An interesting story about Bank Leumi on Finextra just before Christmas.  It seems that Bank Leumi will be using voice biometrics for password re-sets for online banking. There are a couple of interesting things about this. The first is that password re-sets are an absolute pain for helpdesks and similar types of contact centre. Depending on whether this is an internal helpdesk for an organisation or an external facing one, password re-sets can be anything from 50%-70% of the call traffic.

The two follow on problems from this call volume are that password re-set is an expensive thing for IT technicians to be spending most of their time on and that they represent a significant potential security risk. It is this security risk that is the other area of interest. Passwords authenticate you based on what you know, not who you are. Re-setting a password changes that, as it potentially makes the password available to an identity thief. The blog has covered a number of examples of identity theft (this theft from Barclays in 2008 using the identity of Barclays own chairman being a particular case in point) and the vulnerability is obvious.  

In theory, biometrics removes some of this risk as it is focused on who you are and not on what you know. In practice things are not so straight forward and this is partly why biometic adoption has been more limited than might be expected. For more detail on the limitations, here's been some good posts on Finextra see "Biometrics - what's that all about then?" by Dave Griffiths and "Who's in your Wallet?" by Jarvis Kandik from 2008.  

In Europe I've tended to see biometric deployments mostly for internal password re-sets. A good example that I know of is AIB and VoiceVault who have piloted password resets for staff. The key thing here is that the staff are in a controlled, secure environment and so the biometrics is effectively only one part of a multi-factor and multi-layer authentication. This is what makes the Bank Leumi example so interesting. I haven't before seen biometrics used directly for consumer authentication for something as sensitive as banking.  I have seen quite widespread use of biometrics outside of Europe and the US and especially for areas like welfare benefits. I got a fair amount of comment to my blog post "BBC Moneybox on Speech Recognition for banking " back in February with examples of biometrics in use from the Philippines (interstingly using PerSay, as does Bank Leumi).

Depending on how the Bank Leumi deployment goes, I may need to revise my last post on the subject "Where are Speech Biometrics in Europe?..... and the Your Call Blog "....!