The key biometric?

[Dave Birch] When Nick Ogden, the CEO of Voice Pay, said that the use of voice biometric technology will improve security and consumer confidence making it far safer for shoppers to buy goods and services he’s very probably right. The synergy between the the next generation of security (biometrics) and the next generation of cards (phones) is just too overwhelming and, as I’ve consistently maintained, requires relatively small advances in the technology to deliver significant benefits. The technology applies across both local and remote channels: Voice Pay helps consumers to buy using their mobile phone from a TV or print advertisement instantly or pay for goods in a shop. To use it, buyers simply call the national Voice Pay number and authorize payments over the phone using their voiceprint as a signature. The Voice Pay schemes also offers buyer and retailer additional safeguards such as integrated anti-phishing technology, which “ensures total confidence in the stores that process payments with Voice Pay”. Now, the last time a vendor showed one of our clients a system like this, I was genuinely surprised by how good it was: I was initially skeptical whether it would work at all over a mobile phone, but it worked very well. I shouldn’t really think of it as a future payment technology at all: ABN AMRO (or ABN Barclays or RBS AMRO or whatever it is by the time you read this blog) is already rolling the technology out to 4 million customers in the Netherlands this year.

Technorati Tags: biometrics, identity, mobile

One of the reasons why voice is so powerful as a biometric is that can combine what people say with the way that they say it, which means that it provides two-factor authentication in a single action and it can do it at a distance over the voice channels. Fingerprints, iris scans, retina scans, and face recognition can all produce biometric identification (what you are), but something else is needed to provide a second and more secure authentication factor (something you know, for instance). Remote scanners for the other biometric security mechanisms are expensive and not widely deployed, because remote biometrics are useless unless they are in a tamper-resistent device. Phones, on the other hand, are ubiquitous, cheap, and well-understood by consumers and they work as remote devices because systems can ask consumers to respond to arbitrary phrases and these make it difficult to mount effective replay attacks.

Not only are voice systems therefore less expensive than some alternative biometrics, such as fingerprints, they are also more accurate, apparently, according to the Dr. Clive Summerfield, a founding member of the Australian National Centre for Biometric Studies. This is of special interest in the digital identity world, because something as accurate as fingerprints but viable over remote channels (primarily the mobile phone, of course) has the potential to be a very disruptive technology.

I wonder what security experts will make of the situation in the U.S., where voice recognition biometric security devices are being used to protect girls’ diaries. As the writer notes, if voice recognition can pass the rigorous demands and fanatical testing that is no doubt being conducted by this new class of consumers, then this is a security technology that should be incorporated in the highest levels of the Pentagon.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]