Paypal CISO Michael Barrett to Keynote Voice Biometrics Conference San Francisco
Paypal Chief Information Security Officer Michael Barrett will be the opening keynote for the upcoming Voice Biometrics Conference in San Francisco (May 8-9, 2013). One of the most respected security industry executives and well-known for his ground-breaking work in identity management, Barrett is responsible for ensuring the security of PayPal’s 113 million users worldwide.
Before joining Paypal in 2006, Barrett worked at American Express where he helped define and develop the company’s information security and Interent technology strategy.
Barrett is also the current president for the FIDO Alliance — a consortium of e-commerce technology and service providers promoting a standards-based, open protocol for online authentication. The alliance, which includes founding member organizations Agnitio, Infineon Technologies, Lenovo, Nok Nok Labs, PayPal, and Validity, seeks to change the nature of authentication and allow users to swap out passwords for new technologies including voice biometrics.
VBC San Francisco will convene industry thought leaders and showcase how voice authentication technologies prevent phone-based fraud and unlock intriguing opportunities for mobile and electronic devices. Click here to view the conference program.
Long seen as the low-hanging fruit for businesses to implement voice biometric technology, allowing employees to reset passwords and get access to corporate services through voice verification is an increasingly common tool for IT help desks.
This is especially true for large enterprises with thousands of employees spread across multiple locations. Organizations are looking to cut costs by automating the high-volume password-reset process and make it convenient for employees to access and change passwords at any time.
No stranger to password reset applications, Nuance has provided large, customized solutions for big enterprises such as Comcast and Kaiser Permanente. Now Nuance hopes to target the small- and medium-sized business market with the release of FastReset, the company’s first out-of-the-box product for password reset applications.
The way it works is that employees are asked to enroll using any kind of phone and repeat a passphrase that captures their voiceprint. When they call into an automated system to change their password, they’re asked to speak a prompted phrase with the system checking for a successful match. FastReset comes preconfigured, integrates with Microsoft’s Active Directory, and can be implemented in a matter of hours, says Brett Beranek, Solutions Marketing Manager, Enterprise Marketing with Nuance.
Eastern Bank is Nuance’s first FastReset customer. With headquarters in Boston, Mass., Eastern Bank has 1600 employees in more than 100 locations, managing some $8 billion in assets banking, investments, and insurance.
Beranek sees password reset as an enabler for more downstream, customer-facing voice biometrics apps. Indeed in our own research, and IBM agrees, that password reset apps are the introduction of multifactor authentication that could ultimately replace passwords in number of use cases including banking, healthcare, government transfer payments, and mobile commerce.
Avea, one of the leading GSM operators in Turkey, has tallied more than 1.3 million voiceprints since launching a call center customer verification program in 2011. Tapping Sestek’s Voice Verification solution, the vocal password process replaces a longstanding manual-agent procedure at Avea and accounts for one out of every five calls into the call center.
According to Sestek, verifying customer indentities through voice passwords reduces call duration by up to 15 seconds and has resulted in more than $250,000 in annual savings. More info can be found in the company press release.
Based in Turkey, Sestek began operations in 2000 and developed in-house voice biometric and speech analytic technologies. The company also names DenizBank as a voice verification customer, the only deployment for voice biometrics in the Turkish banking industry.
To learn more about the voice verification deployment at Avea, Gokhan Ayas
Department Manager, Call Centers & Alternative Channel will be making a presentation, along with Serdar Karadayı, managing director for Sestek, at the Voice Biometrics Conference in San Francisco, May 8-9 at the Fairmount Hotel.
Opus Research is proud to host the upcoming Voice Biometrics Conference in San Francisco, May 8-9, 2013. VBC 2013-San Francisco (#VBC-SF) will continue our tradition of tackling issues that are giving shape to a new industry. The entire agenda and program can be found here.
Selected sessions include:
- “Keynote Case Study : Passive Authentication at Barclay’s” – Hear how one of the largest banks in the country deploys voice-based authentication saving time for financial advisors and making a better experience for wealth management clients without compromising security.
- “Financial Roundtable” – Bank executives address the challenges they face as they strive to prevent fraud loss and unauthorized access over all of the channels through which banking and financial services are offered.
- “Are Pins and Passwords Necessary?” – Leading practitioners describe the technologies they are introducing to make user authentication strong and effortless.
- “Call Center Customer Care” – Avea, a leading GSM operator in Turkey with a customer base of 12.8 million, has implemented a call center voice verification system registering more than one million vocal passwords in the first year.
- “Reality Check: Lessons Learned from Forensic Applications” – The use of coice biometric-based technologies to support speaker identification for military and law enforcement activities.
- “The Secure Virtual Personal Assistant” – Apple’s Siri has raised the profile of virtual personal assistants. With the explosive growth in mobile banking and mobile shopping, the need for voice based authentication has become obvious.
Click here for all speakers.
Voice Biometrics Conference San Francisco 2013 sponsors include:
Platinum: Nuance, NICE Systems, Voicevault
Gold: Voxeo, SpeechPro, Agnitio, Sestek
Event: Sensory, TRUSTID, Pindrop, Victrio
Momentum has never been stronger for VBC. Don’t miss your chance to take advantage of the early-bird rate of $499 — ends March 15th! Register now.
RSA’s Authentication Manager 8 Intro’s the Era of the “Infinite Factor”
RSA’s SecureID tokens may be the most ubiquitous example’s of “something your have” but, with the introduction of Authentication Manager 8, the company takes multi-factor authentication to a whole new level. The Authentication Manager is the brains behind RSA’s dynamic, risk-based authentication rules engine. As Manoj Nair, Sr. vice president and general manager of RSA Identity & Data Protection business group pointed out at a recent briefing, it’s high time to use profiles that take into account “the rich set of all factors available” for setting risk thresholds and supporting user authentication in real time.
RSA’s research has shown that, in spite of high awareness of the need to employ something more than PINs and Passwords, only 20% of enterprise IT departments deploy any form of “strong authentication. The result is significant fraud loss, due to weak identity authentication practices.
Authentication Manager 8 brings “Big Data Analyatics” to bear to support risk assessment and authentication thresholds in real-time. It takes into account factors that are provided in an active way – such as providing “one-time passwords” or entering a PIN, as well as the hundreds of passive factors that may include location, device characteristics, IP addresses and the like. RSA reasons that there literally hundreds of factors that can be taken into account and near-infinite combinations to support strong, dynamic, risk-aware authentication.
What’s interesting from the point of view of voice biometrics specialists is the all-encompassing nature of RSA’s vision for multifactor, indeed “infinite factor” authentication. It means that there is definitely a place at the table for voice-based authentication, as was true when Opus Research first looked at RSA’s Adaptive Authentication in 2006, when the company bought voice biometrics specialist Vocent.
The need was emphasized by the growth of mobile computing, Bring-Your-Own-Device (BYOD) and persistent threats to information security. IT and security specialists in companies of all sizes can no longer hide behind firewalls and session border controllers. Executives literally walk outside company boundaries on a regular basis. Customers, by definition, live outside the firewall and, highly personalized, “trusted” customer care will always require strong, dynamic user authentication.”Infinite factor authentication” makes trusted, conversational commerce possible.
The latest version of Sensory’s TrulyHandsfree(TM) technology marks some radical leaps forward for embedded speech processing resources and secure device activation. The latest smartphones and mobile devices have raised user expectations surrounding how they can use their voices to take command and control of popular applications and functions. In June 2009, we described the first generation of Sensory’s hands-free technology and how it used “word-spotting” embedded in device firmware to let individuals users say pre-defined “trigger words” to initiate interactions with mobile phones or in-car devices.
During the ensuing years, the company refined the software and re-defined implementation scenarios. By July 2011, it introduced the next generation of TrulyHandsfree making it possible for its partners and customers tointroduce products and services that were more flexible (allowing a multiplicity of trigger words), robust (able to detect speech in noisy environments) and understanding (able to distinguish the meaning of phrases in order to carry out instructions in a way that feels natural).
TrulyHandsfree 3.0 builds on Sensory’s developments to date and more elegantly integrates the speaker identification and verification capabilities it introduced last May. Version 3.0 also allows device owners to combine the trigger phrase with search instructions so that a user can use a single utterance to wake up the device and carry out an order. The results are illustrated in this video:
I know this is a video demo, but I am especially impressed by the ability of the device to detect a specific individual’s voice and keywords in a moving car (which introduces wind and tire noise) with the radio on. The additional ability to distinguish between the voices multiple individuals who may be using a device should get a number of developers’ creative juices flowing. This is the basis for extreme personalization of consumer electronics at home, in a car or in your pocket.
Sensory’s Todd Mozer will be a featured speaker at Opus Research’s upcoming Voice Biometrics Conference in San Francisco May 8-9. He will discuss the advantages of integrating trigger words and speaker identification on consumer electronic devices. As rumors fly surrounding ways to activate smartphones or other mobile devices with fingerprint readers or front-facing cameras, the idea of secure, personalized access that requires “no touching” is extremely attractive.
Agnitio is Part of FIDO Alliance; Promoting Simple Sign On for E-Commerce
A consortium of e-commerce technology and service providers are redefining SSO, morphing it from “Single Sign On” to stand for “Simple Sign On.” It’s all in the interest of promoting secure communications, based on high levels of confidence that an individual with whom you are carrying out business is, indeed, who he or she claims to be. The FIDO Alliance- standing for “Fast ID Online” – is its name. Promoting a standards-based, open protocol for online authentication is its game.
Today, individuals use a wide variety of devices – including desktop PCs, mobile phones, smartphones, tablets and, soon, Phablets – to carry out search, shopping, e-commerce and banking. As they progress from the casual to the crucial, they require different levels of safeguards to their privacy and security. With the growth of electronic commerce, in general, and mobile commerce, specifically, the need for strong authentication is growing. The traditional methods – meaning PINs, passwords and challenge questions – are relatively weak and decidedly cumbersome for the average person.
FIDO Alliance members are well acquainted with the demands associated with establishing a standard to support electronic transactions and commerce. Its founding member organizations are Agnitio, Infineon Technologies, Lenovo, Nok Nok Labs, PayPal, and Validity. They are developing the overall specification, as well as FIDO-compliant products. In the name of fraud reduction, they have built a set of standards and an architecture that embraces biometrics including fingerprint, voice and facial recognition; plus existing existing authentication solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, Near Field Communication (NFC), One Time Passwords (OTP) and many other existing and future technology options. If it’s what you got, it will be accommodated.
Today’s announcement heralds the maturity of two sets of initiatives by the FIDO Alliance. Its Technical Working Group was chartered in the fourth quarter of 2012 and is very far along int providing a set of “open” standards for an architecture that has been released as part of this launch. At the core of their value proposition is to remove the friction for people to carry out commerce at high levels of trust, using a multiplicity of devices over a wide variety of communications networks. It is accomplished by allowing them to “choose their own token” to authenticate themselves.
That’s the crux of Simple Sign On and it starts with standards for authentication that are compatible with and interoperate with all devices today and in years to come. Opus Research welcomes and supports the initiative and is particularly pleased that voice biometrics – thanks to Agnitio’s participation as a founding member – is given full recognition in the initial alliance.
VoiceVault and Microsoft Pump of the Volume; Verify a Billion Authentications per Year
VoiceVault continues to take a great strides in addressing the primary concerns that prospective customers have expressed about the accuracy, reliability and scalability of its voice biometric-based authentication in real world implementations. In August, 2012, they met the need for very low False Accept Rates (FAR) without elevating False Rejection Rates (FRR) to greatly. In October of the same year, the company acted to allay fears of “replay attacks” by demonstrating that it could detect a recorded entry 99.98% of the time.
This week, VoiceVault, in conjunction with Microsoft, addressed concerns about scalability by demonstrating that a configuration using Microsoft’s SQL Server 2012 is capable of handling 1 billion authentications per year (or 250 tests per second).
Citing performance of VoiceVaults software in conjunction with SQL Server 2012, Microsoft has verified that the company’s voice biometric-based identity verification solutions can scale to support over a billion authentications per year using a test-bed configured as illustrated below:
Fifteen processors were involved in serving as “test agents/API”. The biometric processing was conducted by 8 different HP processors. And the database processing was carried out with VoiceVault 7.5 running on off-the-shelf, high-performance hardware. Based on the tests, VoiceVault has concluded and Microsoft has verified that VoiceVault’s biometric verification system “performs in a high load environment that has peak authentication session rates of 250 calls per second.” This requires the use of a high performance database system to service the API and processor machines required for this load. Therefore companies can deploy their own customer care or self-service platforms that ask for voice-based user authentication as needed in the workflow without being concerned that they will hit a bottleneck.
NICE Systems Makes Voice Biometrics A Key Component of Contact Center Fraud Prevention
NICE Systems’ newly launched Contact Center Fraud Prevention solution demonstrates the effectiveness of a multilayered, context-aware approach to phone-based security. It offers constant fraud detection by employing voice biometric technologies in combination with interaction analytics and context analytics to detect and curtail fraud in real time.
As a leading vendor of monitoring, recording and analytics resources for contact center, NICE was already in the thick of things when it came to detecting glitches and optimizing performance. It has already cultivated a global installed base of large contact center customers. The NICE Contact Center Fraud Prevention solution assigns a voice biometrics engine the task of discovering impostors based on a database of known fraudsters.
This voice-based fraud prevention does not take place in a vacuum. It works in conjunction with NICE’s “interaction analytics” resources, which detect suspicious patterns within the conversation between agents and callers. It also takes into account contextual information or meta-data that might make a caller suspect (such the originating telephone number or the known location of the caller).
By combining voice biometrics-based caller authentication with ongoing monitoring of activities that indicate fraud, the system is able to screen all calls to detect potential fraud, serve prompts to agents to walk them through the proper steps for dealing with potential impostors and generally protect companies and their customers from experiencing fraud losses.
The solution suite even includes a Risk Case Manager. It will open an investigation ticket for a suspected fraud attempts and provide the tools required to replay elements of the conversation. It is designed as a “stand-alone” product but it is more effective when integrated with NICE Actimize’s fraud management expertise and product suite, a “best in class” (according to Tower Group) set of resources for multi-channel fraud management for banks and other financial services companies.
Opus Research is pleased to NICE taking an approach that tightly integrates voice biometrics with existing contact center and fraud prevention infrastructures. It should provide a non-disruptive and cost-justified way to put voice-based identification in the critical path of preventing fraud loss.
VoiceVault reports that a “leading U.S. Cable TV system operator to support authentication of callers to its customer care center. Although enrollment in the program is optional and the number of enrollees is not reported, callers use the technology for authentication about 60,000 times each month. VoiceVault also reports that the adoption rate is increasing 10% each month.
Voice biometrics has a powerful value proposition for diversified telecommunications companies where voice-based authentication of callers is reduced from more than a minute, on average, to 5 seconds. As Opus Research has noted frequently, shortening the time to authenticate has a positive impact on customer satisfaction as well. The rapid rate of growth in enrollments and authentication provides evidence that public acceptance of voice-based authentication is accelerating. As this happens, the technology is proving that it can scale successfully.
