Barclays bank is to begin identifying customers by voice recognition, removing the need for customers to answer a set of security questions to access their accounts while banking over the phone.
The bank is said to be favouring those who regularly use phone banking, rather than banking in-branch or over the website/app as users of the scheme.
The move represents the latest step in the industry to abolish passwords, moving to technologies which banks believe are more convenient for customers as well as more secure.
Recent data from Opus Research predicted that the voice biometrics authentication market will grow from $200m in 2013 to $750m globally by 2017. As the greater security and convenience offered by voice authentication becomes the norm for customer experience in financial services, we are likely to see this trend extended to all customer-facing industries.
Online-only banks First Direct and HSBC took similar steps earlier this year, introducing voice pattern recognition for online banking for its retail banking operations. In addition to voice recognition, customers of HSBC will also be able to use fingerprint recognition systems for identification verification.
Brett Beranek, director of product strategy, voice biometrics, Nuance Communications, told SCMagazineUK.com: “Barclays has long been an industry leader in adopting alternative authentication methods for its customers to enable a more seamless and secure experience.”
Beranek gave insight to the decision: “Following the deployment of Nuance's text independent voice biometrics solution by Barclays Wealth & Investment Management in 2013, 93 percent of customers rated Barclays at least 9 of 10 for the speed, ease of use and security of the new authentication system.”
According to Barclays, the system typically learns enough about a customer's voice within just two phone calls, removing the need for a password or other identification to be offered on future calls.
Richard Lack, director of sales EMEA at Gigya, told SC: “The news that Barclays is abolishing passwords, in favour of voice recognition technology, for its telephone banking customers comes as no surprise. In Europe, consumers tell us that they are struggling to remember what is now an average of more than 100 passwords across their personal accounts and devices. At a time when the number of devices we own is rising sharply, the future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security.”
Lack said: “Of course, using one's voice is far more convenient than creating and remembering yet another username/password combination, along with the answers to tedious security questions. What's more, our most recent survey found that 80 percent of all consumers believe that biometric authentication is more secure than traditional registration.”
The introduction of a voice recognition system should stop familiar social-engineering attacks used by cyber-criminals who look to gain small bits of information on a target, by calling up many times to acquire details such a date of birth, mothers maiden name and first line of address which are common security questions. This should become much harder if voice recognition is in use.
Biometrics are still not perfect however - fingerprints and other biometrics data that needs to be stored online - can also be stolen just like passwords. This could potentially mean that the fingerprint sent over the internet might not be the real one.
Charles Read, regional director for the UK, Ireland and Benelux at OneLogin, warned that biometrics was not a panacea.He said: “Whilst convenient, very few people realise the potential flaws behind the use of such methods, which can be a hindrance for organisations looking to include the authentication method as a single form of authentication. Rather biometric methods should be used as an additional layer of authentication as part of a wider identity and access management (IAM) strategy, particularly as recent research from OneLogin revealed that 35 percent would actually share passwords with close friends and family. To avoid this, financial institutions in particular must embrace methods of biometric authentication which are easy to use, non-invasive and non-threatening, no matter where customers are accessing their bank accounts from.”