Meet your new password: Your voiceMay 17, 2013: 5:00 AM ET
An increasing number of companies are looking at using voice for security.
By Verne Kopytoff
FORTUNE -- Bank call center agents make good interrogators. What's your name? Your account number? Your Social Security number? Your mother's maiden name? Preventing fraud is, of course, the goal. But that doesn't make the process any more convenient.
An increasing number of companies are looking at an alternative that would do away with all of the annoying questions. Instead of an interrogation, the companies would verify their customers' identity using technology that analyzes so-called voice prints. Software would compare callers' voices with samples on file. Within a few milliseconds, the system would determine whether the speaker is, in fact, legitimate or an imposter.
Barclay's (BCS) and Vanguard are already using the technology, formally known as voice biometrics, with some customers. Other financial institutions and call center-intensive businesses like phone companies are considering it. Widespread adoption, however, will depend on factors like ease of use for consumers, reliability in preventing fraud, and the technology's cost. Consumers will also have to get comfortable with the idea of their voice prints being all that stands between their life savings and fraudsters.
"I think the public is getting ready for it," said Susan Austin, senior consultant with Enterprise Integration Group, a consulting firm that helps businesses with their call center planning and technology. "I don't think it's going to be the norm in the next few years, but it will be more prevalent."
Voice biometrics, as the technology is formally called, has been around for years. But companies are only now starting to take a more serious look following improvements in the technology and the increasing sophistication of fraudsters. The proliferation of mobile devices also adds to its allure. Entering lengthy passwords on smartphones isn't very practical when calling to get access to bank account balances, for example.
Barclay's customer service was in bad shape before it started phasing in voice print technology a few weeks ago, said Matt Smallman, who leads the client experience team for Barclay's wealth management division. High fraud rates cost the company a lot of money. Moreover, customers were having trouble answering all the questions lobbed at them by call center agents. Around 10% of all callers, many of them legitimate, couldn't get into their accounts. "Clearly, our old model was broken, and we needed to do something about it," Smallman said at a recent conference in San Francisco focused on voice print technology.
The company didn't decide on voice biometrics overnight. Extensive testing preceded the rollout last month. So far, about 30,000 clients have signed up. They can use the system to make basic inquiries like check their account balances, but not to transfer or withdraw money.
To enroll, customers make an initial call to Barclay's during which they are recorded while repeating a phrase. A second call is required to verify that the technology recognizes them. In subsequent calls, customers give their I.D. number to an agent and then go through a brief voice verification process. The technology automatically determines whether the voice on the other end of the line is a close enough match. On average, the process takes 40 to 60 seconds, Smallman said. So far, the service has worked well, with less than 1% of all voice print calls experiencing problems.
Not every customer who is offered the opportunity to enroll in the voice print program at Barclay's does so. Some are concerned about the privacy implications of having their voice recorded -- granted, many businesses already record customer service calls -- or they fear security breaches. Around 5% of the bank's customers have objected, Smallman said. In such cases, clients can continue to have call center representatives questioning them to verify their identity.
Austin, the consultant, said that it's important for companies using voice print technology to first get customer consent. Companies could, without warning, record their customers' voices during normal conversations with customer service agents and then use that for comparison for future calls. Austin said that members of focus groups have told her that they feel betrayed by such a program. Privacy advocates, no doubt, would also complain.
David Pollino, who handles fraud prevention for Bank of the West, part of BNP Paribas, said that voice print technology has several potential shortcomings. Business accounts may not work because several employees typically have access. The variety of voices could confuse the technology.
There's also the question of who's liable if there's fraud. Is it the bank? The customer? Or the company that supplies the technology?
Consumer psychology may also be a problem, said Pollino, whose bank does not use voice print technology. Bank customers, he said, prefer conspicuous security rather than subtle -- even if their protections are equally effective. Asking questions reassures people that the bank takes security seriously, he said. Replace questions with voice print technology, and customers may start to think that security is lax. "If you walk into a bank, you like to see a vault," Pollino said.
Determined hackers can overcome voice print technology, like any other security measure. Whether the danger is any greater than identity theft, stolen checks, or tampered credit cards is unclear. In theory, someone could fraudulently enroll for voice print access to someone else's bank account, providing they have a raft of personal information about them to get past the first step. They could also record a victim's voice and try to play it back, although banks can combat that tactic by making customers repeat random phrases to verify their identities. For the moment, traditional protections are so porous and voice print technology so new that hackers have hardly bothered to change their strategies.