Informizely customer feedback surveys
By using the Aculab site, you agree with our use of cookies.

What’s wrong with Knowledge-Based Authentication (KBA)?

For many years, online and telephone-based authentication has relied on knowledge-based systems using passwords, PINs, and question-and-answer dialogues to confirm a customer’s identity. With the explosion in the number of contact centres, this approach is close to breaking point. Nobody in the modern world can be expected to remember all of the passwords they need to securely access all their services.

Workarounds don’t work

Imposing requirements for password complexity doesn’t help. If forced to include uppercase characters, numbers, or non-alphanumeric characters in a password, almost everyone simply turns the first letter into a capital and adds a “1” or an “!” to the end. The more adventurous may also change letters to easy-to-guess numbers (so “e” becomes “3”, “i” becomes “1”, “o” becomes “0” and so on). By doing this they effectively bypass the system providers’ intentions. Their passwords are still easy to crack, and the providers’ rules have merely made them more difficult for users to remember. Many attempts have been made to thwart the scammers, with some services completely side-stepping the issue by relying on third parties: controlling access via authentication credentials provided by Google, Facebook, LinkedIn or the like. But this is not an effective solution: a scammer could easily hack into other accounts with the same or similar passwords, or even create a fake account. There are also some serious privacy issues with this approach that make it undesirable for any critical authentication scenario.

A simple solution

Headaches such as these can be easily avoided by using a voice biometric authentication system. These systems add a much-needed layer of security to authentication that’s simultaneously difficult to circumvent and easy to deploy. Versatile and powerful voice biometric systems, such as Aculab’s VoiSentry, provide an easy speaker authentication method that doesn’t rely on memorisation of complex passwords.VoiSentry is unusual in that it has extra security features such as multiple integrated spoof detection algorithms: it not only indicates when a fraudulent attack may be happening, but also provides detailed information about exactly what type of attack it’s likely to be. Multiple Presentation Attack Detection (PAD) modules discriminate between the attack methods being used, whether it’s an attempt to impersonate another person’s voice (mimicry), playback of pre-recorded samples of the target speaker, the use of advanced speech technology to create acoustic signals which resemble the target’s voice (speech synthesis / text-to-speech), or a system to convert one person’s voice to sound like that of another (voice morphing).

Enhanced security

Security can be further enhanced by using multi-factor authentication and integrated spoken digit recognition. By prompting the speaker to say randomly selected, but memorable numbers (date of birth, house number etc.) it’s possible to simultaneously authenticate the speaker with both voice biometrics and speech recognition. VoiSentry provides unmatched ease of access and security, helping contact centre operators to effectively mitigate the risks associated with fraudulent account access. It also provides a fast and frictionless solution for call centre authentication, improving both the customer and agent experience. Find out more about VoiSentry.

Archive

The Aculab blog

News, views and industry insights from Aculab

  • The seven realms of Broadcast Messaging

    Broadcast messaging that uses a cloud-based service is a natural choice. Using a cloud as-a-service approach gives a variety of message delivery options, and cuts down costs by automatically scaling to meet demand. Find out what makes Aculab Cloud such a natural choice for voice and SMS broadcast messaging, and how other customers are already reaping the benefits from using Aculab's CPaaS platform.

    Read more

  • The technology working behind the scenes to support emergency services networks

    Now more than ever, telecoms infrastructures play a vital role in supporting the health of our communities. Behind the scenes, networking technologies are working to keep the lines of communications open between emergency services and those in need.

    A recent example from the Lombardy region of Italy highlights a typical scenario:

    Read more

  • What’s wrong with Knowledge-Based Authentication (KBA)?

    For many years, online and telephone-based authentication has relied on knowledge-based systems using passwords, PINs, and question-and-answer dialogues to confirm a customer’s identity. With the explosion in the number of contact centres, this approach is close to breaking point. Nobody in the modern world can be expected to remember all of the passwords they need to securely access all their services.

    Read more

  • It’s voice biometrics, not rocket science

    The concept of biometric speaker identification or verification may, at one stage, have seemed like a technical nightmare. The reality is somewhat different. All the sophisticated algorithms and voice processing have already been developed; deploying the application is actually the simple part.

    Read more

  • Multi-lingual speech recognition now supported on Aculab Cloud

    We’re listening – what would you like to do today?

    A generation of people have grown up trying to avoid ringing a contact centre – not because they didn’t like talking to the cheery people who work in such places, but because they first had to get past the IVR system put in place to direct the call. Press 1 for support, 2 for sales, 3 if you know the extension of the person you wish to speak to.…and so on, and so on. We quickly realised that many of these systems would let you bypass the IVR menu and get to a real person if we pressed ‘0’.

    Read more