In this blog, I am joined by my colleague Pauline Pinzuti, Marketing Manager to discuss how the use of voice biometrics can help telecom operators fight ID fraud.
What do mobile operations needs to know about telecom fraud?
Didier Benkoël-Adechy: Mobile Network Operators (MNOs) face unprecedented levels of competition and commercial pressure. As a result, many have created extensive service portfolios, extending far beyond just mobile communications. Perhaps inevitably, the wealth of valuable services now offered by operators has attracted the attention of sophisticated fraudsters.
Pauline Pinzuti: I completely agree – the threat posed to mobile network operators has multiplied exponentially over the last few years. The head of Security Operations of a major MNO actually recently said that “it is difficult to assess precisely the cost of fraud but this could represent up to 5% of the company’s revenue…”
How does identity impersonation fraud – also called account takeover fraud – actually happen?
PP: As the name suggests, with this type of fraud, fraudsters use the accounts of their victims to access the MNO’s services.
Fraud can occur using information gathered from a customer using social engineering. With phishing for example, customers can be tricked into providing information regarding their account. This information may then be used to contact an MNO’s customer service department and impersonate the customer.
DB: Fraud is moving to remote channels. In particular, call centres can have ineffective methods of verification when delivering services. Securing all the channels that fraudsters can target represents a major challenge for CFOs and fraud departments.
Looking ahead, we know that biometric authentication is an effective and convenient way to identify individuals. But how does this work for call centres?
PP: You’re right. The sort of verification tools that we use at airports, such as facial matching can’t be used in call centres. Instead, we can identify people through other biometric methods – like voice matching.
Drawing on the numerous different features that define the uniqueness of each individual’s voice, we can quickly compare a speaker’s recorded voice with thousands of recordings of known fraudsters held in databases to detect and prevent repeat fraud.
DB: This is really critical. A major MNO recently revealed that they suffered losses of up to €1 million a year through impersonation-based fraud at call centres, before the Thales effective voice matching service was put in place.
PP: By comparing and matching a caller’s voice with information such as the recording of a known fraudster, it is possible to address the threat of fraud before it becomes a financial liability for the MNO.
DB: From a different standpoint, the use of voice biometrics for authentication is also increasing in popularity due to its convenience by meeting customer expectations for easy and fast access to services. For instance, MarketsandMarkets predicts that voice biometrics will spike from $1.1 B in 2020 and will grow by 22.8% to $3.9B by 2026. This technology can be used to ease authentication for existing customers, replacing the inconvenience and risk of using PINs and knowledge-based authentication.
So how does voice biometric analysis work?
PP: The human voice uses more than 70 body parts. Each has a unique size and shape. Biometrics-based solutions analyse more than 140 physical characteristics (such as the size and shape of the larynx or nasal cavity) that make each voice unique. The use of these physical features is particularly significant. Unlike behavioural characteristics, such as the rhythm of speech, accent or intonation, they cannot be mimicked by a fraudster. A person’s gender and age range can also be revealed by analysing the voiceprints created from the recorded voices.
DB: It’s important to note, this technology is very different from speech recognition technology which is used to understand a specific instruction, regardless of the identity of the speakers. Just like facial recognition, voice recognition requires liveness detection to identify ‘spoofing’ types of attacks, such as speech created by fraudsters from the recordings of legitimate customers.
As far as the customer is concerned, the entire process of voice matching and detection is seamless. Indeed, it is invisible, with no disruption to the user experience or quality of service delivered by the MNO.
PP: Also, all the processes need to meet local regulations related to privacy. In particular, individual voiceprints held for authentication are encrypted and as a best practice, not stored with personally identifiable information. Voiceprints stored in a watchlist (or fraudster database) are also not linked to named individuals. They just indicate a risk of fraudulent activity.
What other challenges do you think are important to address in order to fight identity fraud?
PP: For MNOs, the fight against identity fraud is becoming more complex for two main reasons. The first is the proliferation of remote channels through which customers now interact with them – from call centres to online services. The second relates to the internal organisation of the MNO. Some network operators have numerous ‘silos’ within the company’s structure that are involved in fraud prevention. Multiple ‘silos’ within an organisation can undermine attempts to track the flow of losses to fraud. The heart of the problem lies in the fact that responsibility for measuring the impact of fraud, and implementing solutions, is split across several departments: fraud; revenue assurance (RA); credit risk; IT security; and network security.
DB: In fact, each department usually has its own KPIs and objectives in relation to fraud. And it is quite possible that no one has a 360° view of the level of fraud across the organisation.
Clearly, good communication and coordination is needed between all stakeholders. A number of major global MNOs have created structures in which different departments, including product marketing, are brought together to address revenue assurance and optimise fraud prevention.
Voice Biometrics solution is part of Thales Trusted Digital Identity Services platform, fraud detection, enrollment & authentication.