To remain competitive and keep their biggest clients, call centres need to get security-savvy. Here, Albert Selzer explains how biometric voice recognition technology can reduce the incidence of one of the biggest problems facing contact centres and their customers – identity fraud.
Identity theft is big business. The UK’s fraud prevention service, CIFAS, has reported that crimes involving false identity and impersonation grew by 600% between 1999 and 2004. In the first three months of 2006 alone there had been a quarter-on-quarter increase of 17% in identity fraud, representing 16,077 victims. And all this despite a high-profile media campaign to educate members of the public.
|Voice biometrics: a glossary
Technologies that measure and analyse human physical and behavioural
characteristics, usually to confirm or verify identity. The most common
biometric measurements are fingerprints, retinas and irises, facial
patterns, hand measurements and voice, among others. False acceptance
When a verification system allows an impostor to get in.False rejection
When a verification system rejects a valid user.
A person who falsely claims to be a valid user.
The process of finding the identity of a known speaker by comparing the
voice of the unknown speaker with voices in a database of speakers.
The process of determining whether a person is who they claim to be.
A type of speaker verification that requires the use of a password, phrase or another pre-established expression.
A type of speaker verification that can process freely spoken speech in the course of normal conversation.Threshold
The degree to which a new voice sample must match a stored voiceprint before a system will accept the speaker as genuine.Speech recognition
Technology that recognises certain pre-programmed words or phrases –
for example, numbers or passwords – but which cannot distinguish
between different voices.Voice recognition
Using an individual’s unique voice characteristics as a way of recognising or validating their identity.Voiceprint
A sample of speech that has been converted to a form that a voice biometrics system can analyse.
The number of victims also translates in to eye-watering sums of money. CIFAS estimates that the 120,000 cases reported in 2004 alone cost the British economy 300million. For the same year, the banks clearing service, APACS, reported that fraud worth 500million had been carried out on UK-issued plastic. Of this, 150million related to ‘card not present’ fraud – up 24% from 2003.
APACS states that these crimes most commonly involve the theft of genuine card details to make a purchase through a remote channel such as the telephone or the Internet. And this is where the problems for call centres start.
The chain of responsibility
Some of their biggest and most lucrative contracts are with major financial institutions. But these are among the organisations that require the highest levels of customer identification.
Not only are there huge amounts of money to be stolen by criminals who have acquired the identity details of an innocent customer, there are intense regulatory pressures to ensure that all financial and customer data is adequately protected.
These firms are aware that, however strong their own security credentials are, any weaknesses in partner organisations will leave them horribly exposed. In an interconnected world, responsibility for security cascades through a lengthy supply chain. A breach in one can ripple out and cause chaos in another. Resultantly, call centres need to ensure that they have the highest standards of security measures and processes in place if they are to remain competitive and profitable.
However, call centres are particularly vulnerable to the practices of identity thieves.
Identity fraud like this is a symptom of the increasing number of everyday transactions that take place online or over the telephone through call centres. The demand for convenience from the customer and cost-effectiveness from their bank or other supplier, has placed the call centre at the heart of customer relations – indeed of the economy as a whole.
But as personal interaction becomes rarer, the ability to confirm someone’s identity by their physical presence lessens. New methods need to be employed to ensure that an individual’s identity in the virtual world is as secure as it is in the physical one.
Preventing fraud is obviously in everyone’s interest: the consumer, the bank and the call centre that acts as an intermediary between them. On a longer-term basis, all parties need mutual reassurance that the other half of any transaction is exactly who they say they are. Without it, confidence in the whole system becomes undermined.
A new layer of security
Requiring customers to prove their identity is not a new idea; most call centre agents are familiar with identification processes required by anti-money laundering and ‘know your customer’ regulations. But whereas a request for two written proofs of address works when opening accounts, it is utterly impractical for daily transactions. Hence the use of passwords and PINs. And even these are not entirely foolproof: with a little social engineering and a lot of determination they can easily be circumnavigated.
Having only one layer of security, such as a PIN, is known as single-factor authentication and is dependent on something that the customer knows. But, in the words of the US’s Federal Financial Institutions Examination Council, single factor authentication is “inadequate for high risk transactions involving access to customer information or the movement of funds to other parties.”
Existing tools for managing identity need to be enhanced by additional layers of security. Call centres therefore require ‘two-factor’ authentication.
Obviously there are limitations to what can be used in a call centre, where any identity validation methods cannot be allowed to slow down the call-handling process, and reduce the centre’s cost-effectiveness, convenience and efficiency. It therefore needs to be unobtrusive and, ideally, invisible to the customer if they are not to be deterred from using cost-effective telephone-based services.
One alternative is to use something you have: a pass card or secure token, for example. But these are difficult to deploy in a call centre environment – and the ongoing costs involved in replacing the inevitably lost cards make it prohibitively expensive.
So call centres need to look at the third option: something you are. Which is where biometrics come in. Biometrics use unique physical characteristics to identify someone, and in a call centre that means using voice recognition.
This is very different from the speech recognition that is already in place in many call centres. Speech recognition identifies certain pre-programmed words, phrases or numbers, and is often used to prompt callers through an automated response system. In contrast, voice recognition systems recognise the voice of the caller to identify them.
This is done by mathematically modelling the caller’s vocal cords to create a voiceprint; the vocal equivalent of a fingerprint. A biometric-based system would work in conjunction with call recording systems, making a voiceprint of a genuine customer and recording this with their file. Whenever the customer calls back, the system will create a new voiceprint and compare it to the one stored on file. If the prints match, the caller is genuine.
The reality of voice recognition
There are a number of benefits associated with the use of voice recognition technologies. First of all, the prints do not change with language, nor can they be disguised with regional accents. Although age does have an impact, the change is gradual, and the voice recognition system should incrementally update the caller’s voiceprint in the background every time the caller returns. This ensures that the caller’s voiceprint remains up to date.
Unlike speech recognition technologies, voice recognition is text independent, so print-matching can take place through the course of normal conversation. There is less chance of recorded messages being used to defraud the call centre as a result – and the whole process is non-invasive and does not detract from the convenience of the call centre.
As an additional advantage voice recognition can also be used to validate the identity of the call agent as they log in, so providing additional reassurance to customers. Best of all, it comes with existing call recording systems, making it relatively straightforward to install.
Of course, no biometric is 100% exact. Even DNA matching allows for errors, albeit infinitesimal ones. However, a call centre agent simply has to confirm a positive match in a one-on-one comparison, and in the majority of cases this shows clearly whether the prints match. In the relatively few cases where uncertainty exists, the system can be set up to indicate this to the operator, who can then use additional authorisation practices to validate the caller.
Even bad lines and static, which may affect the quality of the voiceprint, can be countered by certain systems that are ‘trained’ on both mobile and fixed lines to recognise and filter out the interference and give a clearer print.
Nonetheless, call centres and their clients need to understand what their own risk parameters are when using voice biometrics. Do they wish to spread their nets wide, and catch all impostors – and a few genuine customers? Or should they be a little less stringent, and ensure that all genuine callers, and possibly a few fraudulent ones, are let through?
There is certainly a pay-off to be made, which means that other forms of identity management cannot and should not be abandoned completely. Nonetheless, voice biometrics technology still offers the best chance of keeping the fraudsters at bay.
Albert Selzer is managing director of Spescom DataVoice