Preventing Hackers From Accessing Financial Information

Uploaded on 2016-07-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Companies are combating sophisticated hackers by utilizing voice biometrics to authenticate customers when they call banks or credit card companies, adding another layer of security to prevent a growing amount of fraud.

As customers find it increasingly vexing to provide not only their username and password and other personal details, companies must balance combatting fraud with providing a less cumbersome experience. A growing number of companies are adopting voice biometrics, where voice and speech patterns are used to identify the individual calling with questions about their account balance or transaction.

"When you contact financial institutions, you already have a problem and you want that issue resolved quickly," said Erica Thomson, a real-time authentication consultant at NICE, a Ra'anana, Israel-based software solutions provider.

Providing your mother's maiden last name or the nickname for your first dog is becoming an obsolete strategy since cyber attackers have already mined social media for the seemingly private information. Thwarting hackers requires staying one step ahead of them.

Voice biometrics is being implemented by many financial institutions such as banks and retirement providers, because it does not require consumers to be physically present or have the software capable of authenticating them through their fingerprint or an iris scan. The technology encompasses an individual's voiceprint of over 100 vocal and personal characteristics with 50% consisting of their physical traits such as their vocal cords, sinuses and lung capacity and the remaining half comprising of their personal tone, pitch and pace when they speak, she said.

Many companies utilize the technology by acquiring a person's voiceprint passively or simply capturing it as the individual inquiries about a transaction and answers questions with a customer service representative. The next time they call to ask about a purchase or a deposit, the company can compare their current voice against the voiceprint, Thomson said. Within seconds, the employee at the bank can determine if the caller's voice matches the voiceprint.

"We've made life easy for fraudsters with social media for many years," she said. "This technology aids financial institutions so they can help their customers quicker and sort out their situations faster."

After a pilot program last year, Citigroup now authenticates a small fraction of its customers who have their branded credit cards by using NICE's voice biometrics technology. As of June, 750,000 customers out of a total of 23.8 million active and inactive accounts can access their accounts by using their voiceprint.

"This is very critical for our customers because it increases their protection," said Andrew Keen, a director in the consumer banking unit at Citigroup. "We are putting the onus on them to prove who they are now."

The feedback from consumers has been positive and Citigroup is still determining whether to use the software for its banking customers.

"Within the first 15 seconds of a customer calling, they are fully authenticated, because it all happens when you tell us why you called," he said. 

How Voice Biometrics Works

Fraudsters have always remained one step ahead and have attempted to circumvent voiceprints by calling unsuspecting consumers and pretending they are from technical support or seeking answers for a survey to record their voices, said Thomson. The hackers want to trick unwary people into saying certain phrases or words and splicing them into new recordings.

The cyber criminals have failed, because this method is "not applicable to real authentications" and they are not fluid conversations, she said. Voice biometrics does not authenticate people by particular words and phrases, so these attempts at phishing are not successful.

"There is no technology today that can make me sound like you," Thomson said.

Voice biometrics operates by judging characteristics such as the pitch and tone of how a person speaks and since consumers will say different things each time they call their bank, simply recording someone's voice is not feasible.

"It is impossible to recreate that voice, and it cannot be engineered," she said. "There are not any mandatory questions, so the technology maintains the integrity and uniqueness of that person's voice."

The biometric system uses "sophisticated algorithms" to match comments made by that person against their previously recorded voiceprints to verify their identity, said Amit Basu, a professor of management information system at the Cox School of Business at Southern Methodist University in Dallas.

The voiceprint utilized by companies are encrypted and only contains a "registry of their characteristics, not the conversation," Thomson said. The technology does not require storing any customer information such as a recording of their voice or social security numbers, increasing security and lowering the odds of fraud occurring.

Computers can capture the uniqueness of each voice and convert the "analog sound waves into a sort of voiceprint or binary image of the sound that your voice makes and various algorithms build this unique 'image' or a biometric vector of your voice," said Jason Braverman, CIO of Hoyos Labs, a New York-based mobile biometric authentication company.

Will Voiceprint Replace Other Bio?

Combining voiceprint with other biometrics such as fingerprint or iris scans will be the most effective approach rather than using it to replace other authentication methods, said Basu.

One advantage is when hackers attempt to replicate a person's voice, that voiceprint is also retained and left behind for comparison. The likelihood that the system mistakenly matches a person's voice is low.

"Overall, there is more chance of false rejection than false acceptance," he said.

In some instances, voice biometrics can completely replace the use of a username and password as long as people enroll again, because voices tend to change with age and weight gains or losses, said Braverman.

Voice biometrics can replace the traditional method of verifying a person for basic account inquires such as when a bill is due. The use of voice biometrics will be an "added layer of authentication" for transactions which pose a higher risk of fraud such as transferring money into another account, said Steve Williams, a vice president of business strategy at Verint Systems, a Melville, NY based software company.

Drawbacks of Voice Biometrics

Noisy environments can hamper the use of the technology but remains a minor issue as both software with smartphones and voice biometrics can minimize or remove background noise, said Thomson.

One of the downside of biometrics is that it cannot be changed easily, said Jason Glassberg, co-founder of Casaba Security, a Redmond, Wash.-based cybersecurity and white hat hacking firm. 

"The true security will depend on the level of sophistication used to match highly precise and detailed voice patterns and guard against pre-recorded sounds," he said. "Nothing is ever 100% safe and even biometric data can be stolen or imitated."

Voice biometrics is not the only solution to preventing hackers from obtaining data, because fraudsters will develop more refined methods, said Thomson.

"Cyber criminals will attempt to enter a network through other channels," she said. "This is what happens with all technology - the fraudsters become more sophisticated. We are always developing solutions to stay ahead of them."

The Street

« IBM Computer To ‘Help’ Accountants
Donald Trump, Hillary Clinton & Russian Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

GlassSquid

GlassSquid

glasssquid.io simplifies your cyber security job search. We want to help you find your next perfect fit opportunity by removing the confusion.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Findcourses.com

Findcourses.com

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Ballistic Ventures

Ballistic Ventures

Ballistic Ventures is a new kind of venture capital firm, built by and for cybersecurity entrepreneurs and investors.

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.

Yondu

Yondu

Yondu empowers businesses across various industries through a wide array of innovative technology solutions to help them scale in the new digital economy.