Santander announced the implementation of voice ID to help customers access the call center. This approach helps Santander reduce call center fraud but will prove less than optimal. Users need to call from a specific phone and repeat a phrase. The voiceprint is stored centrally by Santander that creates a honeypot. But perhaps most inconvenient is that it creates multiple authentication technologies that Santander customers need to learn. One for the call center and at least one other for a 3DS2 challenge. With planning, this could be one additional authentication technique using biometrics of the users choosing using a FIDO compliant implementation. In fact that solution can be used for the call center also. This has the benefit of eliminating any biometric information that needs to be stored by Santander:
- Telephone banking users will be offered the option of verifying themselves using technology which will recognise their voice and where they’re calling from</em
- Customers will need to call from a phone number uniquely registered to them
- They will then have to repeat a short phrase and their voice will be analysed
- HSBC and Barclays also both offer this feature – with HSBC saying it saved £300m in fraud last year”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group