”
The case for voice
So what does voice authentication offer the banking industry that existing methods don’t?
From the customer’s perspective, voice authentication is a quicker, less tedious method of identifying themselves, according to Pindrop’s Davis. “Instead of having to clear multiple benchmarks when accessing bank accounts, customers could use voice recognition as a single source of recognition to securely access their funds,” he said. “By reducing the need for less secure, more time-consuming authentication methods such as PINs and KBAs, customer experience over the phone will improve.”
For banks, voice authentication could offer increased customer satisfaction and engagement while also helping them ramp up fraud prevention. Davis says banks could combine voice authentication with machine learning for a more complete view of cross-channel activity in order to prevent future fraud. “The use of machine learning helps deliver continuous voice credential development throughout a call and automatically authenticates customers,” he said. “It allows banks to better know their customers while helping them identify unusual activity before it becomes a problem.”
It’s still early days for the technology, but many bank call centers have already started adopting voice. Davis says Pindrop is currently working with 8 of the top 10 banks in the US to provide voice authentication and fraud prevention services in their call centers.
“By using our voice technology, within a year, the First National Bank of Omaha saw an overall reduction in total call handle time of 2.5 million minutes and a reduction in account takeover fraud by half, resulting in major cost savings.”
Davis says voice authentication could also be used outside of call centers to provide customers with easier access to funds, for example in banking apps or at the ATM. Moreover, the technology could be layered with other biometric factors such as facial recognition to create a unique multi-factor authentication model.
As voice authentication continues to improve in efficacy and availability, we could see increased adoption of voice-enabled payments for a wide range of goods and services. “Fintech providers are marrying the security of biometric authentication to APIs in order to make financial services more convenient,” said Apiture’s Haisley. “Paying bills, setting budgets, receiving real-time alerts and notifications, and making financial suggestions can all be accomplished securely with voice authentication.”
Of course, just like any other technology in its nascent stages, voice tech isn’t perfect. It could take several years for it to improve enough to provide a truly safe, convenient and reliable banking experience.
CheckAlt’s Allison Murray points out that as it stands, the AI technology behind voice authentication may not be robust enough to flawlessly authenticate users every time, especially if they are in a crowded place or have poor internet connectivity.
Imperfect voice authentication could cause complications such as getting people locked out of their bank accounts, and could also make them vulnerable to deepfakes, which could be used by fraudsters to digitally clone the voice biometrics of bank customers for various illegal purposes.
Then there’s the issue of growing privacy concerns among users. A Microsoft report found that 41% of voice users are concerned about privacy, data security and passive listening. If consumers feel uncomfortable sharing their personal information using voice, they may turn away from banks that offer this technology.
As voice adoption grows, regulatory complications may also prove to be an obstacle. Since the technology is recent, there are currently no regulatory standards governing how exactly banks can utilize voice tech. The current legal ambiguity could cause some banks to run into complications at some point if they decide to offer these services.
While voice authentication technology in its current state is far from perfect, it’s likely to improve significantly in the coming years and could potentially become a crucial component of the digital banking experience.
Because of voice tech’s current limitations, CheckAlt’s Murray believes it wouldn’t be wise for banks to focus solely on voice authentication as a security measure. “At this stage, using voice on its own as a complete replacement to multi-factor authentication would be questionable,” she said. “For a more secure experience, it may be better to pair it with other existing biometric verification methods.”
By using voice as an added layer on top of other biometrics such as facial recognition, fingerprints or a retina scan, banks could create a foolproof multi-factor authentic system that offers a high level of security without sacrificing on customer convenience.
Apiture’s Haisley believes that while voice authentication will not and should not supplant all other forms of biometric verification, it will nevertheless become a favored tool in the security toolbelt of financial service providers. Once it can be integrated into existing virtual assistants such as Siri and Amazon Alexa, it could open up various digital banking and payment applications, eliminating extra steps for users in finding and opening their specific bank app or website.
“Without question, voice authentication will ultimately see widespread adoption in banking. The reality is that Apple, Google, Amazon, and other phone and smart home device providers will make it challenging not to adopt voice as a security method,” said Haisley.
“At the end of the day, bank customers will use voice recognition because it will make their lives easier and drive utility as a convenient, secure on-the-go authentication method.”