LexisNexis started the wave when its Risk Solutions business unit introduced to new options to its Multi-Factor Authentication (MFA) solutions targeting financial services, health care, government, and retail organizations. As described in this press release, the information giant has long offered a suite of identity proofing and authentication solutions, branded as Flex ID, Instant Authenticate, InstantID®, InstantID Q&A, Instant Verify, and TrueID®.

Kimberly Little, Director of Identity Authentication Solutions at LexisNexis spoke at VBC and provided us with more detail on the intent of the offer. The company has long offered biometric authentication based on fingerprints. It has now added the option for its customers to include voiceprints as an identifier and speaker verification as an authentication method to support phone based commerce for financial services or contact centers.

In addition, LexisNexis is providing the option for its clients to offer their customers a One Time Password, delivered as a text message, email or outbound phonecall when appropriate when businesses or government organizations require stronger authentication to support a transaction.

We were also pleased that two of the sponsors of VBC were able to launch new mobile products from the podium. Agnitio’s Emilio Martinez led off a panel on Mobile Authentication by introducing KIVOX Mobile and elaborating on how development for military, law enforcement and commercial markets has led them to shrink their speaker identification and authentication engine so that it can operate on an Android phone (coming soon on iPhone), even when it is disconnected from the wireless network.

SpeechPro formally announced VoiceKey, a new voice biometric platform that integrates and implements a number of the core technologies, features and functions that it has developed over the years. This includes the “fusion algorithms,” that have demonstrated improved accuracy; proprietary methods for liveness detection, along with gender detection and emotion detection; cross-channel verification based on short phrases; robust noise reduction and speech detection; multimodal capabilities, including support of mobile authentication.

Each of these announcements reflect the fact that voice biometric-based solutions are maturing. That was the major message behind a keynote address delivered by Nuance VP Dan Nordale and showing how the combination of voice authentication, natural language understanding and artificial intelligence was gearing up to support the best customer experience over phones, tablets and laptops.

The focus on mobile customer experience was further demonstrated by ValidSoft in a video demo of VALid and how a shopper could say pass phrase to authorize a payment and make a purchase. When Daniel Thornhill and Benoit Fauve walked through all the steps taking place “transparently” to the user, you realized that the system handled fraud reduction through detection of “SIM swapping,” location awareness and anti-SIM swapping, as well as the voice biometric – all part of its SMART security architecture for mobile payments.

On the other side of the globe, ValidSoft was making news through a partnership with Utiba, a Singapore-based mobile payments specialist whose network supports roughly 40 mobile network operators and banking customers around the world. The companies claim that the partnership will have the potential to serve roughly 500 million subscribers with Utiba platform. ValidSoft CEO Pat Carroll noted that the company handled over 12 billion mobile payments last year.

Partnerships that span transaction processing, identity management, mobile payments are evidence that the value of voice biometrics is appreciated among a broad set of solutions providers. More alliances are bound to follow.

In short, the discussions centered on issues that define how individuals can take better control of their personal information (with or without the help of “3rd Parties”) to promote more efficient ways to carry out Conversational Commerce. Vendor Relationship Management (VRM) was also at the core of discussion, both at the C3 Salon and at IIW, making it clear that the time has come for VRM to move from high concept to more mundane issues around the business considerations that underlie personal data storage, user authentication, privacy protection and tools that, at base, foster trust among individuals and companies who want to carry out business (or conversations) between one another.

Five years after the launch of ProjectVRM at Harvard Law’s Berkman Center, “Vendor Relationship Management” is a topic area that invites more detailed definition. I believe we have successfully positioned it as a complement to existing CRM (Customer Relationship Management) systems which trace their lineage back to the efforts of Tom Siebel (and a few others) in the mid-1990s. Enterprises around the world will spend well in excess of $14 billion this year on systems that capture, aggregate, analyze, interpret and respond to data generated (or emitted) by individuals as they cruise the web, use their wireless phones, make purchases or otherwise carry out everyday activities. Today, that investment gravitates toward technologies that monitor data streams to detect intent and support other business objectives, including new sales, customer loyalty, upsells and cross-sells.

As I noted in this post, any “CRM versus VRM” discussion is off-base. There is no “either/or” proposition. Both individuals and marketers benefit from a “both/and” construct whereby individuals (as browsers, shoppers, radio listeners, customers or whatever other context he or she may bring) opt into a system or use a 3rd party (or 4th party) service that enables them to control and share the terms and conditions under which they are willing to make their personal data available either to other people or to businesses.

This year’s IIW was particularly timely because it provided forums where attendees from start ups, standards bodies, technology providers, government agencies, communications carriers and large enterprises could discuss and define the software, services and schema that will make it easier for individuals to assert their identities and take control of their personal data as required to carry out activities, both online and off. In the past, IIW was a colossally “insider” gathering for the firms giving shape to initiatives underlying “single sign-on” to multiple Web services, “3rd party authentication” (like OAuth), Personally Identifiable Information (PII) and, rightfully, Identity Management. This year IIW attracted a larger and broader spectrum of companies, embracing communications carriers, “Big Data” (in general) and e-commerce. Thus, Ping Identity, Singly, Connect.me and other startups could rub elbows with the likes of Microsoft, Oracle, PayPal (eBay), Adobe, Intel, Orange (France Telecom), SVOX, Ericcson, AT&T, Telus and IBM.

IIW culminated with IIW+Yukon” Day, designed to invoke the dual image of a gold rush into a wild frontier of opportunities. Organizers described it as follows: “One purpose of Yukon is to start to focus on business models and value propositions, so we will specifically be reaching out to angels and VC’s who are interested in personal data economy plays and inviting them to attend.” They were successful in attracting investment candidates like Singly.com (closely affiliated with LockerProject), Azigo (an online electronic wallet), Connect.me (whose founders are promoting a “Trust Fabric” for sharing and protecting personal information), ChaChanga (operator of a “personal broadcasting” platform) and a few others.

What struck me throughout IIW, IIW+Yukon and the Opus Resarch C3 Salon was that “achieving business objectives” is the most common denominator for all three initiatives. Individuals, both knowingly and unknowingly, are the source or a tremendous amount of personal data. There is a move afoot among businesses to convert that data into “intelligence” – by capturing as much as possible and putting it through analytic resources that derive meaning, impute “intent” and (with hope) build loyalty or, at least, stronger engagement. CRM and analytics software providers have already built a business around managing “customer data.” They are joined by third parties like credit bureaus, “social media,” and aggregators like RapLeaf, Intelius Manta and others. If you can understand the business underlying the service bureaus operating on behalf of mortgage bankers, retailers, credit card issuers and car dealerships, you can understand the need (and the business objectives) that can be served by a 3rd party (or 4th party) that caters to a few simple requirements of “savvy” individuals (in their roles as shopper, search engine user, mobile subscriber or social media participant.

Individuals want to define the terms and conditions under which they are willing to share their personal data. When and if they upload information, photos or their location to an online resource (be it a social site like Facebook or Foursquare or just their supposedly neutral mobile phone carrier) they want assurances that the info won’t be shared without permission. As they go through everyday activities, they are destined to shift from “persona A” (private citizen in car) to “persona B” (employee in cubicle) to “persona C” (person shopping for a new bike). The third party that can make selected personal data available as needed in the real-time context of an interaction, will greatly benefit from participating in the Personal Data Ecosystem.

The CRM architecture insures that multiple copies of personal data reside in multiple repositories around the world (and out of the control of individuals). VRM defines roles, responsibilities and (ultimately) revenues for third parties to provide a safe, trusted repository for the information and data that can support a transaction. We don’t know for sure who the third party will be or what the exact nature of the information is, but we do know that it is not designed to replace CRM (which has over fifteen years of development and deployment behind it).

We have to acknowledge that the development and maturity of these information systems will, in no way, obviate the need for person-to-person interaction (aka conversations). What Opus Research is following with great interest is how the tectonic shift taking place between enterprise-centric CRM and individual-centric VRM impact the contact center, especially help desk and support lines where customer service agents have gone far beyond their traditional role of supporting triage and escalation, if necessary.

VRM is destined to enhance the value of existing investment in both CRM systems and contact center infrastructure. At the same time, savvy enterprise IT and communications infrastructure providers have started to define a path beyond the confines of the corporate firewall. The growing popularity of Facebook, Skype, Twitter, Google Apps, LinkedIn and Twitter are seeping into and (in some cases) supplanting company-sanctioned collaboration platforms – like Microsoft’s Lync, IBM Sametime and Cisco Quad.

Ceding more control to end users is no longer optional and, when it comes to “customer collaboration” – VRM is destined to provide the guiding principles. That’s why it is so important for the teams who link IT investment to business objectives to recognize right now that there is a tremendous upside to understanding (and embracing) the emerging Personal Data Ecosystem (PDE), as a step beyond the emerging disciplines surrounding “Identity Intelligence,” which a lead strategist at Oracle, Nishant Kaushik, described as “identity management, data mining, business processing and analytics” coming together “to address enterprise needs for greater transparency, compliance, risk management and business decision support.”

If VRM is added to the equation, those corporate goals can be achieved in concert with each customer or prospect’s needs for greater transparency, collaboration, risk management and decision support. They are not totally congruent, but you get the idea.

One of the banes of phone-based commerce is the phrase, “Your call is important to us.” It tends to be the last thing an inbound customer hears from an IVR system before being put on interminable hold. It would be much more reassuring – and accurate – for an IVR to say that “Your identity is very important to us” and then, rather than indiscriminately placing each call on hold, to treat each caller according to his or her expressed preferences, status, or other known attributes.

Both businesses and technology providers repeatedly affirm that “caller experience is of paramount importance.” Yet, that does not mean that they place risk management or security in a lesser role. They recognize that speaker verification provides a mechanism to serve these seemingly contradictory goals – highly usable, highly secure interactions.

For too long the most common practice for handling inbound calls was to put even their best customers through onerous question-and-answer routines to validate their identity based on “knowledge-based authentication.” While it is deemed “good enough,” it is neither customer-friendly (because it takes so long), nor particularly secure (because the information is often available through a number of physical or online sources).

Instead of making the spurious claim that “your call is important to us,” leading-edge service providers, like Australia’s largest healthcare specialist ahm (Australia Health Management), and one of its top banks (National Australia Bank) are showing customers in practice that “your identity is important to us.” Their use cases are “inclusive,” meaning that the use of speaker verification addresses both UI and security concerns, providing a “win-win” for customer and company alike. Both recognize that quick, accurate authentication is beneficial to the customers as well as to the business enterprise.

Strong Authentication Raises Confidence
As the number of customer-facing voice verification implementations grows, enterprises and their technology providers have already learned the value of strong caller authentication. They’ve also learned that voice biometric authentication never exists in a vacuum. Low levels of confidence in a voice biometric match seldom leads to outright rejection of a call. Instead, they trigger routines to obtain other information that can include CallerID or ANI (automated number identification) as well as “risk profiles” based on customer records, transaction history, “last known location” and the like.

Voice biometric-based authentication can replace or augment the entry of the caller’s account number. When the captured utterance matches a stored voiceprint, the authentication engine returns a high-confidence indicator (“green light”). If there are no other concerns, the caller can proceed toward accomplishing the purpose of the call.

As for market potential, Opus Research sees global spending on Voice Biometrics-based solutions (a category that goes far beyond customer care to include automated password reset, remote “time and attendance” reporting, voice signatures, mobile security and the like) reaching about $124 million in 2009 and growing to roughly $260 million in 2014 (roughly 16% compounded annual growth rate).

The biggest challenge is developing expeditious call flows for handling calls which, for any number of reasons, might fall into one or more gray areas in user authentication. Perhaps the risk profile is high and the call originates from a noisy environment. Automated, phone-based authentication could be difficult. Businesses, and their technology providers, must also build the business logic to govern situations where there is a strong match to the voice biometric, but the risk management system calls for additional authentication based on other metadata (such as a report of a lost payment card).

Solutions providers offer a considerable number of options to deal with the instances where other resources (such as the risk management system) yield a “yellow,” or worse “red” light. Calls may originate from unknown devices, in unexpected geographic locations. The voice biometric may indicate strong confidence in the caller’s identity, but he or she may not remember a pass-phrase or know the actual response to a wallet-based query. (How many of us can accurately answer, “What was the exact amount of your last purchase at a bar or eating establishment?”) Companies have considerable leeway in designing call flows and agent scripts for these instances.

A well-designed authentication routine will minimize the instances that require lengthy, agent-based authentication. Experience in the field is helping to establish “best practices” for dealing with those “caution light” situations when a caller cannot be totally rejected, nor can a company readily allow them access them to sensitive information or personal funds. Agents have important roles to play in establishing caller expectation and, in essence, training them to use the system. They may end up resorting to KBA (knowledge-based authentication) but they will be able to explain to the customer why they are being subjected to further questioning.

The customer care pendulum is swinging away from a short list of company-driven choices toward a wide-range of customer-defined interactions and transactions. Rapid recognition and protection of a caller’s identity and associated information is the basis of higher quality customer care. Over the phone, deployment of voice biometric-based identity proofing can make such authentication simpler, faster and more pleasant. A growing body of “real world” experience shows that voice biometrics streamline the authentication process and lead to shorter calls which are more economical for the company and a better experience for the caller.