Credit card company, Visa International, is partnering with a maker of voice recognition software to develop voice authentication technology for use with Visa-brand cards. The two companies will be looking at applications of the biometric security in the areas of e-commerce, mobile commerce and risk management, according to a statement released by Vocent Solutions.
"Voice recognition is one of the ways that we're getting to the vision of universal commerce — which we refer to as u-commerce — being able to conduct commerce anytime, anyway, anywhere you want," said Georgann Scally, vice president of strategic alliances at Visa International.
"To do that, you have to deploy every technology available. We think voice authentication and recognition are technologies that show a lot of promise. They're simple, easy, non-invasive and very accurate," Scally said.
Visa's role in the strategic alliance will be to develop standards concerning the use of Vocent's voice recognition technology and to create prototype solutions using that technology. It would then be up to Vocent and Visa's member financial institutions to decide how to deploy voice recognition technology — if at all.
Scally sees many possible applications for Vocent's technology, however.
"Pretty much every PC today comes with built-in [microphones]. There's also mobile commerce — mobile phones or mobile phones combined with PDAs," Scally said.
Scally also sees room for Vocent's technology in Visa's Verified by Visa program to secure online credit card transactions, with voice identification replacing or even supplementing passwords to verify the identity of the purchaser.
"Vocent would be a great partner in the Verified by Visa space. You could possibly do three-factor authentication, depending on what the bank would want to do. Another possibility would be to eliminate the pin and use voice instead."
Those types of solutions, however, will require the development of technology to send speech pattern information over data channels, as opposed to phone lines, according to Craig Gould, manager of marketing and communications at Vocent.
"It's not a product we have today, but we're working towards that goal," said Gould.
For now, Visa is in the process of deploying Vocent's Voice Secure Password Reset product internally to enable its 5,000 employees to reset network passwords through Visa's internal help desk.
Voice Secure works by recording a voice sample for each customer or employee — typically the sound of that person pronouncing the numbers zero through to nine. Vocent's software makes a digital representation of that person's vocal track. That information is then stored and used for future comparison.
The identity of subsequent callers is verified by asking each caller to pronounce a randomly selected sequence of those digits into the phone receiver. Vocent's software uses sophisticated algorithms and speech-recognition technology to match the caller to the recorded digital representation of that person's voice. The random number sequence guards against the use of recorded voices to trick the system.
"It's recognition and verification simultaneously," said Gould.
In order to break into the market for credit card transactions, however, Vocent will have to not only conquer the technical challenges of delivering voice authentication information over the internet, but also design products that are easy to implement and secure, according to security analyst Pete Lindstrom, research director at Spire Security.
"[Vocent] has to make sure that they've nailed down the architecture. The strength of the biometric is its uniqueness, but you have to maintain the integrity of the entire system for it to work," said Lindstrom.
Beyond that, both Visa and Vocent will need to get member banks and financial institutions behind the new authentication system.
"The challenge in the credit card space with new technology is that there's a robust existing business model to deal with," said Lindstrom. "Microsoft can deploy new technology because their products are backwards-compatible. Smartcards tend not to be backwards compatible."