Voxeo Talks

This guest post is from Paul Heirendt, co-founder, president and CEO of TradeHarbor and is part of our voice biometrics announcement today. Visit the announcement page to watch a video interview with Paul Heirendt.

Voxeo’s leading edge approach to enabling the mash-up of web services and communications technologies makes them a perfect platform partner for the web service approach of TradeHarbor’s Voice Signature Service. Adopting a platform-agnostic and application-agnostic approach to Voice Authentication delivers a better ROI and more flexibility. This approach enables the rapid implementation of Voice Authentication to legacy applications and platforms that support an organization’s interactions with their customers. It also enables the organization to implement a consistent approach to authentication across disparate business units/product lines, communication modes (Internet & telephone), platforms (Touchtone IVR, Speech-enabled IVR, Live Operator, and Websites/pages) and locations (both owned and outside service providers).

Identity and Authentication are 2 very different things:

• Identity is the data that uniquely represents who you are (Social Security Number, Passport Number, Driver’s License Number, membership number, account number, phone number, email address, etc.)
• Authentication is the assurance that you really are who the data represents that you are.

Identity management without strong authentication is dangerous and has very little business value. The risk in depending on the identity assertion is lowered when biometric voice authentication of an individual provides the required confidence to take action. The confidence level required to take action can vary from interaction to interaction based on many factors – the ability to balance these factors dynamically is a key to lowering risk without impacting user convenience.

TradeHarbor’s Voice Signature Service (VSS) provides the core Voice Biometric functions as a Decision Support Web Service:

Decision Support – business rules can be established and adapted over time to consider such risk factors as: the value of the transaction, the fraud­risk profile of the transaction, the history of that customer, etc.

Ease of integration – application developers can deploy Voice Biometrics as a component of their voice or web application using VSS by invoking a simple Web Service API without having to understand the science, statistics, tuning or professional services required in biometric software deployments.

Interoperability – the VSS Web Service API can be invoked on IVR and Voice Platforms using VoiceXML subdialog calls, an xml interface, or on webpages or web-based applications using server-side scripts. The VSS Web Service API enables a consistent approach to strong authentication and business rules across all of the customer touch points.

Balance Convenience and Security – the VSS returns a “Normalized Confidence Score” enabling a real-time risk decision capability. This allows an application to dynamically select the decision threshold on a transaction-by-transaction basis using the VSS score combined with any other factors available to the application.

Anonymous Authentication – The VSS approach to voice authentication does not use or expose any identity information, personal health information or personal financial information.

Legally-binding Signatures – every VSS interaction constitutes a legally binding signature – meets the American Bar Association guidelines for a Legally-binding signature. The VSS provides: Authentication of the individual using the unique biometric characteristics of the user’s voice; Authorization through a provable cooperative act; and an Audit capability to provide proof for repudiation.

Regulatory Compliance – The VSS provides strong authentication to meet regulatory requirements for financial and health transactions.

Voice Signature Service API Interfaces:

The VSS Service is built with the objective of providing easy access for a broad range of applications via simple XML or VXML interfaces, so that multiple applications can readily share the same registry of enrolled voices without the burden of adding and integrating a unique voice authentication system for each application.

The VSS Web Service only accepts service requests from valid Requesters (Requesters with a current VSS SLA) through XML or VoiceXML sub-dialog calls, through secure communications over the Internet using SSL, TLS/SSL, VPN, or other protocols. Communication can also occur over a dedicated connection between the Requester and VSS, such as ATM, Frame-Relay, dedicated T1 or other methods as specified by the Requester and agreed to by TradeHarbor in the VSS SLA.

The VSS API supports both VoiceXML (VXML) and XML interfaces.

• The Voice Signature ServiceSM system (VSS) supports VXML v2.X. A VSS Session is implemented through a VXML sub-dialog call.
• The VSS also supports XML for implementation as a Web Service or with legacy IVR platforms (that may not be VXML compliant).
• The VSS VXML sub-dialog has been tested with, and is currently supporting transactions on the Voxeo platforms and hosted services.

A VoiceXML integration of the VSS is typically accomplished in less than 1 hour using 3 basic subdialog calls: 1. register_identity_claim.vxml subdialog registers a new identity claim (identity_claim) for use in subsequent enrollment and verification sessions. An identity claim must be registered before a Speaker can enroll his/her voice during an enrollment session. (Note: block registration is available for multiple registrations) 2. create_vss_session.vxml subdialog begins a Voice Signature ServiceSM (VSS) session to either enroll or verify the User. The subdialog will validate the identity_claim and return a VSS session ID = session_id. (An example session ID: 4589-2973-9475-4EA5-9B0B-5306-55CF-76CA.) 3. complete_vss_session.vxml subdialog handles the dialog management for passing the prompts for the platform to play for the user, receiving the recorded user responses from the platform, and when the VSS session is complete, returns the Results Variables and dialog control to the VoiceXML application.

The VoiceSig Express (VSE) API is designed to support webpage or web-application implementations by providing the telephony interface. The VSE API supports two basic telephone interactions – an inbound Call and an Outbound Call invoked through server-side scripts = create_inbound_session, or create_outbound_session and get_session_results . TradeHarbor provides sample scripts in PHP, Perl, Java, Ruby, and others.

The primary development effort in designing and deploying applications that use the VSS for voice authentication or remote Voice Signatures is related to the changes required to the UI (User Interface) or VUI (Voice User Interface) to meet the human factors issues associated with introducing Voice Signatures to new users and properly handling VSS confidence scores that are lower than the threshold required by the specific application in the specific interaction or call context.

Summary:

TradeHarbor offers the VSS as a Web Service (Software as a Service), which makes it simple, quick and inexpensive to implement and which enables inter­operability across a business enterprise for all types of Internet, telephone and mobile platforms. While the core VSS interactions remain uniform, the applications supporting various business processes can tailor how the VSS is used: the point in the business process when the VSS is invoked; the “Signature Statement” associated with a document signature or authentication; and balancing the desired security / convenience for an interaction based upon the unique risk and value characteristics of each individual interaction or transaction. The Signature Statement heard in the Voice Signature session can be tailored for each transaction or document type to ensure that the signer is aware of any associated terms and conditions, and is cooperatively agreeing to be subject to them.

Thus, the VSS can enable a uniform approach to authentication and document signatures across all of an enterprises customer touch­points, and on any of its customer-facing platforms. For example, a customer may enroll their Voice Signature when working with a representative on the phone to open an online account, and be subsequently authenticated in the same or other business units. The VSS is designed to flexibly meet specific business requirements, risk management requirements, technical security, transaction enforceability, and legal/regulatory compliance requirements.

Voxeo’s leading edge approach to enabling the mash-up of web services and communications technologies is a perfect platform partner for the web service approach of TradeHarbor’s Voice Signature Service. TradeHarbor’s partnership with Voxeo enables developers of voice and web applications to add voice biometrics to their solutions quickly and easily through the development, testing, proof of concept and deployment phases of their project.

This guest post is by Peter Soufleris, founder and CEO of Vocalectand is part of our voice biometrics announcement today. Visit the announcement page to see a video interview with Peter Soufleris.

There are a lot of interesting things happening these days relative to voice biometrics – too many to cover in any one blog entry. So today we’ll start by introducing Vocalect Biometric Solutions, then we’ll detail some of the issues we help address, what differentiates Vocalect from other vendors, what some of our challenges are, where we are seeing success, and finally we’ll look at a couple areas that we believe are particularly promising for our technology in the future.

About Vocalect

Vocalect provides hosted voice authentication services to IVRs, call centers, and mobile applications via standard programming interfaces such as XML and VoiceXML. Our goal is to provide highly flexible and accurate services for our clients that are easy to understand and use, with excellent business and technology support – and at reasonable prices.

Vocalect’s team has over 4 years of direct experience with voice biometrics and hosted authentication solutions in the U.S. We’ve written an awarded patent, have developed several voice biometric engines and signal processing routines, have developed and deployed robust service delivery systems, and have helped clients integrate our solutions into a wide variety of applications.

Vocalect Solves a Couple Specific Problems

Vocalect helps to verify the identity of individuals simply by the sound of their voices. Our solutions are particularly effective when customers are not present for a transaction – such as when they contact our clients by telephone. Our services are able to quickly, accurately, and inexpensively identify customers without any specialized hardware or software.

Increasingly, our services are being deployed as an integral component of multi-factor authentication processes within client systems. Consider a simple IVR example for a credit card issuer:

1. A customer calls an 800 number for service on their credit card. At this point, one “factor” may be that the customer’s caller id information is recognized by the bank’s IVR system.

2. After being greeted by the IVR, the customer may then be asked to enter (or speak) all or part of their credit card number. This knowledge is yet another factor that can be checked and cross-referenced to the customer’s account.

3. Finally, the customer may be asked to repeat a passphrase, speak some numbers, or speak the answer to a question. In this case, our voice biometric engines provide yet another factor. We process the customer’s spoken response and accurately match it to their stored voiceprint – all in a matter of seconds.

This example shows one potential multi-factor approach that gives the bank’s fraud and risk models three factors (or probabilities) to work with. This is a very powerful approach to fighting social engineering and identity theft in IVRs and call centers. And, it can be done without live agent intervention, saving both FTE expense and call handling time.

With today’s tight economic conditions, Vocalect’s service delivery model also addresses the costs associated with testing and evaluating voice authentication technology. Our hosting platform goes beyond providing only voice enrollment and verification services. We also provide a wide array of related services – toll-free numbers and outbound calling; full-featured IVR facilities utilizing VoiceXML-based dialog management; automatic speech recognition (ASR) and text-to-speech (TTS) capabilities; custom prompt recordings in multiple languages; and custom application and consulting services. Thus, we can help prospective clients to conduct trials and pilots on our system – allowing them to “try before they buy”.

All Voice Biometric Companies Are Not Equal

There are several companies in the U.S. and abroad that provide software and solutions that employ voice biometric technologies. However, it is important to realize that there is a fairly wide range of technical and operational expertise between these companies. Vocalect differentiates itself from other competitors in a number of ways:

• VoiceXML Hosting Experience. Our team has over 4 years of hands-on experience with the design, development, implementation, and management of hosted voice authentication services utilizing VoiceXML. In particular, we have a great deal of experience with Voxeo’s Prophecy platform – perhaps more than any other company.

• Focus. Some of our competitors have focused their development on password reset and other application-specific systems. Some competitors are expert with forensic applications and voice identification systems. And other competitors have client-server solutions with specific hardware and software requirements. Our team is 100% focused on the design and development of secure, standards-based voice authentication services for call centers, IVRs, and mobile applications.

• Industry Knowledge. Our team has significant experience deploying and servicing large-scale systems within financial institutions, insurance companies, pharmaceutical companies, and telecommunications companies – some of the many industries that increasingly need high-volume voice authentication services such as ours. We understand the business, technical, security, compliance, customer, and support issues related to deploying voice authentication solutions.

• Flexibility. We do not force customers to adopt a specific use case. Our multiple engines provide maximum flexibility to system designers. So, our clients can choose to use passphrases, numbers, natural speech, or combinations of techniques.

• Adaptability. We own, develop, and maintain our own core technology. So, we are not subject to the feature sets or road maps of other vendors. Further, our low application overhead and service-oriented architecture is more readily adapted to the specialized needs (and frequently changing business requirements) of larger customers.

Challenges in the Industry

Over time, voice biometric solutions have been proven to be quite accurate and reliable. However, several challenges still remain to widespread adoption of this technology:

• Consumer adoption is perhaps the biggest challenge in the industry. It’s not uncommon to hear prospective clients say “our customers will never want to do this”. However, we have data from pilots, focus groups, and other findings that lead us to the opposite conclusion. People are tired of all the user ids and passwords, PINs, and other things they have to remember. They really want something that is simple – and voice meets this need. The good news is that after several years of successful trials and pilots, we are now poised to see some fairly significant deployments this year and in the years to come. So, this hurdle should become less of an issue over time.
• For any voice biometric company that is hoping to deploy large-scale authentication solutions, another challenge is the issue of “channel mismatch”. As an example, some voice biometric systems don’t work well if you enroll on your landline and then later try to verify from your cell phone. Without proper channel compensation models and procedures in place, clients and their customers could get frustrated. Our engineers focus a lot on this issue, and we’ve been able to come up with some innovative solutions that perform well.
• Another technical challenge relates to quality of service on some of today’s VOIP lines. Good quality VOIP can be indistinguishable from analog lines. However, we’ve all had conversations with people that sound like they are “underwater”. So, we’ll have to continue to work with VOIP technology providers and clients to manage these circumstances.

We’re Seeing Success

Vocalect is starting to see success in a variety of IVR applications where clients use our services as part of their multi-factor authentication programs. This is the result of effective team communications, having the right expectations, and understanding how to use these tools – and in what circumstances. In our opinion, voice biometric authentication is the perfect compliment to any IVR authentication process that needs to be strengthened or enhanced.

One of our most promising capabilities relates to outbound calling – initiated from a web application or to mobile applications at point-of-sale. By placing an outbound call to a known number, the phone itself becomes a token – yet another factor. These techniques are referred to as “out-of-band” (OOB), as you are introducing another contact channel to a customer that is already engaged in an authentication process of some sort. Outbound calling can therefore be an excellent and relatively inexpensive way to provide very high levels of security to applications.

In fact, it was Voxeo’s ability to easily provision inbound or outbound calling to a variety of applications that originally attracted our team to Voxeo and the Prophecy platform nearly 5 years ago. Voxeo provided us with a stable and robust solution that we could simply tap into and have it work. This was a tremendous benefit to us, as we were able to remain focused on voice biometrics.

We’re also continuing to explore a number of new and novel uses for our hosted voice authentication services. Recently we spoke with an Asian company that detailed a use case we had never heard of before. It turns out that our technology is ideally matched to their needs (they are a Voxeo customer as well); however, we never foresaw this particular application because it is unique to their culture. So, we remain very excited about our partnership with Voxeo and the geographic reach their platform provides for us and our mutual customers.

Future Trends

Although it is difficult to predict exactly what will happen over time, the future looks bright for voice biometric technology. A couple of the more interesting developments to look forward to are:

Fast Identification. Assuming that computing power continues to increase, being able to speak and be quickly and accurately recognized (without an initial claim of identity) holds a lot of promise for many authentication scenarios.

Embedded Uses. Within 3-5 years there will be significantly more standardization within the industry, as well as consolidation. It’s quite possible that phone companies and mobile handset manufacturers will embed voice biometrics directly within their products and services and provision and sell them much like caller id or ring tones. We are already starting to have some of these discussions.

Conclusion

There are a lot of considerations relative to voice authentication technology. Should you wish to learn more about our services, please visit Vocalect’s website at http://www.vocalect.com. The Vocalect team will be happy to discuss your needs and help you determine if our technology is right for you.