Nuance Communications has recently launched a new Security Suite that heralds the dawn of the next era in persistent, continuous security by leveraging deep neural networks (DNNs) and elements of artificial intelligence to combat fraud and simplify strong authentication. Its approach runs counter to a tendency for businesses to apply ‘one-size-fits-all’ authentication methods across a multitude of customer interfaces, channels, interactions or service-types. All too often, their approach has exposed security gaps that are exploited by fraudsters who, over time, master the different authentication processes whether they be PIN/Password, OTP, Security Questions or even Biometrics.
In our paper, Voice Biometrics: What Could Go Wrong, we highlight the advantages of multi-factor, multi-layered security architectures. We have also observed a strong trend towards behavioral and ‘always-on’ passive network and device monitoring methods which we have termed the 4th Factor: Continuity. However, the most prolific and high-risk attacks are not that sophisticated, and tend to manipulate the weakest link which is often the human factor, both on the side of the consumer as well as the live agent. This is especially true in the following instances:
- Voice Phishing (or ‘Vishing’) – where fraudsters make repeated calls to agents to learn the process of authentication, as well as build a database of information which they use to access the targeted consumers account in the same organization, or different organizations.
- Brute Force – where fraudsters manage to obtain biographic, personally identifiable information (PII) via the social media or ‘dark-web’, and then use that to randomly attack accounts.
In the case of an automated process, which could be via a digital agent, ‘bot’ or live-agent following a script, the sequence of steps is known and predictable. Often, in the case of a live agent, the fraudster appeals to the empathy of the agent, and leverages that to soften some of the security processes.
Of special interest is Nuance’s ConversationPrint™, which is termed “an industry first” that utilizes a combination of what a caller is saying, how they are saying it, choice of word sequence and overall linguistic behavior. The behavioral element of voice biometrics (VB) is traditionally associated with Active (text-dependent) VB; however, ConversationPrint™ now applies these to Passive (text-independent) VB as well.
The exciting element of this is that professional fraudsters tend to use the same modus operandi, they either deliberately or inadvertently utilize the same words, grammar and sentence structures in speaking or texting; and this creates a unique trace of that individual’s conversational behavior. There are many anecdotal instances where fraudsters were stopped by alert agents who noticed that a caller sounded “suspiciously like someone that called earlier.” These “lucky breaks” are more often based on coincidence and guesswork. ConversationPrinting eliminates the element of luck and subjectivity readily scale.
Conversational Continuity drives Omni-Channel, Multi-factor Authentication
As consumers expect to be able to switch seamlessly and securely between devices (smartphones, PCs, etc) and channels (online, call center, etc) with context and continuity, the need for omnichannel, multi-factor authentication that is both risk-based and user-friendly becomes a challenge. By adding ConversationPrint™ to Nuance’s Omni-Channel Customer Engagement Platform, the company augments its Security Suite together with enhancements in their Gen3 Voice Biometrics, Behavioral Biometrics and a wide range of Intelligent Detectors such as Device ID, ANI ID, Geo Location and Synthetic ID detection.
Categories: Conversational Intelligence, Intelligent Authentication, Articles