Is voice biometrics a worthy gatekeeper for Barclays call centres?

Barclays Wealth is using voice biometrics to improve the performance of its call centre, but is the bank in danger of compromising its security for sake of a little more convenience for its customers

“I got laughed out of people’s offices about three years ago when I first proposed this,” says Matt Smallman, vice-president of global client services at Barclays Wealth.

“It’s been an interesting journey for me. I was in San Francisco last week presenting at a conference at which we’d first proposed voice biometrics a couple of years ago, and it was great to be able to feed it back.”

The story Smallman related to his West Coast audience concerns Barclays Wealth’s pioneering deployment of voice biometrics at its global customer services call centre, a facility that serves “high net worth and affluent individuals – from £100,000 investables to as high up as you might imagine”.

Given the nature of its business, the call centre is regularly targeted by scammers trying to pass themselves off as genuine clients. The FreeSpeech solution from Nuance is designed to spot these fraudsters by analysing “over 100” different elements of a person’s voice. If a conversation triggers an alert, the agent asks the caller for a password or mother’s maiden name to confirm the caller’s identity.

Smallman says that since implementing FreeSpeech, only five per cent of callers have had to be asked for their password. “I am pleased to say, to date, we are not aware of any misidentifications or false accepts,” he says.

“It is statistically possible,” he concedes. “But [Nuance] is part of several layers, and just the first door at this stage.”

Smallman says FreeSpeech brings two obvious benefits for customers: it obviates the need for them to remember their passwords, and it reduces the amount of time they have to spend on the phone. But another major advantage, he adds, is that it helps the bank’s call centre staff deliver a better service.

“Our frontline people have historically had the weight of this whole decision [of the validity of a caller] on them, and have had little support to make the decisions successfully. You could hear that they weren’t listening or concentrating on the first few minutes of the call, they were just ‘getting through security’,” says Smallman.
Now, the operative is able to listen more carefully to a client for anything “odd or out of character”, at the same time as FreeSpeech does its magic.

Brett Beranek, solutions marketing manager at Nuance, says the technology is “like fingerprint and iris [biometrics] – it looks at all these physical characteristics and how they affect the voice. Shape of mouth, teeth, shape and size of vocal tract. But what makes voice biometrics different is it also looks at a set of behavioural characteristics like accent, or rhythm of speech, all these micro characteristics we’re not even aware of, such as the spacing between words and intonation.”

In comparison, says Beranek, fingerprint readers on, say, a laptop touchpad look at “about 25 unique points on the fingerprint. But we have a wealth of information in the voice.”

Beranek concedes the technology is not infallible: “In the case of Barclays, they tell us they haven’t had a single case of a false accept, [but in organisations] with a large enough volume of individuals being subjected, we do get a certain percentage of false accepts – usually under one per cent. A lot of banks will target a 0.1 to 0.5 per cent false accept rate.”

It sounds impressive, but is the technology really mature enough, and even truly suitable, for such high-stakes gatekeeping at a bank? Computing asked Martin Barry, of Martin Barry Forensic Voice Services, for his view on the use of voice biometrics in the financial services industry.

“If it’s 95 per cent accurate, that means one time in 20 it goes wrong,” says Barry.

“And as a standard of security, that’s relatively lax. How many calls does a call centre have in a day? I’m guessing, say, 10,000. But one per cent of 10,000 is 100, so five per cent is 500. So 500 fraudulent calls per day? Once you unpack the numbers it doesn’t look so impressive.”

Is voice biometrics a worthy gatekeeper for Barclays call centres?

Barclays Wealth is using voice biometrics to improve the performance of its call centre, but is the bank in danger of compromising its security for sake of a little more convenience for its customers

Barry is also dubious about the “100 ways” the voice is measured by the software.
“Security systems use one of three things,” says Barry. “A thing a person knows, like a password, something they have like a USB key, or a thing someone is, like a fingerprint. Now it seems to me a voice isn’t necessarily something a person is, so when you talk about biometrics on the voice, you’re talking about something in a different way to fingerprints or iris pattern. Because the voice is as much about what you do as what you are, we’re talking about habitual behaviour.”

Barry speaks of the holy grail in voice recognition technology as being “to find something that doesn’t vary within the speaker, but does vary between speakers”.

“But anything you can look at like that pretty much fails the test, because there’s always variability in anything you can measure that means people will vary from themselves. Health, or even what mood you’re in or who you’re talking to [will cause that].”

To Barry, voice is “not permanent, static and easily measurable”.

But he admits advances in computing power have made voice analytics a more viable proposition.

“It reminds me of what happened with computers and chess,” he says. “It began with trying to teach the computer everything the human expert knows, but that’s not what happens with chess. Instead, it was best just to crunch the numbers and identify every single position the game would get into. That beats human knowledge.

Computers don’t analyse voices in anything like the way I do. It’s just getting the right measurement, and crunching the numbers.”

Nuance’s Beranek argues that the technology’s relative immaturity is actually a help rather than a hindrance.

“At this point in time, fraudsters are not very aware of voice biometrics, so the way they try to compromise accounts is through social engineering, using their regular natural voice,” says Beranek.

“So if Barclays identifies a fraudster, they can add their voice to the system, and if the individual ever calls back, it can actively identify them.”

“Tuning” is another key feature of FreeSpeech, which balances convenience versus security on an entirely manual, sliding scale. Smallman describes this as the “beauty” of the system.

“Our way of thinking about it is as an optimised convenience path, so you can get the balance of your account, or order some stationery to your home address, or get a statement, and change the level of security depending on the importance of the event.”

Smallman is convinced Barclays is blazing a trail that a lot of banks and other organisations will soon follow.

“Every bank has evaluated this technology several times, and always come at it from a security angle, but the reality is it’s more secure depending on how you tune it. It’s not significantly more secure than other methods, such as two-factor authentication, but the others failed to get traction because they came purely from a security focus. I think our client focus is what [persuaded the board] to get this passed through.

“Clients will begin to expect technology like this in the near future, and I think you’ll see people like Apple and others introducing biometric technology into their personal assistants over the next year or so.

“It’ll become far more expected by people. I’m really glad we’re able to be first, but I don’t think we’ll be the last.”

@PeterGothard