Biometric authentication

How to detect customer impersonation by implementing voice biometrics

By 21 de octubre de 2021No Comments

Cybercrime is becoming a strong challenge for authorities around the world. Recently we were shocked by a news story about the theft of $35 million from a bank in the United Arab Emirates, where, according to the information given by Forbes magazine, the thieves used Artificial Intelligence to recreate the voice of a company’s manager during a call to the Director of the bank, requesting the approval of the transaction for the million-dollar sum.

The most surprising thing is not that the cybercriminals managed to fool the bank manager, but that they also fooled all possible intermediaries, circumventing any security procedures in place at the bank… A total fraud! But it is not the first.

Companies globally have been fighting hard against cyber attacks, especially in the last two years, where the digitalization of activities has grown at an accelerated pace. With this, they have had to work on the implementation of new forms of security such as facial, fingerprint, or voice biometrics, the latter being one of the most innovative and the one that could have changed the end of this story if the victim bank had implemented this technology everything would have been different. Here we tell you why.

First, let’s talk about how voice biometrics works

Enghouse’s voice recognition technology allows us to compare two audios and determine if they correspond to the same person to verify their identity in milliseconds and with only 3 seconds of recording.

Our engine is based on Artificial Intelligence and designed to protect the user’s privacy at all times.

Now, how you can detect impersonation with voice biometrics:

Our solutions (Contact Center and Vidyo) have Veridas’ biometric authentication system integrated, both facial and voice biometrics engines. The latter captures the unique physical characteristics of the vocal apparatus and features such as frequency, speed, and accents, and compiles them into a unique voice biometric vector for each person.

This vector is irreversible, meaning that it is not possible to revert to the original audio. The engine compares the vectors obtained from the recordings and provides a similarity score.

The recognition is passive as the technology is text and language independent. This means that the biometric comparison is related to the characteristics of the voice and not to the content of the sentence.

But… why choose voice biometrics integrated into our solutions?

  1. The system only requires 3 seconds of audio to verify a voice. The average time spent on authentication in contact centers is 30 to 45 seconds, so thanks to voice biometrics, you can drastically reduce the average handling time (AHT) per call.
  2. Authentication is done passively without the user having to repeat a specific phrase.
  3. The technology allows the same user to speak different languages.
  4. Pre-recorded voice detection (replay attack) with >98.5% accuracy.
  5. Live voice verification accuracy >99.5%.
  6. It is present in the Speaker Recognition Challenge evaluation of the National Institute of Standards and Technology (NIST).

In addition, our voice biometrics is endorsed as an electronic signature

In a report recently issued by the prestigious Spanish law firm ECIJA, it determines that Veridas voice biometric technology, integrated into Enghouse Interactive solutions, meets the technical and legal requirements necessary to perform advanced electronic signatures by users, as it complies with the guarantees and adequate level of security in electronic identification required by Article 8 of the eIDAS Regulation (common legal framework for trust services and electronic identification means in the European Union).

According to this report, after the tests carried out “it is confirmed that the voice recognition system developed by Veridas meets the security requirements necessary to obtain a ‘substantial’ level of security or degree of confidence in the intended identity, in accordance with the eIDAS Regulation and the Executive Regulation, since technical controls have been accredited to substantially reduce the risk of misuse and alteration of identity”.

As you can see, with our system you will be able to reduce, with a substantial degree of security, the usual cases of identity theft that occur every day in both face-to-face and non-face hiring, since the technology allows to verify the identity or authenticate individuals through their voice, which is unique, unrepeatable and inherent to each person, which makes it a very secure system and difficult to falsify.

So, most likely, if the bank in the Arab Emirates had had this system as a security check, it would have detected that the voice in that phone call was recorded or was not natural, giving them time to alert the authorities and disapprove any transaction to be made.