vbcsf: Reality Check: The Future of Secure, Mobile Authentication
May 9, 2013
Ollie Whitehouse of NCC Group and Lauren Horaist from RSA join Derek Top. Starting off with Ollie: Mobile Security and 2FA (two factor authentication). NCC is a large independent consultancy, iSEC Partners in the US.
Mobile security: reality and elephants, future enablers; authentication and mobile of 2FA and voice biometrics. Security threats are numerous: hardware, various OS platforms (iOS, Android, Windows), vendor customizations (undermining platform security), apps (poor design & implementation), user activity & practices (including jail breaking). Challenges (an elephant in the room): mobile vendor fragmentation, vendor spend on security, 18-24 month device life cycles, carrier certification of updates required, user awareness/education and experience with security patches and carrier desire for security patches. Continue Reading
vbcsf: Reality Check: The Case for Voice + Face Recognition
May 9, 2013
From jungles of Equador to Main Street USA using multi-modal biometrics, with Alexy Khitrov, SpeechPro. As always, it starts with the government (1958) with forensic audio analysis. SpeechPro is 22 years old, deployments in 75 countries. Strong R&D in core of company, 150 of them scientists and developers, 30 PhDs. Working globally with law enforcement, wide portfolio of related products for Enterprise clients. Increasing interest to voice as biometric in US and abroad, including Equador: country-wide system combined with face recognition. Two non-intrusive modalities, fewer challenges in collection: quick, no need to touch anything, can be done remotely, cheap and available hardware.
Customer experience vs security: challenges to customers, fraudsters keep coming with new ways. Security reacts with additional layers of questions, PINs, cards, etc. which drops customer experience. They’re doing Voicekey.Onepass: multimodal–voice + face, non-intrusive, seamless, biometric for web and mobile with existing hardware. Security: in their testing with both systems, they have yet to see a false positive. Patents pending, “liveness” detection through linking speech and face movement during utterance. Works great for financials, remote access to corporate networks, other.
Enrollment: put face in oval on screen, system will take a picture and prompt you to say your name and password three times (one tap). Level 1: tracking facial movements during passphrase.Level 2: prompted password, random combination of numbers. Key benefits: high accuracy, easy to integrate and use, works on mobile, web and physical access (voice phone). Applicable for Enterprise: passive verification, change of speaker detection, watch list search, emotion detection, speech analysis (they have products in each area). It’s never just one technology (VoiceKey Platform). Enterprise security doesn’t have to be work.
vbcsf: Reality Check: The Power of a Black List, the Promise of a White List
May 9, 2013
Mark Lazar of Victrio: Making it work in the real world. Victrio is emerging leader in passive voice recognition; team expertise in voice recognition and call centers. Three years of implementation experience, clients include three of top five financial firms. On track to screen 100 million calls in 2013. They have the largest fraudster database in the world.
History in voice biometrics over time: Schwab and HSN (1990s); Hartford Insurance, Marriott, US Bank (early 2000s); AT&T, Visa, Bank of America, First Horizon (mid-2000s). Late 2000s: American Express, ABN/AMRO, Bell Canada, Bank of America, Santander efforts terminated–detection rates were ok but huge number of false positives, wasn’t commercially viable. Some efforts moved to internal use only, others terminated. Today: customers are increasingly frustrated (65% frustrated, 50% too time consuming, and professional fraudsters aren’t stopped. Big target in call centers with social engineering (training, turnover; 1 in 5,000 is fraudulent). Continue Reading
vbcsf: What You Can Learn From a Phone Call
May 9, 2013
Patrick Cox of TRUSTID, Vijay Balasubramiyan of Pindrop Security, John Amein from Voxeo, and Dan Miller moderating this panel.
Introductions: Patrick is CEO of TRUSTID, career was based on knowledge-based authentication (interrogation methods). This event is focused on something we are. Also important is ownership factor of authentication–a physical something we have (like a unique key fob). They turn telephones into such an identity credential. Vijay is CEO and founder of Pindrop Security, came from Siemens, Google, largely in telecommunications, VoIP spam. When you get a phone call, you don’t know where it comes from. Lots of info in the audio that’s outside the voiceprint, which forms a context fingerprint (type of phone, geography, other). John: started in late 1990s to build secure apps for phone. Offered a platform for Voice XML, offered a developer environment to make calls for free. Over time, they saw abuse: calls to Nigeria, reverse billing; evolved to unprecedented and malicious levels of activity. Now phone is very different, we’re supporting mobile apps within their environment. They also partner with others in security.
Recommendations for flagging and using info? Patrick: “We get paid for flagging good calls.” We provide a token for calls before the call is answered, helps the IVR (incoming voice recognition) resolve. Providing feedback to agents. Voice biometrics is a powerful partner. Vijay: “at the end of the day, you want to solve your problem.” Looking at a platform that can solve multiple solutions, from audio analysis, signal analysis, voice biometrics, etc. Multi-tiered solution, space for all technologies to work together. Continue Reading