By using the Aculab site, you agree with our use of cookies.

What’s wrong with Knowledge-Based Authentication (KBA)?

For many years, online and telephone-based authentication has relied on knowledge-based systems using passwords, PINs, and question-and-answer dialogues to confirm a customer’s identity. With the explosion in the number of contact centres, this approach is close to breaking point. Nobody in the modern world can be expected to remember all of the passwords they need to securely access all their services.

Workarounds don’t work

Imposing requirements for password complexity doesn’t help. If forced to include uppercase characters, numbers, or non-alphanumeric characters in a password, almost everyone simply turns the first letter into a capital and adds a “1” or an “!” to the end. The more adventurous may also change letters to easy-to-guess numbers (so “e” becomes “3”, “i” becomes “1”, “o” becomes “0” and so on). By doing this they effectively bypass the system providers’ intentions. Their passwords are still easy to crack, and the providers’ rules have merely made them more difficult for users to remember. Many attempts have been made to thwart the scammers, with some services completely side-stepping the issue by relying on third parties: controlling access via authentication credentials provided by Google, Facebook, LinkedIn or the like. But this is not an effective solution: a scammer could easily hack into other accounts with the same or similar passwords, or even create a fake account. There are also some serious privacy issues with this approach that make it undesirable for any critical authentication scenario.

A simple solution

Headaches such as these can be easily avoided by using a voice biometric authentication system. These systems add a much-needed layer of security to authentication that’s simultaneously difficult to circumvent and easy to deploy. Versatile and powerful voice biometric systems, such as Aculab’s VoiSentry, provide an easy speaker authentication method that doesn’t rely on memorisation of complex passwords.VoiSentry is unusual in that it has extra security features such as multiple integrated spoof detection algorithms: it not only indicates when a fraudulent attack may be happening, but also provides detailed information about exactly what type of attack it’s likely to be. Multiple Presentation Attack Detection (PAD) modules discriminate between the attack methods being used, whether it’s an attempt to impersonate another person’s voice (mimicry), playback of pre-recorded samples of the target speaker, the use of advanced speech technology to create acoustic signals which resemble the target’s voice (speech synthesis / text-to-speech), or a system to convert one person’s voice to sound like that of another (voice morphing).

Enhanced security

Security can be further enhanced by using multi-factor authentication and integrated spoken digit recognition. By prompting the speaker to say randomly selected, but memorable numbers (date of birth, house number etc.) it’s possible to simultaneously authenticate the speaker with both voice biometrics and speech recognition. VoiSentry provides unmatched ease of access and security, helping contact centre operators to effectively mitigate the risks associated with fraudulent account access. It also provides a fast and frictionless solution for call centre authentication, improving both the customer and agent experience. Find out more about VoiSentry.

Archive

The Aculab blog

News, views and industry insights from Aculab

  • How to: Reduce contact centre verification time by 80%

    Verification of identity has changed a lot over the years. As the world has shifted away from face-to-face interactions to phone and digital solutions, so has the way in which we identify and verify who we are.

    Continue reading

  • How Aculab helped me get my dream job

    Like many graduates, I recently completed my master’s degree and was struggling to find a job in relation to my field of study (technology).

    I spent several months applying to numerous roles, completing multiple application forms and undergoing various interviews.

    Continue reading

  • Reminder: The world is reopening

    Appointment reminders are critical to many industries around the world, now more than ever. From the crucial services to the downright fun, in the new world emerging from lockdown, we all need a little certainty in our lives.

    Continue reading

  • What’s ISO 27001 and why should your company implement it?

    As the risks associated with cyberattacks and data breaches continue to increase, information security has become a critical issue for every organisation. An effective approach should help defend against both external attacks and common internal threats such as accidental breaches and human error.

    ISO 27001 is the international standard that provides the specification for an information security management system (ISMS). This is a systematic approach consisting of people, processes and technology that helps you protect and manage all your organisations information through risk management.

    Continue reading

  • A Voice Biometrics system that works with non-verbal speakers

    What are the difficulties when accessing services over the telephone or online?

    As a non-verbal communicator, I’ve had a whole host of poor experiences with companies where I can’t service an account through my channel of choice since my Cerebral Palsy limits my ability to speak, as well as my manual dexterity.

    Continue reading