What’s wrong with Knowledge-Based Authentication (KBA)?

For many years, online and telephone-based authentication has relied on knowledge-based systems using passwords, PINs, and question-and-answer dialogues to confirm a customer’s identity. With the explosion in the number of contact centres, this approach is close to breaking point. Nobody in the modern world can be expected to remember all of the passwords they need to securely access all their services.

Workarounds don’t work

Imposing requirements for password complexity doesn’t help. If forced to include uppercase characters, numbers, or non-alphanumeric characters in a password, almost everyone simply turns the first letter into a capital and adds a “1” or an “!” to the end.

The more adventurous may also change letters to easy-to-guess numbers (so “e” becomes “3”, “i” becomes “1”, “o” becomes “0” and so on). By doing this they effectively bypass the system providers’ intentions. Their passwords are still easy to crack, and the providers’ rules have merely made them more difficult for users to remember.

Many attempts have been made to thwart the scammers, with some services completely side-stepping the issue by relying on third parties: controlling access via authentication credentials provided by Google, Facebook, LinkedIn or the like.

But this is not an effective solution: a scammer could easily hack into other accounts with the same or similar passwords, or even create a fake account. There are also some serious privacy issues with this approach that make it undesirable for any critical authentication scenario.

A simple solution

Headaches such as these can be easily avoided by using a voice biometric authentication system. These systems add a much-needed layer of security to authentication that’s simultaneously difficult to circumvent and easy to deploy.

Versatile and powerful voice biometric systems, such as Aculab’s VoiSentry, provide an easy speaker authentication method that doesn’t rely on memorisation of complex passwords.

VoiSentry is unusual in that it has extra security features such as multiple integrated spoof detection algorithms: it not only indicates when a fraudulent attack may be happening, but also provides detailed information about exactly what type of attack it’s likely to be.

Multiple Presentation Attack Detection (PAD) modules discriminate between the attack methods being used, whether it’s an attempt to impersonate another person’s voice (mimicry), playback of pre-recorded samples of the target speaker, the use of advanced speech technology to create acoustic signals which resemble the target’s voice (speech synthesis / text-to-speech), or a system to convert one person’s voice to sound like that of another (voice morphing).

Enhanced security

Security can be further enhanced by using multi-factor authentication and integrated spoken digit recognition. By prompting the speaker to say randomly selected, but memorable numbers (date of birth, house number etc.) it’s possible to simultaneously authenticate the speaker with both voice biometrics and speech recognition.

VoiSentry provides unmatched ease of access and security, helping contact centre operators to effectively mitigate the risks associated with fraudulent account access. It also provides a fast and frictionless solution for call centre authentication, improving both the customer and agent experience.

Find out more about VoiSentry.