Andy Kemshall, co-founder and technical director at SecurEnvoy, speaks up about voice recognition as a security tool
Banking is one of the most security-sensitive sectors there is. In March, it was announced that UK bank fraud had risen by 11% in 2012 with criminal gangs targeting out-of-date security systems and vulnerable online customers.
Last week, Barclays announced that it would introduce voice recognition software as an authentication alternative for its 'Wealth' customers; an elite group that hold large sums of money with the banking giant.
The threat of phishing from criminal gangs is still a prominent feature of consumer banking and it's commendable that Barclays is looking at alternatives to give added protection to its customers, but voice recognition isn't the solution.
The software is still in its infancy. Anyone with a smartphone that has this technology installed on it will know that it can be a painstaking exercise trying to get your mobile to complete tasks by speaking to it. Anyone with a car that supposedly recognises commands given by the driver, will know that it's always a bit of a lottery whether your car will take you to the destination you've requested, or whether you'll end up halfway down the M25 in a five mile tailback.
Voice recognition software is nowhere near the level it needs to be for the banking industry to incorporate it into its security protocols for customers. We're not even at the stage where computers can recognise what we're saying; let alone who is saying it.
Barclays claim that 93% of customers surveyed said that the new service has near-perfect speed, ease of use and security. But 93% is nowhere near enough. When you're providing a security service to your customers, it needs to be 99.9% perfect, at the very least!
Voice recognition software is still really just a novelty technology; it's worrying that it's being trialled on Barclays' 'Wealth' customers. Seemingly basic issues, such as the effect of background noise on the recognition software and allowing for adjustments in the voice of the customer, need to be addressed before this can become a viable authentication option.
Utilising technology already owned by the customer, such as SMS authentication through mobile phones, is a more secure method for banks. If it is preloaded, as patented by SecurEnvoy, it has a 99.9% reliability rate and is far less prone to faults or replication from unwanted users trying to access a customer's details.
Voice recognition software is at least a decade away from being as reliable as SMS authentication. There are 7bn mobile phone users in the world so using your mobile phone as a security portal, via SMS authentication, gives users secure and convenient access to some of their most sensitive data.
Typing in a few digits into your handset as opposed to relying on undeveloped software is far easier and far more accurate. Using voice recognition, in its present format, is a clear case of walking before you can run!