Voice Biometrics Group has been around for quite a while. One of the lessons learned early is the weakness of static passphrases. Static passphrases are what many voice biometric companies use as the standard approach for verifying a speaker’s identity.
The big learning was what you might expect — with the quality of portable recording devices such as smartphones, it’s not as hard as it used to be to catch you in the process of speaking your voice biometric passphrase and store that audio information with the intent of breaking into your account at a later time. In order to combat the recording of you speaking a passphrase, companies are forced to implement liveness detection. One of our competitors, for example, requires the person to speak an additional prompted phrase in addition to the standard passphrase. They then compare the newly spoken phrase against the previous phrase. Variants exist, but you get the idea — it requires more speech, randomized phrases, and lengthens the overall process and complexity of authentication. Furthermore, the risk of getting liveness wrong leaves open a few more percentage points of error with respect to false accepts, i.e., impostors getting through, on top of the possible error of not correctly rejecting based on the voiceprint.
Because of what we learned early on, we put focused research and development effort into creating an optimized configuration of our voice biometric engine that works with spoken digits. The digits can be in any order. Putting myself in the shoes of a person interacting with a voice biometric system, I at first found this odd. Digit strings, whether the same string every time or a different order each time, are meant for keypads. Spoken voice should use phrases or sentences. However, after a few interactions, I quickly recognized the elegance of using digits. It doesn’t take long to speak them. But more importantly, as an end-consumer, I recognized that being challenged by a random set of digits was an excellent way to protect my account from the obvious — someone recording me speaking my passphrase. On each authentication, I was prompted to speak a different sequence. In essence, liveness detection is inherently built into the process of using random digits. No additional time and effort is necessary on behalf of the user or the system.
We call our digit-optimized approach RandomPIN. Because of its inherent robustness, RandomPIN is the choice for approximately 80% of our customers using Active approaches. Static passphrases and static numbers work fine, but RandomPIN is the way to go for applications that need to use every possible means to prevent fraud.