September 14, 2023
In our last article, “Voice Biometrics For Private Banking and Wealth Management: A False Sense Of Security?”, we explored why voice biometrics is being questioned by consumers, governments, and policymakers around the world. The article established that against the growing threat of generative AI, voice is positioned as the easiest biometric modality to clone.
Now, we’re going to dive deeper into the exact disadvantages of voice biometrics. We’ll then explore face biometrics as an alternative authentication method – one that offers enhanced security against the evolving threat landscape while delivering a seamless user experience.
The Disadvantages of Voice Biometrics
Financial institutions have sought to meet the demand for end-to-end, convenient digital experiences in their wealth management and private banking organizations. This has involved a pivot towards remote onboarding, investing, and customer service.
Voice biometric technology has proven to be unreliable with increasingly advanced, effective, and accessible synthetic audio: voice cloning attacks are rampant. Voice biometrics has also come under fire for failing to meet performance and accessibility expectations.
Let’s break down the key issues with voice authentication:
Low level of assurance; unsuitable for user onboarding
One of the challenges with voice biometrics is establishing that the original sample voice is authentic and that it belongs to the intended identity – there is no trusted source or identity document to remotely verify against. Even if a genuine sample is obtained, the enrollment samples may not be diverse enough or may not adequately represent the variability of an individual’s voice, which could lead to difficulties in accurate identification. Ultimately, biometric voice technology does not assure that an individual is who they claim to be – only that a voice matches the original template. By this logic, voice biometrics cannot secure the highest risk point in the user journey: onboarding. As such, it provides limited defense against the most pervasive and damaging identity fraud types: deepfakes and synthetic identity fraud. This fundamental flaw is critical to financial services organization’s security; the inability to bind a digital identity to a real-world person means that financial institutions must rely on other methods to establish high levels of assurance.
Security concerns
Voice biometrics is particularly susceptible to deepfakes and synthetic media attacks, potentially leading to unauthorized access or identity theft. Threat actors have even developed voice cloning services, with tools available for purchase on Telegram. This signals the arrival of voice–cloning-as-a-service (VCaaS).
Usability issues
Voice biometrics can be adversely affected by certain medical conditions or disabilities that impact speech patterns, making it difficult or impossible for some individuals to use the technology effectively. Individuals may not always speak clearly or consistently, which can impact the system’s performance. The voice changes over time, which is problematic. Additionally, someone could be mute, or have flu/illness – a leading voice biometric vendor conceded that “if a person has laryngitis, then the voice biometric system will have trouble matching the voiceprint”.
Privacy concerns
While using voice authentication, you can be overheard – making it less suitable for public usage. This also raises accessibility concerns, as people may not be comfortable speaking aloud.
Relatively low accuracy and reliability
Voice biometric technology is sensitive to environmental factors, such as loud background noise, the quality of the microphone or its condition, audio degradation, and the speaker’s emotional state or physical condition. These factors can affect the accuracy and reliability of the biometric voice system, leading to poor false acceptances or rejections rates.
The Alternative to Voice: Biometric Face Verification Technology
How can facial biometric technology circumvent the various disadvantages of voice biometrics?
Firstly, the face can be verified against government identity documents. The voice cannot. This means you can establish a source of truth to match a remote identity against, and ensure the identifiers associated with that person are endorsed by a legal authority.
Secondly, face biometrics is fully accessible even for visually impaired users. By definition, voice biometrics require users to speak — meaning not all users can use the product.
Additionally, face biometrics is a mature technology and has performance benchmarks by government organizations and standards bodies. There lacks an independent, objective ranking for voice biometric performance.
Not All Biometric Face Verification Is Created Equal
There are a number of key differentiators that iProov employs to stay ahead of other security methods and other vendors. This includes, though is not limited to:
- Dynamic, evolving security and understanding of threats: Defense against generative AI cannot be static, because the development of AI is inherently dynamic – continually evolving and developing, often testing itself against the very tools used to detect them. Biometric security must learn from threats on an ongoing basis and be actively managed 24/7.
- Cloud-based delivery: Verification technology that is delivered via the cloud allows for real-time threat monitoring. It also enables defenses to be updated quickly and efficiently (server-side) where needed, rather than waiting for manual patches.
- One-time biometric technology: A one-time biometric – patented by iProov – ensures that a remote user is not just ‘live’ at the point of onboarding but also verifying in real-time, using science-based technology, with random challenge response to distinguish between synthetic media and a live, real-time person.
These differentiators are essential to defend against generative AI and the growing threat landscape. The right biometric face verification solution can form the foundational technology for a customer’s entire identity lifecycle, whereas voice biometrics can only play a limited, unreliable role.
Voice Biometric vs. Face Biometric Technology: A Summary
Given the above-outlined concerns, the risks posed by voice cloning in the realm of financial services demand immediate attention and action. Face biometrics stands as the best alternative.
Because there is such little data inherent in a voice recording, it has ultimately become impossible to distinguish between the real and the forgery. Due to the proven ease of circumventing voice authentication with synthetic audio within financial services use cases, and the lack of assurance the technology delivers, voice biometrics should only be used in very low-risk scenarios.
In pivoting from voice biometric authentication to facial biometrics for onboarding and authentication, or using both technologies, financial services institutions can achieve higher assurance that remote customers are who they claim to be. This can reduce fraud and financial crime, mitigate the risk of regulatory noncompliance, and improve customer satisfaction.
If you’re interested in learning more about iProov’s biometric face verification technology – or how to transition from voice to face biometrics – you can contact us or book a demo directly here.
Our next blog will examine how organizations can transition away from voice biometrics, and further details the specific differentiators that separate iProov face verification technology from other vendors.
Read Next: From Voice to Face: Transitioning Your Biometric Authentication