Clients of Houston-based Aim Investment Services don't have to worry about remembering passwords or PIN codes when seeking information about their portfolios over the phone. That's because last year, Aim became the first mutual fund firm to adopt Nuance Verifier 3.5, a voice-recognition authentication system from Menlo Park, Calif.-based Nuance Communications.
Rather than typing ID numbers and passwords on a telephone keypad, an end-user of this voice biometrics technology simply speaks into the phone and the system confirms his or her identity by examining voice patterns.
"It's kind of cutting edge technology, using somebody's voice print," explains Jesse Dean, an assistant vice president of Aim Investment Services. "It's more secure than a PIN and easier to use."
To sign up for voice authentication, investors call into the integrated voice-response system and are prompted through a series of phrases, after which the system creates a voiceprint. When investors call back in the future, they simply provide their Social Security number, and the system compares the voice with the information on file to determine a match.
An Eye to Customer Service and Security
"People really like it," Dean says of the voice-authentication system, which is deployed through DST Systems' IVR platform. It has resulted in a 20 percent reduction in call duration and a 15 percent increase in the automation rate, according to Dean. And, from a security standpoint, he says, "We feel very comfortable with voiceprint."
In an age when investment firms must constantly fight hackers and protect their clients from activities like identity theft, the security benefits of voice authentication are not small concerns. Last year, the Federal Trade Commission received 500,000 complaints about fraud and identity theft. Losses exceeded $437 million.
Last fall, a teenager used a Trojan horse - a computer program that contains hidden computer code, in this case a keystroke-logging program - that was planted in an investment chat site to capture the investor's log-in information without the investor's awareness. The teen had bought $91,200 in put options on Cisco that were due to expire worthless, then allegedly executed a series of trades involving his own account and the account of the online investor to close out his options position, cutting the teen's losses by $37,000.
Security-breaching scams are getting more sophisticated and more frequent, creating a need for more aggressive security solutions. One of the more worrisome developments is phishing, where there's a mass distribution of e-mail messages that feature branding and Internet links that appear to come from financial institutions. Recipients are prompted to visit the sites and provide authentication data for their accounts, such as passwords and PINs. Because the sites appear to be official, people often cough up their private data unwittingly.
Industry sources say phishing has become a real problem. According to the most recent statistics from the Anti-Phishing Working Group (www.antiphishing.org), an organization formed to promote best practices and raise awareness about phishing, there were 176 reported attacks in January, up 52 percent from the prior month. About 13.6 percent were repeat attacks from previous months. While eBay was the biggest individual target, financial services was the business sector most under attack. Citibank saw 35 instances of unique attacks, while American Express had six, Visa two, Fleetbank two and Barclays, one.
An IT executive at a brokerage firm notes, "It's very difficult to protect against phishing. These guys are getting more sophisticated."