By Olga Kharif Most consumers, at one point or another, have thought about how easy it would be to steal an identity, particularly over the phone: You call your bank. To verify that you are who you say you are, a clerk asks for a Social Security number, address, date of birth, or account number. Fact is, a thief can get all that data by stealing a bank statement and talking to your friends. Then, he might order a credit card in your name or make money transfers out of your account.
Today's mainstream biometric identification devices can't prevent such mishaps. Few people have fingerprint detectors lying around the house. Ditto for face scanners, iris identifiers, and palm readers. Your birth date and Social Security number stand as your personal vault's only guards -- and not very good ones at that.
SWEEPING DEPLOYMENT? Fortunately, they'll soon get some assistance. A number of companies, including IBM (IBM), Microsoft (MSFT), and Hewlett-Packard (HPQ), have recently developed new biometric software and devices designed specifically with the phone in mind. Their solutions to the phone-security conundrum range from embedding detectors such as fingerprint scanners right into mobile phones and personal digital assistants to using a promising new biometric technique called voice verification.
En-masse deployment of voice-verification technology could happen within a year, with sales of related software and devices expected to rise from $45.9 million last year, to $224.6 million in 2008, according to researchers at International Biometrics Group, an independent industry researcher. That could turn out to be a conservative estimate. "Today, the market for voice verification is smaller than [the $3.5 billion market] for voice recognition, but that could be changing," says Alex Acero, a senior researcher with Microsoft's speech technology group in Redmond, Wash. "There's a lot more emphasis on security."
With good reason. Over-the-phone fraud already affects 12% of all banks offering e-payment services, according to the American Bankers Assn. And the problem could worsen as consumers do more banking and shopping on the phone and online. To facilitate such transactions, cell phones and PDAs will likely contain more crucial personal information, such as credit- and debit-card numbers. With mobiles doubling as electronic wallets, the implications of losing them grow increasingly serious.
SPEED COMPARISON. Enter voice verification. The technology comes in two flavors, one requiring additional hardware and the other dispensing with it. Los Angeles-based Beepcard, which makes the hardware-driven type, expects a major U.S. credit-card association to roll it out by the first quarter of 2006, says CEO Moshe Cohen.
Here's how it works: A special sensor on the credit card stores its owner's previously recorded voiceprint in digital form. When the owner receives a new card, he or she speaks a password into the sensor on the card. If the voiceprint matches, the card is activated. Cohen is currently in discussions with several consumer-electronics companies that are considering adding this same voice detector to devices like phones, to make them unusable to thieves.
Many telecommunications companies and banks are also looking at the other kind of voice verification, which requires no alterations to a phone. Caller-identification technology that software maker Nuance (NUAN) unveiled a year ago is already used by Canadian telcom Telus and is being tested by several U.S.-based banks and credit-card companies, says Nuance CEO Chuck Berger. It works on a simple premise: Customers make a short voice recording. The next time they call, the technology compares their live voice's range and speed with the recording.
The Nuance approach can save money for call centers. It costs about $5 for a live agent to ask those personal ID questions. Voice software can verify an identity in less time, for between 10 cents and 15 cents per call, says Berger.
HALF PRICE. The technology's reliability is improving. IBM Research recently developed special software that makes an ID by analyzing everything from the modulation of a speaker's voice to conversational word choices. That's a new wrinkle, because most of today's voice-verification technology requires a speaker to repeat a particular phrase. A 20-second recording collected using this new method, which is awaiting commercialization, could identify customers with what developers hope will be nearly unfailing accuracy, says IBM researcher Ganesh Ramaswamy.
On the hardware side, embedding biometric readers into mobile devices has finally become feasible as well, since biometric equipment prices have fallen by as much as 50% in the past five years as volume has increased. A simple finger scanner can cost as little as several dollars. LG Electronics already sells a cell phone with a fingerprint sensor in Asia. HP introduced a $549 version of an iPAQ PDA with a fingerprint sensor last fall.
Within the next few years, biometric identification related to phone transactions could go from a nice-to-have to a necessity. Fortunately, new technology available on the cheap has a chance to meet the ID problem head-on. Kharif is a reporter for BusinessWeek Online in Portland, Ore.