Blog article
See all stories ยป

Voice verification - for mobile banking security?

If you are a user of a mobile banking service, you can experience the ease of accessing your account balance, last statement, but when it comes to transactions, bill payments, it gets challenging. On the market there are different solutions of the transaction authorisation especially in browser based mobile bankings;
- simple PIN (unsecure)

- one-time-password generated by an other device (two-device misery)

- one-time-password received in SMS (application switching misery)

- one time-password generated by the another phone app (same as above)

- simple PIN and no possibility to transfer to new payees, but only to partners registered in the online banking (what if i need a new one?)

So far there is no silver bullet, but i advise you to keep an eye on an upcoming technology: voice verification of the transactions in a biometric automated way.

The model is simple: after you have initiated a transaction on the mobile (to new payee or over a limit), the "machine lady" calls you to read back the transaction details and ask for your confirmation, so you need to say a sentence to the phone. If it is you, the biometric voice check and your transaction passes.

No need for an authentication device, biometric security, it sounds promising doesn't it? Still, the market uptake is not yet there, we are waiting on real success stories and 100% reliability.

Would you consider such a solution secure enough and user friendly?

Comments: (2)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 02 April, 2010, 12:34Be the first to give this comment the thumbs up 0 likes

Voice based authentication has been tried in the past - I am aware of at least one provider in the US. At the time, several years ago, the technology wasn't fully mature and there were instances of genuine account holders with a sore throat finding their access blocked! If the technology has matured since then, voice verification is surely an option that strikes a good balance between security and convenience.  

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney 05 April, 2010, 02:03Be the first to give this comment the thumbs up 0 likes

Sadly it's still impossible to answer the question 'is such a solution secure enough?' because -- scandalously -- there are still no agreed standards for measuring accuracy (False Detect and False Reject rates) for biometrics.  And whatever testing that is done is almost always performed under the "zero effort imposter" assumption in which no active effort is made to spoof the biometric under test.  So beware: when reviewing FAR and FRR (when the vendor is good enough to actually report them) you will find that they reflect accidental errors only.  Reported biometric performance specs reveal nothing about their resistance to concerted efforts by fraudsters.

See the FBI's "SABER" report which cautions that: "For all biometric technologies, error rates are highly dependent upon the population andapplication environment. The technologies do not have known error rates outside of a controlled test environment."

It's outrageous, when the primary concern allegedly addressed by biometrics is crime, that biometric bench testing bears no resemblance to real life efficacy against criminals.

 

Retired Member

Member since

19 Mar

Location

Blog posts

3,825

Comments

4,733

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.


See all