Blog article
See all stories »

An article relating to this blog post on Finextra:

US Bank trials voice biometric access to mobile app

US Bank is piloting voice biometrics technology which allows customers to access their accounts by speaking into their mobile phones.

See article

The Growth in Voice Biometrics for Banking

It’s been an interesting week for those interested in Financial Services and how biometrics could be used in the industry. It was the subject of my last post on Finextra (“Voiceprints can counter ID theft, but other threats remain”), looking at Barclays’s use of Nuance and Cisco Voice Portal and last week on Finextra brought out some of the industry trends.

One major trend was in the story “US Bank trials voice biometric access to mobile app” . The move towards apps and mobile is creating some very significant changes in the nature of authentication and security. The traditional use of voice biometrics has been to authenticate callers who have dialled in over a land-line to contact centres. Biometrics have been seen as specific to the voice channel, expensive but potentially more secure for ID&V (as it checks who you are, not what you know) and potentially offering better customer service (as voice can allow more flexible menus than the traditional “….press 1 for…., press 2 for….” functionality of IVR).

Mobile devices have changed this paradigm in a couple of ways.

First, mobile voice tends to be a much lower quality than land line. Although this can be compensated for, in general terms the lower quality the input, the harder it is to use voice patterns to authenticate an individual. Voice biometric authentication can still be effective for mobile users but it does mean that a higher number of calls will need to be handed over to an agent for them to check the caller’s identity. This might appear to diminish the usefulness of voice authentication, but a second trend is working in the opposite direction.

Secondly, it may seem obvious, but mobile devices have a level of compute power and intelligence that was un-thought of when phones were landlines. Authenticating at the front-end now means authenticating at the app and authenticating the device’s current owner once a call is made. If a mobile device is stolen, then authenticating a call on the basis of what the caller knows is potentially inadequate. This is a very significant change from only authenticating once the call arrives at the bank. It’s a subtle change, but one that makes voice biometrics all the more important as mobile devices can be attacked in ways that landlines never could. It’s perhaps this that last week led Google to buy SlickLogin. Sound based authentication for a lap top or a PC might be a niche market but it could be hugely important for mobile devices that can carry a lot of data and are easily lost or stolen.

That’s why one of this week’s other stories “Nigerian banks begin biometrics registration project” was so interesting as part of the Nigerian banking industry’s efforts to fight fraud and money laundering. This isn’t a voice biometrics project, rather a face and fingerprint registration program. I can see strengths and weaknesses to this approach. Fingerprints tend to change much less over time than a person’s voice and facial recognition can be done passively (for example on security cameras at the teller counter). The weakness to both these authentication methods is that they depend on either physical presence or decent quality video and as banking shifts to mobile devices neither of those options may be readily available. Indeed, a look across to East Africa and Safaricom would suggest that mobile might arrive in African banking faster than it does in Europe or the US.

In short, the traditional use of voice authentication will remain and potentially grow as part of the contact centre but the really big drive for biometrics is how banking apps will link voice authentication into bank’s contact centres


Comments: (2)

A Finextra member
A Finextra member 19 February, 2014, 10:301 like 1 like

Hi great post and very topical.

We were also looking at this conundrum as part of our recent bank account security review (Digital Banking security: What choices should you offer your customers?)

During our research, we noted some negative comments in the industry about mobile voice biometrics posssibly being less effective in public places due to extraneous noise interference and privacy concerns as well as quality issues.

We also saw some banks notably some Spanish ones testing retina recognition as an alternative security approach. What do you think of those options compared to voice recognition particulalrly for larger devices?

Alex Noble
Alex Noble - McAfee - London 19 February, 2014, 13:31Be the first to give this comment the thumbs up 0 likes

Hi Mark,

Thank you for the comment. I think retina recognition on mobile devices is very interesting - it's individual specific, believed to change less over a lifetime than voice (though research is still limited), potentially very secure and (at least with current technology) difficult to falsify. As device video capture capability improves retina or facial biometrics are likely to be a real option for ID&V.

Background noise and the lower quality voice codecs used by some mobile operators are all potential issues for voice biometrics. My recommendation, though, is the same for all biometric solutions and that it to have a business process that can manage exceptions and when the call goes through to an agent, that agent has the resources, skills & curiosity to securely manage the subsequent interaction.

Concerns I have seen from customers are around the impact of contact lenses, the device camera resolution and whether retina recognition works in an environment with an uncontrolled background. (All rather similar to voice biometrics concerns!). Obviously, not all of these are real concerns, but banks tend to be unfamiliar with this type of technology. The technical concerns tend be whether the retina authentication & capture is done 100% locally on the device (which might be vulnerable to hacking or spoofing but is responsive & works off-line) or whether it's done  by a server side authentication (which is more secure but is slower and requires a network connection before authentication).

Hope that helps,

Best wishes,


Alex Noble

Account Director


Member since

10 Jan 2008



Blog posts




More from Alex

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

See all