Archive for July, 2006

ABN AMRO introduces speaker verification for phone banking in The Netherlands

Friday, July 21st, 2006

ABN AMRO, a major international bank with Dutch origins, yesterday announced the progressive introduction of voice verification for its phone banking customers in the Netherlands. According to the press release (available in English and Dutch), “voice verification will initially be applied to customers making balance enquiries, transfers and investment orders via the telephone.” The technology is “fast, easy and, above all, secure”, and its introduction “means better access and more convenience for the customer”. The system has been thoroughly tested on 1.450 people, including relatives, six twins and testers temporarily suffering from a cold. ABN AMRO claims to be “the first major bank in the world to introduce this technology in this way”. The system has been launched for “a[n] initial group of customers”, whose “experiences will provide the basis for the continued roll-out in 2007″.

Judgeing from my own experience with another recent but as yet under-the-radar speaker verification project, I can generally agree with ABN AMRO’s security and convenience claims. Let me explain how this can work in technical terms, and provide some nuances:

ABN AMRO’s system initially asks customers to say their account number, and then first performs a voice/speech recognition (not: voice/speaker verification) task. By saying this publicly known piece of information, any caller (whether he/she is genuine or an imposter) can thereby claim the identity of the person who owns the account number in question. The accurate recognition of this account number is made easier by the embedded check digits, which help with ruling out invalid recognition candidates in the N-best result list returned by the speech recognizer. A correct first recognition is convenient because the caller doesn’t have to waste time retrying. From a pure speech recognition (again, not: verification) point of view, the prime objective is not security, but convenience.

Security really comes into play in the next phase, after a successful recognition of the account number. In this voice/speaker verification phase, the claimed identity is verified. Is the caller really who he/she pretends to be? Instead of a difficult to remember PIN code (convenience!), various biometric characteristics of the caller’s voice are compared to a previously recorded and stored voiceprint from the genuine owner of the account number at hand. This reference voiceprint has been created beforehand during a one-time enrollment phase, which is equivalent to the one-time assignment of a PIN code to a genuine customer. If the caller’s voice sufficiently resembles the reference voiceprint, the caller is considered genuine, and access is granted. In the other case, if the caller’s voice differs too much from the reference voiceprint, the caller is considered an imposter, and access is refused. The whole question now is: what exactly do “sufficient” or “too much” mean in the previous sentences? ABN AMRO does not want to reject genuine customers, and certainly does not want to grant access to imposters. The answer to this question must come from a tuning exercise.

Any speaker verification (sub)system – or biometrics (sub)system, for that matter – needs to find the right balance between security and convenience. When a verification engine compares the caller’s voiceprint to a reference voiceprint, it returns a score. If this verification score is above a certain threshold, the caller is allowed access. If not, access is refused. The major goal of verification tuning is to set the “right” verification threshold. This is done by analyzing thousands of actual verification attempts in a controlled test setting, and allowing for a certain percentage of false rejects or false accepts. In ABN AMRO’s case, 25.000 test calls have been made so far with 1.450 different people. Whichever verification threshold was chosen, ABN AMRO has had to strike a balance between security (as few allowed-in imposters as desired) and convenience (as few refused genuine customers as desired).

Ultimately, the trade-off between security and convenience in the voice/speaker verification part of an IVR system, reflected in a higher or lower verification threshold, is a matter of policy and risk analysis. The progressive roll-out of the technology in the coming months allows ABN AMRO to fine-tune this threshold even better, based on real caller data.

Does all of the above sound alarming? It shouldn’t. Even though 100% security and convenience do not exist in a voice/speaker verification setting, customers must realize that they do not exist in a PIN code based system either! In fact, PIN codes are much less secure: if my PIN code falls into the hands of an imposter who also knows my (publicly known!) account number, the probability of that imposter getting access is almost 100%. My voice, however, is not that easily stolen or duplicated. If, on top of the account number, ABN AMRO’s voice/speaker verification system asks the customer for an answer to a secret question, security is even greatly enhanced. The press release did not expressly mention any such feature, but chances are it will be present.

Although ABN AMRO’s claim to be “the first major bank in the world to introduce [voice/speaker verification] technology in this way” is probably exaggerated, the announcement is important news for other financial institutions in the Benelux and Europe.

So, who’s next?

Job: PHP programmer at Paratel in Vilvoorde, Belgium

Friday, July 21st, 2006

See the vacature.com job ad (in Dutch).

Job: IVR programmer at Paratel in Vilvoorde, Belgium

Friday, July 21st, 2006

See the vacature.com job ad (in Dutch).

No 118 service number(s) in Belgium

Wednesday, July 5th, 2006

Three weeks ago, the Belgian telecom regulator BIPT/IBPT published a Council Decision (in Dutch and French) on the (non-)introduction of the access code 118 for voice directory inquiry services in Belgium. After an extensive consultation of 13 market players (including the well-known fixed and mobile phone and/or cable operators, some international telecom carriers, a few not-so-new contenders but also a worker’s union and a consumer organization), the regulator decided to change … nothing about the current 4-digit scheme based on 12XX, 13XX and 14XX. Prominent examples in this numbering scheme are Belgacom-operated 1207, 1307 and 1234, as well as the more recent 1212 and 1313 operated by E.D.A. According to La Libre Belgique, both companies pleaded for the status quo, by the way.

The Belgian regulator was asked to rule on this matter by an anonymous new contender, who is not yet active on the Belgian market. The regulator’s role is to promote competition, contribute to the development of the internal market, but also to defend end-user intrests. Its decision to not adopt the 118 numbering scheme in Belgium goes against the CEPT/ECTRA Recommendation 97(01) on Numbering Access to Voice Directory Enquiry Services (PDF, Word). This non-mandatory recommendation has been implemented in 12 EU member states including all of Belgium’s neighboring countries, albeit in different forms (118, 118X, 118XX or 118XXX).

It looks like the goal of pan-European harmonization in Directory Assistance and related service numbers has not been and will not be met. If that was ever really desirable, given the simple fact of Europe’s language diversity. In Europe, cultural products don’t harmonize well – and that’s what phone applications basically are, when you think of it.