A big security issue for call centres is the problem associated with authenticating the identity of the caller speaking over the phone. With no access to ID such as a drivers' licence, call centre agents often verify a caller's identification by asking a series of questions, including what the caller's mother's maiden name is. But that information can be obtained very readily, not least by the call centre agents taking the call.

This year's Australian BPay swindle, which saw a number of customer bank accounts unlawfully accessed, brought home the reality that sinister world of cyber fraud is perfectly at home here in Australia.

It is believed suspects paid bank call centre staff for confidential customer information. The electronic scam saw a 40-year-old man and a 22-year-old in court earlier this month on charges relating to the unauthorised transfer of funds between customers accounts. A 23-year-old man appeared in court last week, having been arrested for obtaining and supplying data with the intent to facilitate a serious computer offence.

So what tools can leave call centres sufficiently equipped to protect our confidential information?

Clive Summerfield, an expert in the field of speech recognition and speaker verification, told ZDNet Australia that the BPay scam -is the first incident I've seen where confidential information was used in a systematic way to defraud a financial institution, where a biometric application could have overcome that and strengthened the security of people's financial information as well as protecting privacy".

According to Summerfield, one technology that's really not being pushed to the front of the biometric debate is speaker verification technology-- which enables people's identity to be authenticated using their unique voice pattern over the telephone.

Speaker verification technology uses voice templates of pre-recorded passwords to identify individuals. Held in an encrypted file, no one hears those voice templates, but the technology detects whether or not it is the right word and if it matches the person who originally recorded the voice print. It then relays back to the agent whether or not the individual has passed the ID test. With the agent no longer privy to confidential information, the authentication process is quite anonymous.

-By keeping that confidential information away from human agents [call centres are] maintaining absolute security over the identification process," Summerfield said.

Although the technology is being used in some overseas banks and by the US prison system as a telephone security feature, Summerfield said there is no implementation of speaker verification technology in security sensitive areas, he knows of, in Australia.

Summerfield doesn't put this down to the cost of the technology, which he pointed out, -is not very high, particularly with the potential for damage there can be". Organisations, he said, already have the infrastructure in place to handle the implementation of speaker verification technology, which can be integrated quite effectively with Interactive voice response (IVR) and speech recognition technology.

Instead, Summerfied said it comes down to a matter of understanding the benefits of the technology and just how far this technology has come as a commercial tool.

-I think over the next 12 months we're likely to see the implementation of this type of technology emerge and emerge in more security sensitive areas," Summerfield said.

Two-factor authentication
However, John Brand, senior program director with IT analyst group META Group, disagreed with Summerfield's 12-month prognosis, saying that the voice recognition market itself has only really taken off in the last couple of years. -We won't see enormous take-up of [speaker verification] in the next 12 months," he said.

Brand stressed that combined with other technologies speaker verification makes sense, however by itself it's an extremely poor method of identification.

-It's no more accurate in determining identification than using caller ID on the telephone," he said.

Brand pointed out that there are a whole range of things that impact voice verification, such as colds and flus, medication, and stress--most of which speaker verification technology is insensitive to.

-As a verification mechanism, it's not that useful at this stage. Ultimately it will be, but that's still quite a way off," Brand said. -At this stage of the game I wouldn't want to bet the bank on it."

Brand envisages authentication encompassing a number of different methods of determining identity, and therefore -I don't see any driving need for [speaker verification] in call centres," he said. -If you're trying to improve security, this is not going to do it...it may streamline processes slightly, but it's not going to improve security."

Summerfield conceded that the technology is insensitive to certain conditions, such as colds and flus, but stressed that no biometric is perfect. -All biometrics can be fooled," he said, but -they can give you a certain level of protection more valuable that you already have manually."

According to Summerfield, there are various strategies that can be set up so that a pre-recorded voice can't be used to fool the system. For example, several passwords can be recorded, which the individual may be required say in a random order. That way a pre-recording of a password can't as easily be used to fool the system.

It gets to the stage where the cost of fooling system is higher than the benefit that would be yielded from fooling the system, Summerfield pointed out.

However, Matt Jones, a director at call centre consultancy company Vivaz, believes call centres will struggle to get general acceptance of non-human interface transactions.

According to Jones, voice recognition technologies are successful where they're used to give customers information such as stock price quotes, but as he pointed out, -Human behaviour is such that any transaction so significant to need precise authentication is probably a high-value transaction where human interaction is important."

The problem, he said, is forcing people to use it.

On the other side of the coin, Summerfield pointed out that with human intervention there is always an opportunity for human fraudulent activity and reducing the opportunity for fraud is a very strong message these days.

-Speaker verification is not a complete panacea but will reduce the abilities for [fraud] to occur," he said. -We all have locks on our door but it doesn't take two minutes to go and get a key cut."

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.