Biometrics Add True Security

By Christopher Shepler

“I have a multifactor authentication problem that’s going to hit me right in the face.”

This sentiment, expressed by a Colorado-based call center operator at the SpeechTek NYC conference in August, has been echoed by financial institution compliance officers across the U.S.

The Federal Financial Institutions Examination Council (FFIEC) has made clear that its guidelines for better banking security apply to call centers, interactive voice response (IVR) systems, and the Internet. Now, credit union executives need to quickly assess their risks, evaluate solutions, and compose plans to satisfy regulators by the Dec. 31, 2006, deadline.

Multifactor authentication involves requiring multiple security levels to access a system or network. There are three main factors available in the world of security:

• Something you know, such as a password, personal identification number (PIN), or mother’s maiden name.
• Something you have, such as an automated teller machine (ATM) card. ATMs go one step further, combining a card (something you have) with a PIN (something you know). This makes ATMs more secure by increasing the difficulty of a thief’s attempt to steal your money
• Something you are—a measurable physical quality. This refers to biometrics, such as a fingerprint, voice print, or iris scan. Biometric methods are much harder to lose, fake, or steal than the first two factors. This adds another level of comfort and convenience for users.

Biometrics are emerging as powerful ammunition in the war against fraud. After years of being lauded as early adopter technologies, biometric solutions are gaining momentum—especially in light of increasing identity theft and hacker attacks, such as phishing and pharming.

The impact on members

Perhaps the most important aspect of multifactor authentication is its impact on consumers, including credit union members. ATMs were slow to gain acceptance because consumers resisted carrying an extra card in the wallet or purse. Twenty-five years later, biometrics have gained increasing acceptance as robust, foolproof, and accurate security methods.

Voice biometric authentication, in particular, rates highly on the usability scale in focus groups and customer surveys. It doesn’t require a specialized device (such as a fingerprint reader or high-resolution camera), and speech is the most natural form of human communication. Just as convenience became a selling point for ATMs, better privacy and security are becoming the selling points for voice biometrics in the call center and with IVR systems.

To be cost-effective, a multifactor authentication system should not require major changes to existing infrastructure. Updating an outdated touch-tone IVR application may be desirable, but it may not be necessary. For example, a simple voice user interface—incorporating multiple factors—can be applied as the front-end login to the legacy system. Once authenticated, users are placed into familiar “menus.”

Credit unions can avoid major capital expenditures for application servers and voice gateways by outsourcing with solution providers. Many vendors host and manage all specialized hardware and software in a secure, redundant facility and only charge for use.

Despite Internet traffic growth, most remote banking is done by phone. At risk are not only member funds, but private member information. Thus, even the simplest IVR systems and call center operations must ensure access can’t be compromised.

True security for highly sensitive personal and financial information is no longer a fantasy, but an attainable reality. Fortunately, inexpensive, user-friendly solutions are available for credit unions. And the systems can be implemented before the problem hits them in the face.

Christopher Shepler is co-founder and chief financial officer of Porticus Technology, a Needham, Mass., firm driving adoption of voice biometrics for secure and trusted remote communication. Contact him at 781-444-7678.