Voice Biometrics and Multi-Factor Authentication

As discussed in the recent article by ComputerWeekly.com, it is becoming apparent that standard two-factor authentication (2FA) methods were never as secure as they were intended to be. Two-factor authentication usually involves the user inputting a PIN or password for the first authentication and then completing a second authentication via security token or a one-time passcode. The reason why this process is flawed is that most two-factor authentication only authenticates if the right device is being used and not if it was the authorised person. A fraudster who knows or spoofs someone’s password or has access to their device can easily take over their account. Additionally, scams such as brute-forcing passwords and sim-swapping are common methods many fraudsters use.

This issue is one of the many reasons why multi-factor authentication (MFA) coupled with biometrics technology provides far superior security and convenience today. Multi-factor authentication is an authentication process that requires two or more factors. The factors required can be something that you have (like a security USB key or a known smartphone), something that you know (like security questions or passwords) and something that you are (fingerprint or voiceprint recognition). This means that multi-factor authentication not only involves having the right device but also having the right person.

With biometrics technology, multi-factor authentication becomes more robust, improving security and user experience. However, indeed, no security method is ever truly 100% secure. Some Biometric technology has also been on the receiving end of spoof attempts, as fraudsters use 3D printers to create fingerprints and face masks or simply log into a smartphone using the PIN to create a fingerprint which can be used to spoof the MFA security and gain access to the client account. Therefore between these biometric technologies, voice biometrics is harder to spoof because the voiceprint is created and stored in the client organisations own secure infrastructure, making it a device-independent verification. Being device-independent ensures that voice verification is the perfect complement to multi-factor authentication.

Auraya’s EVA voice biometrics is an easy-to-consume, cloud-based voice biometric extension for Amazon Connect telephony and digital channels. It provides ‘voice identification & verification’ and ‘fraud detection’ capabilities, improving security and user experience. With EVA, organisations can use voice biometrics as one of the factors required when using multi-factor authentication for security purposes. This biometric capability can be used in the IVR call centre process, whilst talking with an agent or a bot or online via a website or mobile app or Chat or messenger. EVA is capable of detecting and preventing spoof attempts such as recorded playback of voices and synthetically generated voices. Unlike other biometrics, such as fingerprints where security is compromised once a fingerprint is stolen, any recorded or mimicked voices will not work against security systems that have EVA enabled.