If you bank with any of the big four, chances are you’ve been provided the option to use voice authentication instead of multiple passwords when calling the contact centre. In the case of HSBC, the phrase ‘my voice is my password’ is the go-to identifier for your account. But just how secure is this form of identification?
Layering biometric authentication is one of the most secure ways to protect data while making it easier for users to interact with organisations, according to CX and biometrics expert Brett Beranek.
“Biometric authentication allows users to by-pass the tiresome username-password form of authentication, which can be really tedious, especially over the phone,” he tells GrowthBusiness.
Beranek is the director of product strategy at voice and language tech firm, Nuance Communications, which recently launched a virtual assistant ‘starter pack’ for challenger banks and smaller institutions, combining the security and seamlessness of voice authentication with AI tech.
“Voice biometrics is our core business; it’s our heritage. We’ve been working with voice since the 1990s, and have been specifically identifying fraudsters since 2002. There are a few inherent weaknesses in traditional voice authentication systems that fraudsters know how to manipulate, says Beranek. “There’s a lot of data lost during the recording-playback process. Even when something is recorded in a studio, the human ear can tell it’s not live. And even if it’s not obvious, the technology can pick it up.”
The second vulnerability is if fraudsters use a synthetic voice. “A whole division of the company creates synthetic voices, so our researchers work very closely with researchers in the fraud detection department to get one step ahead of these fraudsters. If a human repeats the same phrase, the intonation, pace, and other minor characteristics will change each time.”
Since it’s virtually impossible to say the same phrase the same way more than once if it’s a real person speaking in real time, voice biometric authentication emerges as a secure option in a multi-layered security system.
This is what many of UK’s top banks are aiming for, including HSBC, which is aggressively rolling out voice biometric authentication globally as it rapidly digitalises operations.
“HSBC serves over 37 million customers worldwide. Customers are trusting us with their data and their money. We still have a massive way to go to simplify our organisation to make it easier for customers, and there’s a huge commercial reason for this too,” says HSBC’s Mark Bramley.
As the head of business management, global contact centres in HSBC’s retail banking and wealth management department, Bramley’s remit is to align the bank’s legion of contact centres with its overarching digital strategy; which is no mean feat.
“A lot of it is understanding what our customers need and how to make it easier. Yes, it’s about digitising the bank, but we’re not kidding ourselves that we’re a technology company. We need to understand tech, and not just use it for the sake of it, but to help us and our customers make money,” he adds.
There are 16,000 people working in HSBC’s contact centres around the world, which is why the bank made a significant transformation investment over the past few years to roll out a standard approach to the customer service mix.
“The mix is changing. We’re seeing more live chat and video coming into play now. Calls to contact centres are no longer to check their balance or to make a payment. Now, more customers start their journey via mobile banking or through the app, but need a little more help and advice with decisions,” Bramley says.
Part of the process involves “ripping out” the core platform and replacing a myriad of different applications with a common global application.
A key new addition is voice ID.
“As customers adopt a more digital approach and phone the bank less and less, it’s going to be harder for them to remember all the passwords associated with their accounts. 18 months ago, we said enough is enough, and launched a similar voice biometrics-based system,” Bramley explains.
“We brought in our colleagues at the early design stage so they can understand biometrics, what we’re doing and why.”
In the UK, 80 per cent of fraud is committed by 20 per cent of the same fraudsters, according to Bramley. When the bank identifies fraudsters on one call, it can identify them again on other calls. “Since last September, when we launched voice ID, our fraud has been reducing month-on-month.”
With a change as expansive and disruptive as voice biometric authentication in a bank as large as HSBC, it’s not just about the technology. It’s the massive cultural change that needs to be implemented across the organisation. “It’s about having to explain the difference between black-and-white password authentication to probability-based biometrics. It’s a significant investment that will take up a lot of time and effort across the organisation, from the IT function to HR. But for us, this is what makes sense. It makes my (contact centre) colleagues’ lives easier and our customers lives easier to just say a phrase rather than having to start every conversation with a five-minute authentication process,” Bramley says.
Voice biometric authentication at HSBC is currently live in UK and Hong Kong, and will be live in the US and Mexico shortly, which opens up a completely different discussion; will the passphrase change for each market?
The phrase ‘my voice is my password’ works in the UK, but that doesn’t mean it’ll work everywhere, says Bramley. “In Hong Kong, it’s “I need your help with something” in Mandarin and Cantonese, since that’s what worked best with customers there.”
“Voice biometrics is an easier sell in the UK and US because biometrics is already here. In some other markets, it’s a newer concept we need to explain, not just for customers but our colleagues as well. There’s more work to be done to make people understand and more importantly, trust biometrics.”
The adoption of this technology differs by culture and even within markets, says Bramley. A key priority for the bank is to offer voice ID as an option to customers worldwide.
“Why wouldn’t we offer it to all of our customers? This shouldn’t be a ‘service’, it should be par for the course, and not just for the wealthy. It’s just the first step to make it easier for our customers across channels, and is part of the digitisation process.”