23 April 2014

PCarroll

Pat Carroll - ValidSoft

69 | posts 243,838 | views 37 | comments

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Securing our social media identity

19 June 2012  |  2866 views  |  2

We now live in the age dominated by social media networking channels in which people feel compelled to tell the world intimate details of their daily lives. This inevitably leads to a tendency to over-share which can cause a whole range of issues, from burglars being able to target the houses of those on holiday, to others unwittingly sharing their telephone number, banking details and security questions online.

Within the past week the LinkedIn data breach issue has appeared in news headlines where more than 6 million encrypted passwords were posted on the web for other hackers to decipher.

The particular problem here is that a lot of information about ourselves is stored on social media sites like LinkedIn and Facebook, so unfortunately, the LinkedIn issue is unlikely to be an isolated incident, especially because it is common practice for people to use the same password for a variety of social media accounts. In reality no one is going to have several hard to remember passwords for all their accounts!

Although we may not be able to prevent criminals from stealing our data, we can stop them from using it to access our bank accounts and guessing answers to our security questions.

If anything, the LinkedIn issue has highlighted that a simple password is now a redundant, unsuitable security method. Social media sites need to start working more closely with security and fraud specialists to build an invisible layer of security so users can log onto their accounts in a more secure way, without having to take five long minutes to do so.

One way in which we can do this is by moving towards voice biometrics for authentication. A voice print, being a dynamic biometric is difficult for an imposter to replicate and therefore plays an important role in a multi-layered approach to authentication, but a voice print can also be screened in real-time against a known database of fraudsters’ voice prints.

It would be great to hear your views on this issue.

 

TagsSecurityRetail banking

Comments: (3)

John Fitzgerald - AIB - Dublin | 20 June, 2012, 08:47

Wouldn't want to be using voice recognition in any kind of public place. It wouldn't feel secure to me. And surely it's trivial to steal with decent recording equipment? It might not scale, like in the LinkedIn issue, but it could be directed and personal.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 June, 2012, 16:25

Although I've been exposed to voice-based authentication for 6-7 years, I recognize that it could've become reliable enough by now to enter the mainstream. It'd be interesting to see some empirical data of VBA's true-negative and false-positive rates on the basis of live implementations or field trials.

Pat Carroll - ValidSoft - London | 20 June, 2012, 17:16

@John: Thank you for sharing your views John. Voice biometrics is these days a proven security technology to provide strong authentication with very sophisticated capabilities. A very strong authentication can be achieved where voice biometrics is implemented as part of a layered security approach. There are different approaches that can incorporate Voice Biometrics such as: text dependent; text independent and conversational. You could, for example, be asked to repeat a random “one-off” PIN. This would accomplish three individual checks:

  1. Replay attack since this is a random number and useless to record (although recorded voice can be detected in other ways also, including checks for digitally generated attacks);
  2. The digits spoken must reflect the number requested;
  3. Voice biometrics authenticates the voice.

Yet all as simple and intuitive as a voice call.

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Pat

How do we achieve 'The Holy Grail' in contactless payments?

28 February 2014  |  1925 views  |  0  |  Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Malware , the Achilles Heel of Mobile Adoption

30 January 2014  |  2195 views  |  0  |  Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Customer Experience vs Strong Security: What's the Answer?

28 January 2014  |  1798 views  |  0  |  Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Predictions for 2014: Voice Biometrics Go Mainstream? Part 2

24 January 2014  |  2067 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services
name

Pat Carroll

job title

Founder/Executive Chairman

company name

ValidSoft

member since

2011

location

London

Summary profile See full profile »
Throughout his career, Pat has been at the forefront of industry thinking, representing organisat...

Pat's expertise

What Pat reads
Pat writes about

Who is commenting on Pat's posts

Andrew Smith
Ketharaman Swaminathan
Nigel Beatty