Identity fraud

Fighting ID fraud on the phone

November 2007

ID fraud is one the biggest concerns facing the financial services sector and is estimated to be costing the UK £1.7 billion a year. This figure is unlikely to fall, and as financial providers tighten up on online security, other softer targets such as the phone are seen as untapped territory for fraudsters.

Threats come from a wide range of sources: professional criminal gangs, call centre personnel, people known to a victim, money launderers and even terrorist organisations setting up legitimate financial instruments (including mortgages), to fund nefarious activities on a global scale.

In turn, pressure is mounting from all sides for mortgage providers to take greater responsibility for fraud. The government, FSA, brokers and customers are all driving the demand for more resources to be allocated to mitigate the risk of ID fraud; whether it’s multi-factor authentication or increased monitoring of transactions. The biggest challenge for providers is building an effective security strategy, choosing tools that can help, and knowing where to start.

Secure your weakest points

At present, one of the weakest points of an organisation’s defence is the telephone. So why is the phone so vulnerable and what kind of technology might be used to address this?

Typical telephone security relies on organisations asking for information that they assume only an individual would know such as a policy account number or their secret password. This is a highly flawed supposition especially in the face of more sophisticated identity thieves using techniques such as ‘vishing’ (combining e-mail and phone calls to obtain a user’s details) or CLI spoofing (presenting a false telephone number to fool the organisation that the call is coming from a particular address).

Not only are advanced methods being used to capture personal information on a large scale, but threats are also coming from more surprising sources closer to home. In cases such as divorce or separation, for example, it is not uncommon for individuals to exploit their intimate knowledge of personal information, such as PINs or other details.

Multi-factor authentication

There have already been moves by many of the major banks to consider using what is known as multi-factor authentication for online transactions. Some have looked at the introduction of key fobs that would be issued to certain customers, so they could use a real-time generated number to authorise transactions or to gain access to information.

Voice biometrics is similar in that it can provide a method of two-factor authentication (something you have and something you know) to either policyholders or IFAs, but unlike the keyfobs the difference is that an individual’s ‘voice DNA’ cannot be compromised or stolen. Combined with another piece of information such as a policy number, or in the case of a lender or broker, their client’s policy number, voice biometrics represents both an easy and cost-effective way of identifying exactly who you are talking to and providing brokers with easy, secure and quick access to their clients’ details.

So why is it taking financial institutions so long to adopt voice biometrics when it is a well-established and proven technology that has been used by the military and government departments for many years?

In spite of the technology maturing, it is only now that the commercial world is finally beginning to recognise the scope and potential behind this exciting new technology. For example, in Australia, AHM (Australian Health Management), the country’s eighth largest insurance company, is successfully using the technology to verify the identity of members when they call to make a claim or any other customer service issue. Although the main driver for this project was originally to reduce the length of time the caller had to wait before speaking to the right department, the company now acknowledges that it has played a major role in combating fraud. With over 20,000 users registered, AHM is one of the world’s first large scale commercial adopters of voice biometrics used to ensure that customers are who they say they are and to provide a better level of service to their clients.

How does it work?

So how does voice biometrics work in practice and how straightforward is it to deploy?

One of the most surprising aspects of voice biometrics is how simple it is to enrol a voice-print. On average it takes less than two minutes for an individual user to record their voice based on specific text such as ‘name’ and ‘policy number’. This recording is then stored against the individual’s record (a single voiceprint is about 20K in terms of size), so when they next call, they simply say their name and policy number and if the voice print matches what they have stored, then the person is put straight through to a customer service representative. This takes less than 30 seconds and also bypasses the need for the individual to have to run through a series of tedious ID checks such as passwords, address details with the operator before the caller’s request is dealt with.

Benefits of biometrics

In the mortgage sector, this type of voice enrolment could be used for existing customers and/or IFAs that call regularly. Not only does it reduce the possibility of fraud, it also improves overall service and enables the caller to be put through to the right department first time. Customers can have queries resolved quickly without the rigmarole of checking personal details, while lenders and brokers can check the status of their own customers’ accounts by gaining swift and secure access to information.

With the onset of further regulation such as the EU’s third MLD (Money Laundering Directive) due to become effective in December and the arrival of Fast Payments due in 2008, whereby transactions will take place in minutes rather than days, the emphasis on ID fraud is likely to intensify. The key role for voice biometrics will be to provide secure phone-based transactions, and in the future it could also play a role in online authentication. It also has the potential to replace the need for PINs and passwords, which would be a great blessing in the password-obsessed society that we live in.

Brett Feldon is CEO at VeCommerce, a global provider of intelligent call steering, voice biometrics and voice self-service solutions (www.vecommerce.com)