Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 04 November, 2011, 16:40 0 likes

I haven't read the Aite Group report but perhaps it ranks behavior analysis at #1 position also on the basis of its applicability for both card present and card not present transactions.

As far as I can make out, correlation analysis won't work in the CNP scenario. Even in the CP scenario cited for its usage, I see two challenges: (a) Not all ATM users - perhaps not even a majority of them - will have smartphones that have GPS or other forms of geolocation functionality (b) GPSs in most entry-level smartphones don't work - or take too long to track location - inside buildings and closed spaces, so proximity correlation might take several seconds, if not a couple of minutes, to return a go/nogo decision when the ATM is located indoors.

As for voice biometrics, it's been around for long and has traditionally suffered from false-positives in the event of the customer having a bad throat. Not sure if the technology has improved substantially in the meanwhile to merit an entry into the mainstream. Also not sure how it can be used for web-based authentication. 

Pat Carroll - ValidSoft - London 08 November, 2011, 22:16 0 likes

Thanks for your comments, Ketharaman.

Correlation analysis, or Proximity Correlation Logic (PCL), can work reliably in a CNP environment because just as a phone is identifiable by its SIM card with a unique reference number, a computer can be identified by many attributes within a layered security model. Such attributes can be trusted or untrusted (e.g. an IP Address can be spoofed), but when combining several attributes in the layered security model, the reliability for authentication purposes increases and can provide a basis for PCL using clever invisible techniques which combine speed, accuracy, privacy, ease-of-use and strong security – we believe this is the model for the future, but available today.

To address your other points relating to CP transactions, Proximity Correlation Logic works with any mobile phone, it doesn’t need to be a Smartphone. PCL does not use GPS nor Lat-Long resolution, because both have serious negative implications in terms of accuracy (POS transactions) and breaches of privacy. In fact PCL is the only security solution to have been awarded a European Privacy Seal, guaranteeing it complies with EU Data Protection Law. In terms of speed, our real-time proofs of concept show that the correlation takes under 400 milliseconds, so nothing that would impede customer service. In fact, it’s completely invisible when dealing with legitimate transactions and fast enough to sit within the Authorisation Process.

Regarding voice biometrics, you’re right that there have been considerable developments over the past 2 to 3 years to the extent that we believe Voice Biometrics to be a mature technology capable of mass deployment. In fact, we are currently working on a European Government project that has entered its live trial phase in which the biometrics are performing very well indeed, and is a fantastic security layer within a multi-factor authentication and transaction verification model. One of the great things about voice biometrics is that it is a dynamic biometric, so when deployed in a layered Conversational Biometric format the result is a very strong security model, very reliable, easy to use and can be rendered useless to the fraudster who tries to steal your voice recording. As for how that would work in a CNP environment requiring transaction verification, upon entering the transaction details, the card owner’s phone could automatically ring and the details of the transaction relayed to the customer. If correct, the user could confirm the transaction by voice which again could be authenticated through voice biometric. The strength of this approach is a security model whereby complex transaction data signing up to non-repudiation can be achieved in a very easy to use manner, catering for all transaction types and numeric/alphanumeric data. If the voice test failed, the customer could be transferred direct to the bank’s fraud team, although in a layered security multi-factor model, success or failure rarely relies on a single binary check.  Finally Voice Biometric technology these days capture information relating to the shape of the vocal tract, not vocal cords so is pretty resilient in dealing with colds/flu etc and their impact on how we speak.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 09 November, 2011, 17:28 0 likes

@Pat C: Thank you for taking your time out to elaborate. It is truly enlightening to know that PCL and Voice Biometrics have made such great strides in the recent past.