What’s wrong with Knowledge-Based Authentication (KBA)?

For many years, online and telephone-based authentication has relied on knowledge-based systems using passwords, PINs, and question-and-answer dialogues to confirm a customer’s identity. With the explosion in the number of contact centres, this approach is close to breaking point. Nobody in the modern world can be expected to remember all of the passwords they need to securely access all their services.

Workarounds don’t work

Imposing requirements for password complexity doesn’t help. If forced to include uppercase characters, numbers, or non-alphanumeric characters in a password, almost everyone simply turns the first letter into a capital and adds a “1” or an “!” to the end. The more adventurous may also change letters to easy-to-guess numbers (so “e” becomes “3”, “i” becomes “1”, “o” becomes “0” and so on). By doing this they effectively bypass the system providers’ intentions. Their passwords are still easy to crack, and the providers’ rules have merely made them more difficult for users to remember. Many attempts have been made to thwart the scammers, with some services completely side-stepping the issue by relying on third parties: controlling access via authentication credentials provided by Google, Facebook, LinkedIn or the like. But this is not an effective solution: a scammer could easily hack into other accounts with the same or similar passwords, or even create a fake account. There are also some serious privacy issues with this approach that make it undesirable for any critical authentication scenario.

A simple solution

Headaches such as these can be easily avoided by using a voice biometric authentication system. These systems add a much-needed layer of security to authentication that’s simultaneously difficult to circumvent and easy to deploy. Versatile and powerful voice biometric systems, such as Aculab’s VoiSentry, provide an easy speaker authentication method that doesn’t rely on memorisation of complex passwords.VoiSentry is unusual in that it has extra security features such as multiple integrated spoof detection algorithms: it not only indicates when a fraudulent attack may be happening, but also provides detailed information about exactly what type of attack it’s likely to be. Multiple Presentation Attack Detection (PAD) modules discriminate between the attack methods being used, whether it’s an attempt to impersonate another person’s voice (mimicry), playback of pre-recorded samples of the target speaker, the use of advanced speech technology to create acoustic signals which resemble the target’s voice (speech synthesis / text-to-speech), or a system to convert one person’s voice to sound like that of another (voice morphing).

Enhanced security

Security can be further enhanced by using multi-factor authentication and integrated spoken digit recognition. By prompting the speaker to say randomly selected, but memorable numbers (date of birth, house number etc.) it’s possible to simultaneously authenticate the speaker with both voice biometrics and speech recognition. VoiSentry provides unmatched ease of access and security, helping contact centre operators to effectively mitigate the risks associated with fraudulent account access. It also provides a fast and frictionless solution for call centre authentication, improving both the customer and agent experience. Find out more about VoiSentry.

Written on 02 June 2020.

The Aculab blog

News, views and industry insights from Aculab

Eliminating Barriers to Communication with Live Audio Translation for Phone Calls

In an increasingly interconnected world, clear and effective communication is more essential than ever. That’s why Aculab intends to help break down language barriers and foster cross-cultural communications.

Continue reading
The End of the PSTN in the US

As the technical world has evolved, so has the way we communicate. The gradual, global transition away from the Public Switched Telephone Network (PSTN) is the most noticeable change in recent years. This begs the question, is the PSTN in the US headed towards a slow end as we transition into the digital era?

Continue reading
Revolutionising the Landscape of Remote Authentication

In a time where borders blur and workplaces extend beyond the confines of traditional offices, the significance of remote authentication has taken centre stage. As we advance, so does the need for secure and efficient ways to verify and authenticate our identity remotely. Finding the balance between security and user convenience is key when seeking to implement successful remote authentication.

Continue reading
Choosing The Ideal Communication Platform: Key Considerations to Optimise Your Business

Communication Platforms as a Service have become a necessity in the current digital age; allowing businesses to obtain frictionless means of communicating effectively. However, as technology rapidly evolves, so must communications. Much of the platforms on offer today are homogenous, so choosing the best fit for your business can be difficult. In this blog, we have shared some key points and trends for to consider, so your business can amplify communications and increase operational efficiency!

Continue reading
10 questions people are asking about The Big Switch Off

With The Big Switch Off fast approaching, people naturally have questions and concerns ahead of the shutdown. The transition from conventional networks to digital technology is unavoidable in the fast-evolving world of telecommunications. In this blog, we address ten common questions people have about the Big PSTN Switch Off, shedding light on the topic and providing clarity.

Continue reading