Financial institutions are now facing an uphill battle in the war against cybercrime. According to a new study from Symantec, the malware that hackers are using to target financial institutions has gotten extremely dangerous.
“As we had predicted in 2015, we saw an increase in attacks against corporations and financial institutions themselves during 2016,” stated Candid Wueest in the report. “With more than 1.2 million annual detections, the financial threat space is still 2.5 times bigger than that of ransomware.”
Here are some additional items of interest from the report:
Ramnit was the most active financial Trojan last year. It was responsible for 38 percent of [nefarious] activity.
At least 170 mobile applications were targeted for credential stealing.
Financial institutions in the U.S. were targeted the most out of any other country.
The report also mentioned social engineering as a major threat that financial companies are now facing. Hackers are now going to great lengths to spoof employees into surrendering sensitive information.
In light of this report, financial companies should strongly consider building advanced authentication tools into the framework of their digital applications and contact center communications systems.
We encourage financial companies to take a multifactor approach to user authentication by implementing a variety of different security technologies. This should include both traditional and biometric systems. For instance, passwords and personal identification numbers (PINS) could be offered alongside voice biometric, iris, face and fingerprint readers.
Why use a multifactor strategy? There are two major benefits: It provides an extra layer of security for users, and it’s more convenient.
To learn more about VoiceVault’s approach to security, click here.
The cybersecurity landscape has changed dramatically in recent years, as attacks have increased both in volume and sophistication. As such, the need for advanced user authentication has never been greater.
Despite this, many organizations continue to protect user accounts with outdated and inefficient authentication technologies like passwords and personal identification numbers (PINs), both of which are ill-equipped at stopping targeted and persistent attacks.
Fortunately, it’s getting a lot easier for the average business to upgrade to powerful voice biometric authentication systems, for extra security during money transfers and account logins.
In Fusion 9, customers can choose from hybrid, on-device and cloud-based deployment models. Plus, there are new biometric modes (Cryptocode and CRDate) for added protection against new threats like synthetic speech attacks.
Other exciting updates in Fusion 9 include a new, expanded UI portal with detailed transaction reporting and location services, audio playback and viewing and a full suite of administrative controls for adding users, language packs and configurations.
Businesses can also utilize Content Addressable Storage (CAS), which grants full control over its binary data storage in filesystem, database, Amazon S3 and more. These controls make it possible to duplicate, encrypt and migrate data between storage systems — allowing for significant cost reductions.
“As news feeds today are constantly filled with reports of data breaches, malicious cyber-attacks, biometric spoofing attempts, and synthetic speech attacks, VoiceVault is excited to launch VoiceVault Fusion 9 raising the bar against these anticipated threats,” stated Julia Webb, Vice President of Sales and Marketing. “With the ability to seamlessly integrate with other authentication factors, VoiceVault Fusion 9 continues to set the standard for voice biometrics in demanding consumer applications.”
Want to learn more about Fusion 9? Contact us today via the form below.
Over the last year or so, there has been a significant uptick in the number of financial institutions leveraging disruptive financial technology (fintech) services. Third party fintech providers are now streamlining everything from payment processing and lending to wealth management.
As these two industries continue to merge, though, cybersecurity is quickly becoming a growing concern to U.S. policymakers and regulatory agencies. Just recently, for instance, a group of business leaders from the fintech industry travelled to Washington, D.C. for a series of important discussions with the Federal Reserve Board (FRB), Consumer Financial Protection Bureau (CFPB), Office of the Comptroller of the Currency (OCC) and Federal Deposit Insurance Corporation (FDIC).
While cybersecurity wasn’t the only topic that was discussed, it was a big one.
According to The Hill, U.S. regulators are worried about operational risks associated with the use of novel technologies in financial settings. As such, regulators and policymakers expect financial institutions to “meet high standards for the due diligence and monitoring of their third-party service providers, especially around cybersecurity and data security.”
Of course, identity verification is a major piece of the cybersecurity puzzle for banks and fintechs. And one way that companies can strengthen authentication and reduce fraud is to embed multifactor security options into their applications — providing extra security options beyond traditional passwords and personal identification numbers (PINs).
While this may sound difficult, it can be easily accomplished by working with a company like BioConnect, a VoiceVault partner and creator of the BioConnect Identity Platform which supports a range of enterprise-grade biometric technologies including face, fingerprint and iris scanners. The BioConnect Identity Platform also utilizes VoiceVault’s cutting-edge voice biometric identity verification technology. Fintechs can use the BioConnect Identity Platform to obtain simple, user-friendly and highly-secure user identity verification.
“Ease of use, security and fraud reduction are major drivers as to why we’re seeing changes to identity verification within every day, run of the mill banking applications,” stated Bianca Lopes, Vice President of Strategic Marketing and Global Alliances for BioConnect. “VoiceVault has a brilliant track record and a sound voice recognition technology that will provide enterprise clients with ease of use, scalability and ultimately, greater choice by being a part of the BioConnect Identity Platform.”
Here is a scary fact: According to one recent study, 47 percent of businesses that were surveyed had at least 1,000 sensitive files exposed to every employee while 22 percent of companies had 12,000 or more.
Does this sound a bit like your organization? Chances are likely that your employees have sensitive data floating around on their mobile devices, which could be easily extracted by a sophisticated hacker.
Unfortunately, smartphones are highly vulnerable to hacking. Here are three unexpected ways that a hacker could break into a mobile device and lift information for personal gain:
Number spoofing: What’s the easiest way to break into someone’s phone? As it turns out, you don’t have to breach their device at all. Now, hackers can download a spoofing or caller ID application to mask their telephone number and assume someone else’s. Hackers could use this strategy to trick employees into surrendering sensitive information via SMS.
Motion orientation sensors: Smartphones contain a major security flaw, in that mobile websites and applications do not need special permissions to access motion and orientation sensors.
As explained in Android Authority, hackers are now using device positioning and movement sensors to hack passwords. When a user taps, scrolls or presses on a screen, in other words, each movement will cause the person to hold the device a certain way and it can be easily observed by a snooping third party. This information is very valuable to a hacker. In one study, hackers were able to hack four-digit PINS with 70 percent accuracy the first time around, and 100 percent accuracy the second time.
Masterprints: Here at VoiceVault, we maintain that fingerprint sensors — though effective most of the time — should only be used in conjunction with other authentication solutions like voice biometrics. This is because they can be vulnerable to attacks. Researchers, for instance, recently discovered that smartphone fingerprint sensors could be fooled up to 65 percent of the time by “master prints” which are digitally rendered from common fingerprint readings.
So take our advice: It’s time to fortify your business’s mobile end points before one of your employees’ phones gets hacked.
You may have read the news that the BBC have successfully caused HSBC’s Voice ID system, provided by another voice biometric vendor, to falsely accept the non-identical twin of an enrolled user. This occurred after the ninth attempt that the twin took to access the user’s bank account. Thus, causing the issue to be that of failing to follow best practices rather than a failing biometric element. Since all biometrics are statistical in nature, measures must be taken to ensure that the likelihood of a false accept is as low as possible. Current best practices can include account or device lock-out after multiple failures, which would have prevented the BBC’s false accept.
To further help financial organizations protect and prevent against this recent type of breach, VoiceVault is excited to share with you the upcoming release of VoiceVault Fusion 9. Version 9 of our core, proprietary, engine includes additional controls, new biometric modes, seamless integration with other authentication factors, and detailed reporting with location services. Official announcement and details forthcoming in the very near future.
In addition to staying on the forefront of voice biometric technology, we pride ourselves in working collaboratively with our clients and partners to suit each individual use case. With over 10 years of experience in the market, our team is more than happy to talk through the end-to-end statistics and recommend an array of additional methods of best practice, including the implementation of multifactor authentication.
As mentioned by a spokesperson from HSBC, since launching last year, HSBC’s Voice ID system has been successful in reducing fraud. Therefore, voice biometrics are still more secure than historic knowledge-based-authentication systems, such as passwords and PINs.
Consumer interest in biometric banking is very strong in the UK right now. According to one recent study, 56 percent of UK customers actually prefer biometrics to traditional authentication solutions like passwords — even though there is still some general confusion among customers about how biometrics work.
Another study found that British consumers are almost twice as likely to trust banks over government agencies with storing and keeping biometric data safe.
There’s just one problem:
In order for customers to move beyond passwords and use biometric technologies, banks need to provide access to them. And there are still some mixed feelings in the financial community about the role that biometrics should play in authenticating logins and transactions. Many people still believe that passwords are better for protecting consumer accounts.
Passwords vs. biometrics: The debate is on
Consumer demand has forced the conversation to move forward. Recently, the Digital Banking Club (founded by Intelligent Environments, the digital financial services providers) gathered at the Law Society, London to address the motion “This house believes the password will never be replaced by your body.”
The debate was chaired by Retail Banker International Editor and Digital Banking Club Chair, Douglas Blakey. Guest panelists from Forrester, Fujitsu and Intelligent Environments spoke for the motion, while representatives from Secco, DWC and MasterCard spoke against it.
Before the debate, 42 percent of people agreed that the password will never be replaced by the body. But after the debate, just 19 percent agreed with the motion.
Opinions about biometrics varied from expert to expert. For example, some panelists voiced concern over false acceptances (FA) and false rejects (FR) in biometric systems. There is a small risk, in other words, that a biometric solution could malfunction and grant access to an imposter or reject the right user. This problem, however, can be addressed by embedding multifactor security layers. If one layer is breached, a hacker will still have to enter further credentials.
What’s more, some technologies — like VoiceVault’s voice biometric identity verification — come with very low FA and FR rates. VoiceVault guarantees a FA rate of just 0.01 percent, and a FR rate of less than 5 percent. Not all biometric technologies will offer the same level of protection.
We can also argue that false acceptances and rejects happen all the time with passwords when accounts get hacked, or locked.
Will we ever see beyond passwords?
It largely depends on who you ask. Some of the panel at the Digital Banking Club debate, believe that while biometrics will be popular, passwords will never be completely replaced. However, other panelists argued biometrics will eventually replace passwords, but in time.
One panelist likened favoring passwords over biometrics to favoring a horse and cart over a car. The technology is outdated, inefficient and insecure. The same panelist mentioned a study from the Netherlands, conducted by Mastercard, where nine out of 10 participants indicated they would like to replace their passwords with biometrics. And almost 75 percent of users are convinced that biometric security will decrease fraud.
What was interesting is that every single panel member used their iPhone fingerprint scanners to access their debate notes on the podium…
So, should your bank abandon passwords right now?
For now, you don’t have to worry about replacing passwords altogether. But you can look beyond passwords and start phasing them out with biometrics, which can coexist nicely with passwords.
Your best bet is to give customers a variety of different security options, and let them choose the ones they are most comfortable with. If you try to force any technologies on them, you are liable to experience negative blowback.
As a contact center administrator, you’re seeking a voice biometric identity verification solution that will enable a secure, but convenient, phone-based login experience for your customers.
This is very important, as you don’t want to implement security with voice biometrics that customers will have a hard time using. This could result in a low user adoption rate.
As such, you have a tough decision to make: Should you opt for active or passive voice biometrics?
Active voice biometric authentication would require an end user to submit a correct voice sample every time he or she dials into the contact center. This is done by speaking a short phrase into the microphone.
Conversely, a passive system would require a customer to submit a single voiceprint during enrollment. No further samples would need to be given for subsequent logins, as the computer would naturally scan the user’s voice during a normal conversation with an agent. This type of enrollment takes about 45 seconds for the customer.
So, which is the better solution? The short answer is that it depends on your business’s needs. You can make a case for both kinds. But if there’s one thing you don’t want to base your security with voice biometrics decision on, it’s time savings.
Many people, in other words, think that passive authentication systems will lead to higher adoption rates because it saves the user time during the identity verification process. The truth, though, is that the difference between active and passive authentication comes down to just a few seconds. And most customers will dial into the contact center sporadically. It’s not usually an everyday task, and so a few seconds probably won’t be enough to annoy a customer.
To learn more information about VoiceVault’s solutions for contact centers, click here.
Facebook made several exciting announcements at its recent F8 developer conference. There was the launch of Facebook Spaces, talk of augmented reality and some exciting new features for Messenger.
Our favorite announcement, though, came when Facebook announced a roadmap to transition users away from passwords.
The plan is not going to happen overnight, but Facebook has already started the process. At F8, the company launched a closed beta version of Delegated Account Recovery, which will provide login assistance for users on affiliated third party websites. This program will allow Facebook to act as a backup security key when users cannot access their accounts. Users who forget their passwords for other sites will be able to use knowledge-based questions (like photo recognition) to recover their accounts.
The goal is to limit the amount of personally-identifiable information that users have to distribute when logging into accounts.
“We want to make sure we can let you use [identifying] information to keep yourself secure, but not have to trade your privacy,” state Facebook security engineer Brad Hill. “Right now you tell your mother’s maiden name to 500 different places and if any one of them gets hacked, then you’re vulnerable everywhere.”
As of right now, developers must apply to use Facebook’s technology, but eventually it will be open-sourced.
Since the program is still in its beta version, that means there is plenty of room for growth and innovation. One way that Facebook can make this service even better is to add a voice biometric identity verification component. Voice authentication is one of the most convenient —and secure — ways to authenticate an end user.
Why not try the technology for yourself? To learn more about VoiceVault’s free trial for developers, click here. A free demo app is available here.
The solution, which is currently being referred to as a “lip motion password,” requires an end user to speak a unique phrase into the microphone of a device. The biometric engine then scans the shape, movement and even texture of the user’s lips to determine their authenticity.
As of right now, the researchers have a patent for the solution and expect to deploy it soon for verifying financial transactions. It could also be used to verify ATM transactions and to grant access to private premises.
This development is fantastic news for the biometric identity verification industry, and one that we are excited about here at VoiceVault. Once the technology is cleared for commercial use, it will offer businesses yet another option for secure and convenient mobile authentication.
Security-minded administrators should feel good about using this type of facial recognition software, too. As Forrester pointed out in its Biometric Authentication Q1 2017 report, facial recognition software has significantly improved thanks to recent advancements in standards and algorithm development. The technology is becoming more secure, and more reliable than it was in the past.
It’s important to realize, though, that lip motion passwords will not be any better or worse than other leading biometric technologies like iris and fingerprint scanners, or voice biometrics. Rather, it will be just another option to consider. Administrators should think about the positives and drawbacks for each technology. And best practices call for deploying multiple biometric solutions for greater convenience and increased security.
At the end of the day, though, your business needs to be using at least one of these technologies to protect its mobile accounts. Many companies are still way behind in their information security efforts, despite the fact that powerful security solutions are readily available in plug-and-play format. In fact, according to a recent study only one in five companies now fully consider information security in their strategy and planning.
VoiceVault’s voice biometric authentication solution, ViGo, is cloud-based and can be easily embedded into any application or contact center service.
Free demos are also available if you are new to the technology. You can find out more information by clicking here.
Interest in mobile banking may be strong among consumers today, but user adoption continues to lag behind. According to one study, a third of consumers in the U.S. and U.K. claim they avoid mobile banking applications. About one third say will never use them. And almost three quarters of people in who agree blame security.
In light of this, many banks are reassessing their mobile security strategies as they attempt to make them more attractive for customers. We are seeing an increasing number of banks offering multifactor security options that integrate traditional password and answer-based authentication technologies with cutting-edge biometrics like voice, fingerprint and iris scanners.
Just recently, for instance, Australia’s ANZ bank announced it will begin offering customers voice biometric security to protect high-value mobile transactions of $1,000 or more. Previously, customers had to make these transactions in person.
“A person’s voice has five to ten times as many security points than other methods such as fingerprints so we know this will improve security and be welcomed by our customers,” stated ANZ Managing Director Customer Experience and Digital Channels Peter Dalton.
Dalton is referring to the fact that voice biometric engines can register points like the average pitch, speed and tone of a user’s voice. All of them must match in order to approve authentication, which makes it one of the most complex secure options out of all the biometric solutions on the market.
For years, VoiceVault’s mobile voice biometrics solution, ViGo, has been protecting high value mobile transfers for a major global bank as well as in many other financial institutions. VoiceVault has protected billions of dollars in transfers.
To learn more about how VoiceVault can protect your organization, click here.