Planning Your Voice Biometric Deployment

Introduction to Implementation Planning

If you have read all of the other documents in our Getting Started section, and have found your way here, you are likely ready to start planning for a voice biometric deployment project. VBG is here to help you, and to get the process going, we've prepared this list of roughly 15 topics that will help to focus our collective efforts.

The topics provided in this Implementation Planning Guide are by no means exhaustive. However, if you have a good grasp for most of these issues and can provide reasonable responses to all the questions, you will be well on your way toward a successful voice biometrics deployment.

We recommend that you read this section fully. However, if you prefer to view a document, click here. You can fill the form out, scan it, and email it to us. This information will help to expedite the discovery process.

What Are Your Business Objectives?

What problems are you trying to address with the use of voice biometric technology? Be as specific as possible. Examples include:

• Need to add additional factor of security due to industry/regulatory/other guidance
• Need to reduce IVR or call center authentication costs
• Need to reduce call center fraud

As you consider your objectives, be sure to determine what will constitute project “success”. What are the specific metrics or success criteria you will be using to evaluate your project?

It may also be worthwhile to consider the business impact from NOT implementing a solution. This will help to establish the project’s priority relative to other projects under consideration.

What Contact Channels Are Impacted?

Are you looking for a solution for an enterprise application, web application, IVR system, call center system, voice bot, mobile application, IoT project, wearable device, and/or some other channel?

Again, please be as specific as possible. And, if you plan to implement a solution for multiple contact channels, please provide a prioritized order for deployment. There may also be different success criteria across channels, so note those as well.

How Big is Your User Community?

For each contact channel required, please try to quantify your user community as much as possible:

• How many users will you need to capture voiceprints for? Please provide data for the month of the initial deployment, as well as how the system will grow over time, until you reach full deployment.
• Please specify how many voiceprints will you need to create during an average month.
• Within your user community, do you expect high turn-over, such as may occur with an online education application, or will you retain users for years, such as loyal credit card or banking customers. Please be as specific as possible.

NOTE: The single biggest data storage consideration for the VBG Platform is number of users, so please provide accurate data. In turn, we’ll be able to provide you with better pricing estimates, and hardware estimates should you wish to deploy the VBG Platform in your own data center.

How Active Will Users Be?

Another key factor to understand is the frequency of usage for the system:

• Once you have fully deployed, how often will you be enrolling new users over time?
• How frequently will you need to authenticate or identify users? Once a week, once a month, once a year, other?

Another activity-related consideration is the daily usage patterns of your users. Do you follow a standard U.S. business day, or do you have global, 24/7 traffic, or do you have highly “spiked” request traffic, such as might occur when checking-in shift workers? If you have any usage histograms that show likely traffic patterns, workdays and weekend days, this can be very helpful to capacity and scale planning.

What is the Intended Usage Environment?

Will your end users all be in a relatively stable and similar environment, such as an office building? Or, do you have a mobile workforce who is subject to a wide range of usage conditions? Or, something in between?

We need to assess the likelihood for noise and other external factors and whether they might contribute negatively to your project’s success. So, please be as specific as possible, noting changes across use cases, business units, or any other application variations that you anticipate.

What Use Cases Do You Require?

VBG supports all forms of active and passive use cases. Have you given thought to whether RandomPIN™, or NaturalSpeech™, or Static Passphrase approaches are best for your users? Or, if you have multiple application scenarios, do you see opportunities to use multiple use cases?

When selecting a use case, it is critical to remember your users. For active use cases, will your users be compliant – or will they try to cheat the system? Will your intended usage environment support an active use case? Will your contact channel support your desired use case?

If you have limited time with your users, active use cases make more sense. Conversely, if you have a lot of conversational audio, passive use cases make more sense. Regardless of use case selected, you want to make sure your users are in an appropriate environment, with an appropriate device, that allows them to speak comfortably and naturally.

How Will You Enroll Users?

If you have selected a use case, then you understand the basic requirements that are needed to perform voice biometrics. However, have you given thought as to how you will enroll them?

For active use cases, you will need to somehow notify users that they need to create a voiceprint (can be optional or mandatory). Will you have any opportunity to educate them first, perhaps with a website, or via an insert in a monthly statement, or some other manner? Or, if a call center scenario, will you have your agents introduce the voice biometric system to callers personally? Or, will you use an opt-in option in your IVR system?

There are many possibilities, but if you are actively enrolling users, you should try to educate them as to the benefits of their participation. You should also give them guidance about where they should be speaking, the types of devices that work best, etc. A little up-front education and planning can provide many positive benefits to all parties.

And don’t forget legal and compliance-related issues when considering enrollment. For instance:

• How will you authenticate your users prior to enrolling them? You want to make sure that you are dealing with a good and valid user before accepting speech samples from them, so make sure you have a good process in place with integrity.
• Will you be asking your users for consent? Many new laws and regulations now require companies to notify users that Personally Identifiable Information (PII) such as voiceprints is going to be collected. And in some cases, there is a requirement to have written consent before continuing. Have you determined if this is necessary for your application or not?

Another activity-related consideration is the daily usage patterns of your users. Do you follow a standard U.S. business day, or do you have global, 24/7 traffic, or do you have highly “spiked” request traffic, such as might occur when checking-in shift workers? If you have any usage histograms that show likely traffic patterns, workdays and weekend days, this can be very helpful to capacity and scale planning.

What Languages Must You Support?

The majority of VBG’s clients are in North America, so we assume that U.S. English is the primary language. However, many of these same customers also need to deploy applications in Latin American Spanish and Canadian French.

Please list every language you need to support in priority order. And, if possible, include the relative percentage of the language to your overall user community. Are there any language variations as you move across multiple use cases contact channels or use cases?

NOTE: To-date VBG has deployed production applications in roughly 40 different languages. We have yet to find a language our technology cannot handle. The key to handling new languages however is to have data to model with.

What Devices Will Be Used?

For any of the channels and applications that will be involved in your project, please specify what device or devices will be used to capture speech samples.

• IVR, call center, and voice bot applications are assumed to use telephones; however, will you predominantly have mobile phone users? Or will there be a mix?
• Are there any unusual devices, such as wearables or IoT consumer devices? Please be as specific as possible if this is the case, as custom data collection projects will likely be needed.
• If you have your own IVR system, call center, or voice bots and are providing audio directly to the VBG Platform, please indicate the vendor you use for these systems. Or, let us know if you want to use VBG’s IVR system.
• Do you anticipate user switching devices? For instance, will they need to enroll from a landline and subsequently verify from a mobile phone? Sometimes switching devices can cause issues if not properly modeled, so please let us know about any such scenarios.

What Voice Biometric Functionality is Needed?

If you are using voice biometrics for multi-factor authentication, do you only require standard voice biometric enrollment and verification functions? Or, do you see any circumstances that require identification functionality being needed too?

If you are using voice biometrics for fraud detection and/or prevention, there are numerous additional considerations. Examples include:

• Do you need one or multiple fraudster databases?
• Will you be performing identification functions against just your fraudster database(s)? Or, will you be checking your customer or employee databases too?
• How many voiceprints do you anticipate in each database? How will the number of voiceprints potentially grow over time?
• If you have many user voiceprints in your database(s), do you have any data elements that can be used to reduce the comparison size? For instance, can you use geography, or application access, or other behaviors?
• Do you have an SLA related to fraud detection that we should be aware of? For instance, if you are involved with retail sales in your contact center, how long would we have to process data to potentially identify a fraudulent caller (before product was shipped)?

Where Will the System Be Deployed?

For you project deployment, will you be using VBG’s Cloud, or a public cloud provider like Amazon AWS, Microsoft Azure, or Alibaba Cloud, or do you need to deploy within your own data center (either private or fully managed like Rackspace or LiquidWeb)?

Also, do you require highly available operations, geographically redundant facilities and/or a “hot” standby site in case of data center failure?

If you are not using VBG’s data center, are you aware of any server requirements imposed by your IT organization – such as Windows Server, or CentOS, or other?

Do You Have Specific Data Retention Requirements?

By default, VBG stores all source enrollment speech samples (WAV files) and a copy of the active voiceprint for every user. These are stored as long as the user is actively using the system. On the other hand, for verification samples and transaction data, VBG only stores this data for 90 days.

If you have a regulatory issue where you need more or less data retention relative to samples used for verification and identification purposes, as well as the related transaction data and usage statistics, please let us know.

Finally, do you require a specific backup schedule?

Do You Have Specific InfoSec Requirements?

VBG takes information security very seriously. However, we provide services to a wide range of customers – from U.S. financial services organizations to consumer-oriented IoT developers. So, many customers have no specific InfoSec requirements, while others have quite stringent requirements.

VBG offers a fair amount of security-related protocols and policies relative to our VBG Cloud (shared) hosting system. Such elements include:

• SOC-1 Type 2, SOC-2 Type 2, and SOC-3 compliant data center
• PCI Level 4 certified
• Annual Penetrating Testing
• Quarterly PCI scans
• GDPR Compliant delivery framework
• Incident Response and other security-related documentation

For most cases, these adequately address company InfoSec requirements. However, if your organization has any requirements above and beyond these, please let us know. We may be able to accommodate them.

Are You Subject to Special Laws or Regulations?

Increasingly, there is industry-specific guidance, regulations, state or federal laws, or other laws and statutes specifically geared toward the protection of Personally Identifiable Information (PII).

In the U.S., several states have a Biometric Information Protection Act (BIPA), including CA, TX, and IL. In the European Union, the General Data Protection Regulation (GDPR) requires that numerous additional security-related protocols be in place. Biometric systems are considered a special category of PII.

Are you aware of any users of your intended system being protected by BIPA, GDPR, POPI, AC AB-375, or any other law or statue, domestic or foreign? If so, please list them and provide us with any additional requirements that will be placed on VBG.