Drivers and Trends in Voice Biometrics - transcript

thanks for joining us today my name is Andrew Horner I’m the chief marketing officer at valid soft we deliver voice biometrics and authentication solutions to top brands around the world we’ve seen a lot of momentum recently it seems like everyone needs to be authenticated remotely so I’m very happy to be here today with Matt Smallman who’s founder of SymNex Consulting also works with opus research we’re going to talk today about the perfect storm drivers and trends and voice biometrics before we do that and I’m going to revert back and forth between the PowerPoint you’ll see our talking faces mostly but there’s a few slides here so the first one i just wanted to show everyone is in case you missed it there’s been some content that we’ve published as valid soft recently and then one piece that opus published and matt was a key part of it this is all available at validsoft.com forward slash media hub so take a look at it but we just pushed out a piece on eight reasons to reconsider voice biometrics this year so that’s very timely and then the Opus Intelliview for voice biometrics report which featured valid soft as a leader and then we just put out a fun piece today about if uh validsoft and voice biometrics had truly appropriately been applied to the script in red notice it would have ruined the film that’s just a fun little read there so with that I’m going to stop sharing the screen I’m going to introduce matt and happy to have you here matt thanks and welcome

thanks andrew can you for those that don’t know some know you some don’t but can you give us a little bit of background on what brings you to this field and a little bit of your background I’ve probably been looking at this area specifically now for about 10 years first off leading contact center strategy and change for some of the largest banks in in the UK and that led me into this challenging area of contact center security and call center security where it’s about real barrier to the interactions that we want to have between customers and our agents and over the last couple of years have been helping a whole wide range of organizations mostly implement voice biometric solutions but in every case aiming to make their contact center experiences quicker easier and more secure in the last couple of years then I’ve also been working with opus research providing them the experience necessary to get a perspective of what’s happening in the market as well and that’s where you see my input into the recent Intelliview.

Great awesome fantastic thanks so much well let’s just start with kind of a fun question if it’s all right so voice biometrics has been around a while other types of biometrics have been around a while there’s many different ways from measuring how someone walks to taking DNA samples to retinal scans which we see in the movies and things like that but you’ve seen a lot in the space especially on voice biometrics but what’s kind of most exciting to you at the moment why is this the perfect storm today?

There’s a whole bunch of reasons if I wind back a little bit maybe almost 10 years ago having just seen that the truly transformational effects of this technology on experiences in some contact center running for a large bank in the UK not just in terms of the security aspects and the efficiency aspects but really in changing the nature of that conversation that took place between the human and the agent it’s no word of a lie that as i was walking out of a Glasgow contact center one wet and windy November night somebody I’d never met before in my life stopped me and said that i had changed her life now i still think that’s a bit of a bit of an exaggeration but honestly she didn’t come to work every day to get people to prove who they are she came to help them solve their problems and by taking the security process out of the way voice biometrics was able to do that now.

I would fully have expected that having seen how powerful impactful it was that everyone would be adopting this technology and therefore i moved on to look at other things but when i came back five years later to this to this field really we hadn’t really moved on at all and i think there’s a couple of different factors from that that you need to think about there’s a set of demand side factors what other businesses the enterprise organizations looking for and what’s causing them to seek out these solutions and then the other is a technology side what are vendors like validsoft and others doing to move forward the technology and I think there’s been some really um significant changes in both of those domains over the last two years to particularly with covid maybe slightly longer over the technology space and I’m really optimistic as we go into 22 and beyond that actually this this probably could be the year where voice biometrics particularly starts to get mainstream adoption outside those kind of large financial services organizations which we’re all familiar with yeah fair enough and as we know you know financial firms they’re regulated they’re high risk you know that’s where the money is that’s where the robbers go etc.

Talk a little bit about though outside of that space where else are we seeing some traction i mean i definitely you know contact centers and there’s a conversation everything from kind of agent fatigue through to more of what we’re calling now a super-agent where they need to access high value information talk a little bit about some of the other areas that we’re seeing?

The fundamental challenges we see today are that the vast majority of organizations are still dependent on knowledge based authentication and that is really frustrating from a customer perspective pretty time consuming from an agent perspective and challenging to automate if you want to deliver self-service features and pretty easy for fraudsters to compromise and in those organizations which have high values at risk like banks and financial service institutions they ramped up those knowledge-based authentication processes to a point at which they were unsustainable and they were forced to move to technologies like voice biometrics in order to address the imbalance that had taken place i think as we look in businesses beyond financial services we still see all of those same challenges it’s just the value of solving them isn’t necessarily as great is for those businesses and therefore the kind of cost and complexity of voice biometric solutions that are available on the market two three years ago wasn’t really appropriate for them.  But as we look now at the market where you can literally in the console of some cloud contact center solutions switch on a voice biometric solution and be up and running with a pilot tomorrow there’s no armies of consultants and engineers to make it happen there’s no six-month project planning process to make it happen you can switch it on and be up and running in a few short hours for dramatically lower um running costs than these large financial services organizations have necessarily seen in the past so i think that the fundamental problem knowledge-based authentication is still there and I’m really excited and particularly because like we all go through this process yeah like it is rubbish yeah it’s just a theater it’s just theatrics you know this process isn’t adding any value to the security of your call the agent knows it’s not adding any value to the security of the call yet we still all do this dance it is it’s frustrating and it’s a bit ludicrous in the 21st century to be doing this I’ve heard the same words applied to airport security sometimes appears like theatrics there’s a concept known as security theater and that that’s where you do things that appear like security in order to provide reassurance and confidence and some of those checks you see at the airport are really security theater if no one checked anyone’s bags before you got on a plane you wouldn’t get on the plane current security processes in the enterprise particularly in contact centers i think they’re more like a security fast both parties know that this isn’t adding any security value yet we still pretend um that it is and carry on regardless yes interesting point and then and at the same time real fraud losses are ramping up we’re seeing you know both under NDA and in the press you know more and more and more so it’s a substantial attack surface right the context and there’s a lot of valuable data there.

I’m not asking you to give away all your free consulting advice because i know you consult with you know fortune 500 global 2000 firms but if you’re advising an organization who might have taken a pass at voice biometrics prior maybe they’re reinvigorating their look at that what are just a couple questions they should be they should be asking?

For many organizations this technology is not new it’s been around for 50 or so years but a couple of fundamental things have changed in the last couple of years that really changed the cost benefit analysis for an organization the first is computational power reached a point where it’s near infinite for the for this purpose we now have contact centers delivered on modern IP networks and the cost of integration is therefore lower but then when you add to that the improvements have taken place in the underlying technology we’re at a point with accuracy now where it wouldn’t necessarily have a material impact on customer outcomes it is so much better than the technology that many organizations tested or piloted 10 years ago it’s like night and day and not only on the accuracy front but the amount of audio you actually need to achieve those levels of accuracy is also dramatically low . I remember my first implementations of this technology we we’d be talking about having a 15 20 second conversation with a customer before we could um authenticate them but now we can do it in the two or three seconds that a customer might provide to a voice assistant or an IVR enabling authentication far more natural conversational manner up front and therefore enabling far more automation opportunities for the enterprise it really has changed dramatically in the last couple of years and i think for those reasons the kind of the cost benefit equation is just kind of completely rebalanced and any organization that discounted it in the past for complexity or cost reasons really needs to come back at it particularly when you then on the other side what’s really happening on the benefits because some of those same organizations know they’ve got problems with knowledge-based authentication and they’ve done things like implementing SMS two-factor authentication and i think what we’ve found is that whilst those did provide like kind of a short-term boost in security they did that at the cost of a significant detriment to customer usability and in some cases efficiency they’re not cheap they’re not easy to maintain but now the fraudsters are catching up the number of two-factor phishing schemes we see available now is just unprecedented they’re kind of back to as bad as knowledge based authentication in some industries because of the weaknesses in the way that it’s been implemented and fundamentally the approach i think there was a news article recently that at least one organization in Singapore was impacted by that type of approach so it’s re it’s the real deal it’s making headlines so certainly of concern one of the things that comes up are things like synthetic voice replay attacks things of that nature can you talk anything about your thoughts around like is the kind of the defense technology keeping up with the attackers. I know that’s always a cat and mouse game for many years it has been but can you talk about that how fast are we moving down the path with all of these kind of challenges you need you need to take a step back and think about the overall risk that an organization is exposed to and whilst the press and the media love to chase these high profile vulnerabilities the reality is that there are billions and billions of calls being authenticated today by people knowing nothing more than a date of birth and mother’s maiden name so i think we first need to get those kind of problems into perspective and then the second is that we know over time there’s been an unrealistic expectation of perfect security i can’t remember who said it exactly but that the most perfectly secure system is completely unusable so we need to find ways in which we balance appropriate levels of security with usability and for the risk that’s associated with them and if we look particularly at the challenge around synthetic voice and the way in which voice biometrics might be vulnerable to that the science is clear it is a theoretical vulnerability but i think when you then look at how that might be exploited realistically by a fraudster and you look at actually the cost and complexity of developing a synthetic voice in order to bypass these systems when many organizations are still employing knowledge-based authentication they have employees who need nothing more than a password or nothing more than a date of birth to reset a password it’s just significantly easier to target enterprises like using all of these other technologies that said then we do have a range of defenses for it and those defenses are improving at a rate similar to the level of attack and i think you also then have to remember that the primary reason these technologies the synthetic voice particularly has been developed is to support applications like this in in media and entertainment where I’ve got a million pounds a day actress who i just need to re-record one bit of voice and it’s cheaper for me to have a synthetic voice made of her and re-record her dialogue than it is to get her back into the studio or to pull her off the last film that means that these technologies are really being optimized for that use case and that’s a very different one to the one we’re looking at so they’re being optimized to sound like the actress or the actor or the person to a human ear they’re not being optimized for the cases we’re looking at which is that the broader set of features which we use for authentication and personalization thanks for that.

Great well i do want to take a few questions we meant for this to be a fairly short session we’re going to do a series of these we want to respect people’s times but i do want to handle some questions that have come in there’s a growing thought around this concept of a trusted agent in the contact center can you talk a little bit about that what does that mean to you what is that what does that look like?

Putting my contact center hat of the past on there is nothing more energizing but also stressful than sitting on a contact center floor and as a leader as a manager you operate in a very particular way you can see all of the people who work for you there are people walking between desks and the environment is pretty secure depending on the organizations you work for there may be clear desk policies stuff shredded and you’re not allowed to take notes but that’s obviously completely changed now with covid and remote working and there’s no doubt that the vast majority of agents are not going back to physical call centers they’re going back occasionally and that creates a whole host of new risks for the enterprise that they really need to think about and evaluate and i think that’s where this trusted agent concept comes from we spent a long time making sure that the customer who we’re speaking to on the phone is who they claim to be but from an organization perspective i probably also need to make sure that the person speaking to my customer accessing my systems is the person who i want it to be or is the person who it should be and this issue is exponentially greater when we think about regulated industries and then when we think about how those might be outsourced in the future and i think that that’s where trusted agents are probably going to see their first big opportunities in terms of authenticating the agent continuously as they’re having a conversation with your customers but i think there are opportunities beyond that i think almost the uberization of contact centers where you might train an agent or qualify an agent to do your particular thing but you might only need them for a couple of hours a week or a month and they may be in a completely different location and therefore being able to be sure that it is the person you have trained who is meeting your quality standards who has the right background checks who’s accessing your data and is speaking to your customers on your behalf isn’t it is an incredibly important capability by the time you’ve done all the work to authenticate a customer using voice for metrics it’s not a lot harder to start authenticating the agent so i do see a number of organizations demanding this right now and i would expect in the near term for it to be from a far wider range as well.

Okay thank you so we did get a question around deep fakes i think you covered synthetic voice and although there are some differences do you want to just touch on deep fake quickly?

It’s really hard to know what’s going on in the world but there have been a couple of attacks that have been ascribed to deep fake situations one very high profile one where allegedly a german ceo of a UK-based subsidiary called his UK ceo and asked him to transfer some funds and allegedly that was a deep fake voice that had been gathered using this person’s audio from YouTube and elsewhere but in practice no recordings of that call exist no attempt was made to authenticate that using biometrics so it’s very hard to know how some of our technologies would have stood up against that certainly when I’m talking to clients i always talk about a risk assessment process if you’re dealing with the most high profile of high-profile people whose audio is out there all over the place easy to obtain and you have significant value at risk whether that be financial or reputational from being exposed in this way then you should consider that biometrics may not be the most appropriate primary authentication method for those customers that said most the people in that domain are not interacting with our organizations all day every day they are using their assistants and third parties to interact with the vast majority of organizations so i just don’t see it as a huge risk in the in the short term i think it’s something we need to keep on the horizon and continue to monitor i don’t see it as a reason not to do this it’s still significantly better than asking people their mother’s maiden name and date of birth okay great we have time for one more quick uh question and answer and then i want to go to a kind of exciting thing that you said we could preview for you what other words of wisdom do you have in in the age of voice for folks that are really evaluating this stuff the most exciting innovation and opportunity of the last few years has been that that reduction in the amount of audio that we need to authenticate people i think if you looked at the past and some of the earlier implementations this technology they’re highly dependent on what we call text dependent authentication and really that’s not a lot better than a password because from a customer perspective I’m phoning up an organization I’ve got an intent i want to have it resolved and then you ask me to say my voice is my password or something similar now whilst it is an effective technology being able to ask customers why they’re calling and who they are far more consistent with the kind of experience that many organizations want to do far more consistent with a normal conversation that a human might have and therefore likely to lead to far greater adoptions of voice assistance technology and therefore improve the efficiency of our contact centers and agents i think it’s there therefore the opportunity for voice biometrics to use those very short utterances we receive from automated systems and authenticating customers with high confidence and then enabling a far more self-service conversational journey i think that’s really the most exciting opportunity and we already have a couple of proof points out there to talk about so I’m really excited to see that opportunity develop and get these active security processes out of the way as well.

Great stuff great stuff okay so with your permission may i preview and show something that you’re excited about matt what is this wow?

Okay I’ve been doing this for 10 years now and i sit in a very interesting space between vendors and end users so if you think about the enterprise itself the call centers contact centers the people in those organizations they approach this and they do this once but I’m in a very privileged position where i get to do this many times with many different organizations and that that’s really enabled me to take a step back and look at what are the principles behind making security better quicker easier for call centers and as a result of that I’ve distilled most that experience into this book unlock your call center a proven way to upgrade security efficiency and caller experience which will be published imminently within uh weeks of speaking now and really it’s aimed to give a step-by-step guide to call center leaders of all sorts whether that’s in technology or business or operations or customer experience to walk them through understanding how they’re doing today what they should be thinking about doing in the future and then how to successfully implement that also going live today is our website unlockyourcallcenter.com both with us and UK english spellings available although the book will be in UK english apologies if you go to that website today you can get a free chapter sent to you a free preview chapter sent to you very shortly and we’ll update you as soon as the book is available so it’ll be great to see some of you over there.

Okay well i want to thank you very much matt for sharing your wisdom we’ll come back again and talk again in a bit we’d love to hear from you and also we are standing up on our own newsletter soon so if you want to let us know what your email is we’re happy to subscribe you to that but again thank you so much everyone for joining and taking time for your busy schedules we’ll chat again soon and matt thanks again for your time as well