India banks explore voice biometrics for added security

For banks in India, voice authentication is increasingly an important part of their implmemenation of biometric security features such as fingerprint or iris recognition.

A report by The Times of India, some local banks are already in discussion with Nuance, which specializes in voice recognition and its technology is already available in devices such as Apple and BlackBerry devices. According to Nuance, voice recognition is a more reliable security feature for telephone banking, eliminating the need to enter PINs or wait for One-Time Passwords (OTPs) to be sent to customers' registered mobile devices. 

The U.S. vendor explained that a voiceprint comprises a hashed string of numbers and characters, representing how specific an individual's voice rates on metrics being measured. As such, a compromised voiceprint is of no use to a hacker as it can't be used to authenticate a system and it can't be reverse-engineered either.

Considering Nuance has several customers that have deployed voice biometrics commercially, I'm surprised this hasn't caught on sooner in India, especially since telephone banking is only slowly being replaced by mobile banking. 

To clear up any confusion, phone banking and mobile banking in India are operated on two very different infrastructures. Phone banking involves customers calling up the bank's service support representatives, typically from a phone number registered with the bank. If the phone number is not registered with the customer, additional verification questions will be asked to the customer.

In mobile banking, customers simply use their registered mobile devices to access their bank accounts. If the device being used is not a registered device--that is, the mobile number is unrecognized--mobile banking on the customer's account is then suspended until the customer updates the registered mobile device number, usually in writing or in person at a local bank branch.

While it initially may not be cost effective to invest in voice authentication technology, there are consumers who prefer telephone banking and might not make the switch to mobile banking, for personal and security reasons. In some cases, customers might not be equipped with devices for mobile banking so telephone banking is the only viable option to them. 

I can say from personal experience, online, mobile, and telephone banking have been a great experience in India. Compared to the West, I find it to be more secure. As mentioned earlier, in most cases for online banking, users will be prompted to enter the OTP sent to their mobile device to prevent unauthorized access. Mobile banking is a similar experience, and telephone banking in India is the most secure I've seen. In addition to literally providing all of your personal details over the telephone before any action can be taken on a user's account, an OTP is again sent to the registered mobile device, and then entered into the IVR (interactive voice response), with the customer listening, in order to verify access.

Unfortunately, even with all of these security features in place, banking fraud continues to remain a growing issue among banks in India. What makes it more troubling is that in almost all fraud cases, a bank official is usually directly involved. Perhaps Indian banks also should increase security and scrutiny of employees they've hired to prevent and curtail some of the online fraud. A little difference can go a long way in ensuring customer's loyalty and trust, especially when they'll be given the option to use new security features in the future.

In my opinion, introducing voice biometrics would further prevent fraudulent use when using telephone banking. If banks are able to record the voice metrics for specific customer, it would ensure only that customer would be able to access his account via telephone banking.

If you think about it, right now without voice authentication, there are still ways for fraudulent usage to occur via telephone banking. For example, if someone knew all of the customer's personal details and also had access to his registered mobile device to receive the OTPs, essentially they could still hack into the customer's bank account. As far-fetched as this sounds, perhaps this is the reason why Indian bank accounts are looking at implementing voice biometrics.