Voxeo Talks

This guest post is from Paul Heirendt, co-founder, president and CEO of TradeHarbor and is part of our voice biometrics announcement today. Visit the announcement page to watch a video interview with Paul Heirendt.

---

In today’s digital world we increasingly interact remotely, this has lead to increased risk and unprecedented growth in Fraud & Identity Theft, as well as convoluted business processes to attempt to manage the risk. Trust is difficult to establish in remote interactions and is extremely fragile. Without some level of trust – nothing meaningful will occur in a business or personal interaction. TradeHarbor’s mission since it’s founding in 1999 has been to “Enable Trusted Interactions”. The Voice Signature ServiceSM (VSS) is a decision support tool for the strong authentication of an individual’s identity in a remote interaction to establish the basis for trust. VSS enables authentication and document signatures over the telephone or web using any device or channel.

Voxeo’s leading edge approach to enabling the mash-up of web services and communications technologies makes them a perfect platform partner for the web service approach of TradeHarbor’s Voice Signature Service. Adopting a platform-agnostic and application-agnostic approach to Voice Authentication delivers a better ROI and more flexibility. This approach enables the rapid implementation of Voice Authentication to legacy applications and platforms that support an organization’s interactions with their customers. It also enables the organization to implement a consistent approach to authentication across disparate business units/product lines, communication modes (Internet & telephone), platforms (Touchtone IVR, Speech-enabled IVR, Live Operator, and Websites/pages) and locations (both owned and outside service providers).

Identity and Authentication are 2 very different things:

• Identity is the data that uniquely represents who you are (Social Security Number, Passport Number, Driver’s License Number, membership number, account number, phone number, email address, etc.)
• Authentication is the assurance that you really are who the data represents that you are.

Identity management without strong authentication is dangerous and has very little business value. The risk in depending on the identity assertion is lowered when biometric voice authentication of an individual provides the required confidence to take action. The confidence level required to take action can vary from interaction to interaction based on many factors – the ability to balance these factors dynamically is a key to lowering risk without impacting user convenience.

TradeHarbor’s Voice Signature Service (VSS) provides the core Voice Biometric functions as a Decision Support Web Service:

Decision Support – business rules can be established and adapted over time to consider such risk factors as: the value of the transaction, the fraud­risk profile of the transaction, the history of that customer, etc.

Ease of integration – application developers can deploy Voice Biometrics as a component of their voice or web application using VSS by invoking a simple Web Service API without having to understand the science, statistics, tuning or professional services required in biometric software deployments.

Interoperability – the VSS Web Service API can be invoked on IVR and Voice Platforms using VoiceXML subdialog calls, an xml interface, or on webpages or web-based applications using server-side scripts. The VSS Web Service API enables a consistent approach to strong authentication and business rules across all of the customer touch points.

Balance Convenience and Security – the VSS returns a “Normalized Confidence Score” enabling a real-time risk decision capability. This allows an application to dynamically select the decision threshold on a transaction-by-transaction basis using the VSS score combined with any other factors available to the application.

Anonymous Authentication – The VSS approach to voice authentication does not use or expose any identity information, personal health information or personal financial information.

Legally-binding Signatures – every VSS interaction constitutes a legally binding signature – meets the American Bar Association guidelines for a Legally-binding signature. The VSS provides: Authentication of the individual using the unique biometric characteristics of the user’s voice; Authorization through a provable cooperative act; and an Audit capability to provide proof for repudiation.

Regulatory Compliance – The VSS provides strong authentication to meet regulatory requirements for financial and health transactions.

Voice Signature Service API Interfaces:

The VSS Service is built with the objective of providing easy access for a broad range of applications via simple XML or VXML interfaces, so that multiple applications can readily share the same registry of enrolled voices without the burden of adding and integrating a unique voice authentication system for each application.

The VSS Web Service only accepts service requests from valid Requesters (Requesters with a current VSS SLA) through XML or VoiceXML sub-dialog calls, through secure communications over the Internet using SSL, TLS/SSL, VPN, or other protocols. Communication can also occur over a dedicated connection between the Requester and VSS, such as ATM, Frame-Relay, dedicated T1 or other methods as specified by the Requester and agreed to by TradeHarbor in the VSS SLA.

The VSS API supports both VoiceXML (VXML) and XML interfaces.

• The Voice Signature ServiceSM system (VSS) supports VXML v2.X. A VSS Session is implemented through a VXML sub-dialog call.
• The VSS also supports XML for implementation as a Web Service or with legacy IVR platforms (that may not be VXML compliant).
• The VSS VXML sub-dialog has been tested with, and is currently supporting transactions on the Voxeo platforms and hosted services.

A VoiceXML integration of the VSS is typically accomplished in less than 1 hour using 3 basic subdialog calls: 1. register_identity_claim.vxml subdialog registers a new identity claim (identity_claim) for use in subsequent enrollment and verification sessions. An identity claim must be registered before a Speaker can enroll his/her voice during an enrollment session. (Note: block registration is available for multiple registrations) 2. create_vss_session.vxml subdialog begins a Voice Signature ServiceSM (VSS) session to either enroll or verify the User. The subdialog will validate the identity_claim and return a VSS session ID = session_id. (An example session ID: 4589-2973-9475-4EA5-9B0B-5306-55CF-76CA.) 3. complete_vss_session.vxml subdialog handles the dialog management for passing the prompts for the platform to play for the user, receiving the recorded user responses from the platform, and when the VSS session is complete, returns the Results Variables and dialog control to the VoiceXML application.

The VoiceSig Express (VSE) API is designed to support webpage or web-application implementations by providing the telephony interface. The VSE API supports two basic telephone interactions – an inbound Call and an Outbound Call invoked through server-side scripts = create_inbound_session, or create_outbound_session and get_session_results . TradeHarbor provides sample scripts in PHP, Perl, Java, Ruby, and others.

The primary development effort in designing and deploying applications that use the VSS for voice authentication or remote Voice Signatures is related to the changes required to the UI (User Interface) or VUI (Voice User Interface) to meet the human factors issues associated with introducing Voice Signatures to new users and properly handling VSS confidence scores that are lower than the threshold required by the specific application in the specific interaction or call context.

Summary:

TradeHarbor offers the VSS as a Web Service (Software as a Service), which makes it simple, quick and inexpensive to implement and which enables inter­operability across a business enterprise for all types of Internet, telephone and mobile platforms. While the core VSS interactions remain uniform, the applications supporting various business processes can tailor how the VSS is used: the point in the business process when the VSS is invoked; the “Signature Statement” associated with a document signature or authentication; and balancing the desired security / convenience for an interaction based upon the unique risk and value characteristics of each individual interaction or transaction. The Signature Statement heard in the Voice Signature session can be tailored for each transaction or document type to ensure that the signer is aware of any associated terms and conditions, and is cooperatively agreeing to be subject to them.

Thus, the VSS can enable a uniform approach to authentication and document signatures across all of an enterprises customer touch­points, and on any of its customer-facing platforms. For example, a customer may enroll their Voice Signature when working with a representative on the phone to open an online account, and be subsequently authenticated in the same or other business units. The VSS is designed to flexibly meet specific business requirements, risk management requirements, technical security, transaction enforceability, and legal/regulatory compliance requirements.

Voxeo’s leading edge approach to enabling the mash-up of web services and communications technologies is a perfect platform partner for the web service approach of TradeHarbor’s Voice Signature Service. TradeHarbor’s partnership with Voxeo enables developers of voice and web applications to add voice biometrics to their solutions quickly and easily through the development, testing, proof of concept and deployment phases of their project.

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

This guest post is by Peter Soufleris, founder and CEO of Vocalectand is part of our voice biometrics announcement today. Visit the announcement page to see a video interview with Peter Soufleris.

---

There are a lot of interesting things happening these days relative to voice biometrics – too many to cover in any one blog entry. So today we’ll start by introducing Vocalect Biometric Solutions, then we’ll detail some of the issues we help address, what differentiates Vocalect from other vendors, what some of our challenges are, where we are seeing success, and finally we’ll look at a couple areas that we believe are particularly promising for our technology in the future.

About Vocalect

Vocalect provides hosted voice authentication services to IVRs, call centers, and mobile applications via standard programming interfaces such as XML and VoiceXML. Our goal is to provide highly flexible and accurate services for our clients that are easy to understand and use, with excellent business and technology support – and at reasonable prices.

Vocalect’s team has over 4 years of direct experience with voice biometrics and hosted authentication solutions in the U.S. We’ve written an awarded patent, have developed several voice biometric engines and signal processing routines, have developed and deployed robust service delivery systems, and have helped clients integrate our solutions into a wide variety of applications.

Vocalect Solves a Couple Specific Problems

Vocalect helps to verify the identity of individuals simply by the sound of their voices. Our solutions are particularly effective when customers are not present for a transaction – such as when they contact our clients by telephone. Our services are able to quickly, accurately, and inexpensively identify customers without any specialized hardware or software.

Increasingly, our services are being deployed as an integral component of multi-factor authentication processes within client systems. Consider a simple IVR example for a credit card issuer:

1. A customer calls an 800 number for service on their credit card. At this point, one “factor” may be that the customer’s caller id information is recognized by the bank’s IVR system.

2. After being greeted by the IVR, the customer may then be asked to enter (or speak) all or part of their credit card number. This knowledge is yet another factor that can be checked and cross-referenced to the customer’s account.

3. Finally, the customer may be asked to repeat a passphrase, speak some numbers, or speak the answer to a question. In this case, our voice biometric engines provide yet another factor. We process the customer’s spoken response and accurately match it to their stored voiceprint – all in a matter of seconds.

This example shows one potential multi-factor approach that gives the bank’s fraud and risk models three factors (or probabilities) to work with. This is a very powerful approach to fighting social engineering and identity theft in IVRs and call centers. And, it can be done without live agent intervention, saving both FTE expense and call handling time.

With today’s tight economic conditions, Vocalect’s service delivery model also addresses the costs associated with testing and evaluating voice authentication technology. Our hosting platform goes beyond providing only voice enrollment and verification services. We also provide a wide array of related services – toll-free numbers and outbound calling; full-featured IVR facilities utilizing VoiceXML-based dialog management; automatic speech recognition (ASR) and text-to-speech (TTS) capabilities; custom prompt recordings in multiple languages; and custom application and consulting services. Thus, we can help prospective clients to conduct trials and pilots on our system – allowing them to “try before they buy”.

All Voice Biometric Companies Are Not Equal

There are several companies in the U.S. and abroad that provide software and solutions that employ voice biometric technologies. However, it is important to realize that there is a fairly wide range of technical and operational expertise between these companies. Vocalect differentiates itself from other competitors in a number of ways:

• VoiceXML Hosting Experience. Our team has over 4 years of hands-on experience with the design, development, implementation, and management of hosted voice authentication services utilizing VoiceXML. In particular, we have a great deal of experience with Voxeo’s Prophecy platform – perhaps more than any other company.

• Focus. Some of our competitors have focused their development on password reset and other application-specific systems. Some competitors are expert with forensic applications and voice identification systems. And other competitors have client-server solutions with specific hardware and software requirements. Our team is 100% focused on the design and development of secure, standards-based voice authentication services for call centers, IVRs, and mobile applications.

• Industry Knowledge. Our team has significant experience deploying and servicing large-scale systems within financial institutions, insurance companies, pharmaceutical companies, and telecommunications companies – some of the many industries that increasingly need high-volume voice authentication services such as ours. We understand the business, technical, security, compliance, customer, and support issues related to deploying voice authentication solutions.

• Flexibility. We do not force customers to adopt a specific use case. Our multiple engines provide maximum flexibility to system designers. So, our clients can choose to use passphrases, numbers, natural speech, or combinations of techniques.

• Adaptability. We own, develop, and maintain our own core technology. So, we are not subject to the feature sets or road maps of other vendors. Further, our low application overhead and service-oriented architecture is more readily adapted to the specialized needs (and frequently changing business requirements) of larger customers.

Challenges in the Industry

Over time, voice biometric solutions have been proven to be quite accurate and reliable. However, several challenges still remain to widespread adoption of this technology:

• Consumer adoption is perhaps the biggest challenge in the industry. It’s not uncommon to hear prospective clients say “our customers will never want to do this”. However, we have data from pilots, focus groups, and other findings that lead us to the opposite conclusion. People are tired of all the user ids and passwords, PINs, and other things they have to remember. They really want something that is simple – and voice meets this need. The good news is that after several years of successful trials and pilots, we are now poised to see some fairly significant deployments this year and in the years to come. So, this hurdle should become less of an issue over time.
• For any voice biometric company that is hoping to deploy large-scale authentication solutions, another challenge is the issue of “channel mismatch”. As an example, some voice biometric systems don’t work well if you enroll on your landline and then later try to verify from your cell phone. Without proper channel compensation models and procedures in place, clients and their customers could get frustrated. Our engineers focus a lot on this issue, and we’ve been able to come up with some innovative solutions that perform well.
• Another technical challenge relates to quality of service on some of today’s VOIP lines. Good quality VOIP can be indistinguishable from analog lines. However, we’ve all had conversations with people that sound like they are “underwater”. So, we’ll have to continue to work with VOIP technology providers and clients to manage these circumstances.

We’re Seeing Success

Vocalect is starting to see success in a variety of IVR applications where clients use our services as part of their multi-factor authentication programs. This is the result of effective team communications, having the right expectations, and understanding how to use these tools – and in what circumstances. In our opinion, voice biometric authentication is the perfect compliment to any IVR authentication process that needs to be strengthened or enhanced.

One of our most promising capabilities relates to outbound calling – initiated from a web application or to mobile applications at point-of-sale. By placing an outbound call to a known number, the phone itself becomes a token – yet another factor. These techniques are referred to as “out-of-band” (OOB), as you are introducing another contact channel to a customer that is already engaged in an authentication process of some sort. Outbound calling can therefore be an excellent and relatively inexpensive way to provide very high levels of security to applications.

In fact, it was Voxeo’s ability to easily provision inbound or outbound calling to a variety of applications that originally attracted our team to Voxeo and the Prophecy platform nearly 5 years ago. Voxeo provided us with a stable and robust solution that we could simply tap into and have it work. This was a tremendous benefit to us, as we were able to remain focused on voice biometrics.

We’re also continuing to explore a number of new and novel uses for our hosted voice authentication services. Recently we spoke with an Asian company that detailed a use case we had never heard of before. It turns out that our technology is ideally matched to their needs (they are a Voxeo customer as well); however, we never foresaw this particular application because it is unique to their culture. So, we remain very excited about our partnership with Voxeo and the geographic reach their platform provides for us and our mutual customers.

Future Trends

Although it is difficult to predict exactly what will happen over time, the future looks bright for voice biometric technology. A couple of the more interesting developments to look forward to are:

Fast Identification. Assuming that computing power continues to increase, being able to speak and be quickly and accurately recognized (without an initial claim of identity) holds a lot of promise for many authentication scenarios.

Embedded Uses. Within 3-5 years there will be significantly more standardization within the industry, as well as consolidation. It’s quite possible that phone companies and mobile handset manufacturers will embed voice biometrics directly within their products and services and provision and sell them much like caller id or ring tones. We are already starting to have some of these discussions.

Conclusion

There are a lot of considerations relative to voice authentication technology. Should you wish to learn more about our services, please visit Vocalect’s website at http://www.vocalect.com. The Vocalect team will be happy to discuss your needs and help you determine if our technology is right for you.

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

Why has voice verification historically been so difficult to implement? In an age of identity theft, when companies are looking for additional ways to secure online transactions, why shouldn’t they be able to use voice? In a time when companies are looking for ways to deliver services to customers faster, why shouldn’t they be able to use voice as a way to secure the delivery of those services?

Whether people call it “voice verification”, “voice authentication” or “voice biometrics”, the common question people ask is “Why does using voice for security have to be so hard?”

It doesn’t.

Today we are pleased to announce a new voice biometrics initiative with four of the leading voice biometrics companies where you can add voice biometrics to a new or existing VoiceXML application TODAY. Through the power of the cloud, your application running on our Prophecy Hosting service can securely communicate with the hosted services of CSIdentity, PerSay, TradeHarbor or Vocalect.

If you go to our new biometrics portal page at:

www.voxeo.com/biometrics

you will find links to “How To” documents from each of the four vendors explaining how you can easily integrate their service into a new or existing VoiceXML application. All of the vendors are also making trial accounts available for interested developers. Try one vendor out… try them all out.

The point is that voice biometrics is very real… today… and you can implement security based on voice today on Voxeo’s platform.

Use voice biometrics as a way to securely automate password resets on your corporate LAN… use it as a way to secure an e-commerce transaction… use it as a way to confirm access to confidential information about an order being processed… use it as a way to secure access to your corporate IVR… use it to secure callers into a private conference call… use it for whatever wacky idea your imagination can come up with…

Use it… play with it… the code is out there! If you already have an account on our Evolution developer portal, you can modify an existing VoiceXML application or create a new one. If you don’t have an account, signing up is free and lets you get started right away creating voice applications, complete with inbound phone numbers, Skype numbers and SIP interconnection, as well as outbound dialing, speech recognition, conferencing and much, much, more…

And when you are ready to make your application go live in a production environment, simply contact us and we can get your app running on the industry’s largest VoiceXML hosting cloud and the only one backed by a 100% uptime service level agreement.

Try it out… voice verification is no longer something “too hard” to do… it’s simple and it’s here today!

---

Please visit our voice biometrics announcement page to watch video interviews with each of the four partners, to read guest blog posts and to find other information about using voice biometrics on Voxeo’s platform.

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

Do you worry about identity theft? Have you had your personal identification information or credit cards stolen and worry that someone could be out taking out extra credit lines in your name? Or committing fraud and ruining your credit status?

Today identity theft is an increasingly large problem and banks and financial institutions, among others, are looking at ways to better secure their interactions with customers. In the security space, we generally talk about authentication as involving one of these factors:

• something you know, such as a password or PIN

• something you have, such as a token or pass card
• something you are, such as a fingerprint, retina, or… voice

Done well, this last category is perhaps the most secure because it is something about you that cannot easily be duplicated. So to that end, we are pleased to announced that Voxeo and TradeHarbor are partnering to bring TradeHarbor’s Voice Signature Service to customers developing applications on Voxeo’s Prophecy premise product or on Voxeo’s Prophecy Hosting cloud. The press release describes the process a bit:

When an enrolled user calls an application protected with the Voice Signature Service, they are prompted to repeat a dynamically-presented phrase. Voice Signatures are used to conveniently authenticate inbound telephone calls or, using outbound calls, web transactions from computers or mobile devices. The Voice Signature Service then returns a patent-pending Normalized Detector Scale® confidence score that can be used as a decision support factor in allowing or denying account access; it also maintains an audit trail, which provides unprecedented accountability. The entire authentication process takes just seconds.

You can visit TradeHarbor’s website, www.tradeharbor.com, to learn more about their offering. If you would like to find out more about how you can use TradeHarbor’s voice authentication services with your application on Voxeo’s platform, please contact our sales team at sales@voxeo.com

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook or following us on Twitter.

---

Technorati Tags: voice, voicebiometrics, biometrics, security, authentication, identification, voxeo, tradeharbor

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

Do you remember the 1992 movie “Sneakers”? At one point the main characters are trying to get into a place, but first need to get through a voice verification system.  So they create a recording: “My name is Werner Brandis. My voice is my password. Verify me.” Voila! Since this is Hollywood, access is granted. A real-world, modern-day version of this type of technology is now available on the Voxeo Prophecy IVR Hosting platform – only unlike the movie, it can’t easily be spoofed!

Earlier this week, we announced the delivery of VoiceVerified’s voice authentication services on our platform.  Using their “Unforgettable Password(TM)” technology, the solution provides consumers with a more convenient and secure way to obtain sensitive information or perform transactions over the phone. Callers no longer need to remember PINs and passwords or divulge personal information such as their social security number or mother’s maiden name. Instead consumers can authenticate using their unique voice print.  And, unlike the voice verification system in “Sneakers”, VoiceVerified’s system asks the caller to authenticate by repeating a randomly generated series of numbers, eliminating the kind of “replay attack” that helped the heroes of Sneakers.  

We think it’s a great solution and we’re pleased to be working with VoiceVerified.  We’ve also published a case study that highlights some of the reasons why VoiceVerified selected Voxeo’s Prophecy IVR Hosting services.  You can check out VoiceVerified’s web site for more information about their products and services or contact them via email to learn about using their services with our platform.

What do you think? Do you see a role for voice verification services with your applications?

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---