Voice biometrics touted for financial services firms

I have seen an article on Voice biometrics as a factor in multifactor authentication a couple of times recently.

It is true that this would be a great method of authentication, and that it solves the problem of customers losing security tokens such as those offered by Verisign. However I am not too sure of the security implications. Recording someones voice is unobtrusive and relatively easy these days, and once it has been recorded you don’t know you’ve lost it. The advantage of tokens is that you do know. So in many ways losing tokens is an advantage!

I should also mention that the tokens are now quite unobtrusive. The new one on offer is the size and thickness of a credit card. I haven’t seen it myself but I hear it just fits into the wallet.

Another way of doing this “something you own” factor of authentication is via mobile phone SMS. That really is a good way as most people phones are with them all the time.

In short I would say voice has significant advantages, over the current system, and used in conjunction with say cookies would be pretty secure. However tokens also have advantages as explained above.

Lastly you have to look at the run out cost and how it effects you. A voice system would be high initial cost and low operating, and tokens low initial but higher operating (if your not charging customers for lost ones as would expect banks to do).