U.S. Bank is joining a short list of large financial institutions that are testing voice biometrics as a potential replacement for the traditional password. That list includes Wells Fargo & Co. and Barclays Plc.
Voice biometrics software users log in to an application or website by speaking a word or phrase. The word or phrase is compared to a previous recording the customer has made to verify it’s the same user.
U.S. Bank employees are piloting the software and using a simple passphrase such as “my voice is my password” to access credit card account balances, search transactions and make payments on accounts using a mobile device.
Dominic Venturo, chief innovation officer for U.S. Bank’s payment division, said mobile apps were all about functionality, allowing them to add features that solve problems. Venturo cited remote deposit capture and online bill pay as innovations that solved problems.
“Passwords are not optimal for mobile devices,” Venturo said in a phone interview. “They have small screens and keyboards, making it difficult to type in a password. From our perspective, voice biometrics is more secure, while for consumers it’s easier to use.”
Venturo said it’s also about taking advantage of something all phones have.
“Customers are becoming accustomed to using their voice to interact with their smartphones and can become frustrated with entering passwords,” the U.S. Bank executive said. “Exploring a spoken passphrase login … is a logical next step in our work in biometrics.”
Venturo didn’t dismiss the possibility that PINs, passwords and security questions will be replaced with voice biometrics or eye scans, but he cautioned, “They all have possible risks.”
He said a goal of the pilot program is to improve the customer experience.
U.S. Bank, a unit of Minneapolis-based U.S. Bancorp, and Nuance Communications, its Burlington, Mass.–based vendor, launched the pilot program in April. Venturo said the pilot program is open to all bank employees, including those in Southern Nevada.
Venturo would not reveal details about the pilot, other than to say the response from employees so far has been really good, as the test seeks a big enough sample size so the results benefit the investment made in the technology.
Venturo himself is one of the testers. “It’s faster than typing in my password,” he said.
Opus Research predicts that the global number of registered voiceprints will increase from 10 million this year to more than 225 million in 2015. “Voice biometrics strikes the right balance of strong authentication and usability,” said Dan Miller, senior analyst at Opus Research in San Francisco.
Participants download the mobile banking app and log in normally. Venturo said once you’re in, you can enroll your voice as your password.
The app will ask for three samples of your voice, he said. Once registered, you touch the app on the phone and log in with your voice.
If there are problems, the fallback is the user ID and password, the bank’s current method of authentications.
Robert Weideman, executive vice president and general manager of the Nuance Enterprise Division, said companies recognize that voice biometrics brings a new level of convenience and security.
“By eliminating the interrogation process that consumers are typically put through and replacing it with a natural, conversational voice interaction, companies can really start to reinvent their customer service experience,” Weideman said.
U.S. Bank has invested heavily in “enhancing these capabilities,” but “it is not investing only in one space,” Venturo said. The bank has redesigned its website and introduced a tablet site that’s “actually completely different from our mobile site,” he said.
Venturo said it was simply about “enabling our customers to use our (products) how, when and where they want.” He said the bank is “spending a fair amount of time” working on leveraging locations on a mobile device.
Venturo said the technology is about using their locations to inform them when they’re near a branch or ATM. At this time, he said, U.S. Bank is not looking at cardless ATMs.
Diana Dykstra, president and CEO of the California and Nevada Credit Union Leagues, testified recently at a special joint hearing of the Assembly Judiciary and Banking and Finance committees in Sacramento on the safety of personal data.
Dykstra urged legislators to “take action to reduce consumer credit data breaches.”
According to the Consumer Bankers Association and the Credit Union National Association, the costs associated with the Target data breach exceed $200 million. Dykstra said the breach has cost the nation’s credit unions more than $30 million, before fraud costs were taken into account.
Dykstra told lawmakers that 4.6 million cards were reissued by credit unions at an average cost of $5.68 per affected card. She said credit unions “have been swarmed by consumer calls about their personal data, requiring the nonprofit … organizations to absorb millions in additional costs.”
Dykstra urged the panel to incentivize retailers and third parties they contract with to better protect consumer data with tougher laws. She said “retailers have no real security standards, no financial responsibility … and no mandate to notify the public and hinder the financial institutions’ ability to inform the consumer where the breach occurred.”
Dykstra criticized both state and federal law, as they currently exist, for leaving consumers exposed. She said Nevada has a stricter data breach law than California, requiring merchants to fully comply with the Payment Card Industry Data Security Standard.
Nevada’s law allows for merchants responsible for data security breaches to be penalized under certain circumstances, including being issued a temporary or permanent injunction by the state attorney general’s office.