IAPP-GDPR Web Banners-300x250-FINAL

By Don Peppers and Martha Rogers, Ph.D.

When the Federal Financial Institutions Examination Council released guidelines in late 2005 that advocated multi-factor user authentication during electronic transactions, banks online and off were spurred into action. The big words - "multi-factor user authentication" - made the task sound more daunting than it actually was, but banks quickly understood that before too long they'd have to require more than a user name and password for transactions and account access.

Somerset Trust Co., a regional Pennsylvania bank, heard the message loud and clear. At the same time, it feared that changing its privacy/security/authentication practices could not only prove difficult to implement and communicate but also spook set-in-their-ways customers.

Dick Stern, Somerset's Senior Vice President and Treasurer, said the company considered any number of solutions.

"One vendor suggested a token that customers would have to keep with them at all times," recalled Stern. "Another said that we should have a series of questions and answers. Another wanted to give customers a card that would help them do a translation for privacy and security purposes."

Ultimately, Somerset went the keep-it-simple route, tapping voice-biometrics firm VoiceVerified for a new security protocol. "The main appeal is that it is easy and intuitive," Stern said. "Tokens, cards, all that other stuff - sometimes, the medicine is worse than the cure."

Banks, such as Somerset, are certainly aware that securing their customers' information is as basic as counting the money back correctly when a customer cashes a check. Customers choose banks in part because they trust that their financial institutions are going to get it right, time and time again. This dynamic bears out in research done by the Ponemon Institute, which found in a 2006 survey that 68 percent of respondents who gave their banks accolades for privacy believed in their banks' commitment to protecting their personal information.

"Preventing data breaches has become a top priority for banks, partly due to state notification laws, but primarily because customer loyalty depends on it," said Joseph Ansanelli, Chairman and CEO of Vontu, Inc., which sponsored the 2006 Privacy Trust Study for Retail Banking. Ansanelli, in a news release issued with the survey results, added that the study "clearly demonstrates how much banking customers care about data loss prevention."

With the introduction of new technology, Somerset and other banks increasingly have new options to consider and vet as they carefully choose a solution that will help the institution achieve its security protocols and earn consumer approval.

"Voice verification has been around for 20 years now, but it's never had market acceptance," explained John Lazzaro, VoiceVerified's Vice President of Financial Services and Fraud Solutions. "With phishing and so many other scams out there, it's becoming pretty clear that user names and passwords aren't strong enough to prevent abuses."

Here's how the VoiceVerified technology works: A customer either calls into a system or is called by the system, and is asked to recite six, five-digit phrases. >From that, the system creates a mathematical representation of his or her voice. For subsequent transactions, the customer is prompted to recite a random five-digit number; if the voice matches the voiceprint, he or she is granted access or approval.

Somerset selected VoiceVerified mostly because of the simplicity of its offering.

"We're not asking customers to do anything complicated," Stern said. Convenience also comes into play, in that the VoiceVerified technology can be used from land lines, cellphones, voice over IP and more.

"Customers have to want to use it in order for it to be effective and, on our side, for it not to be a nightmare to support," Stern said.

Right now, Somerset is nearing the end of a pilot program in which about 25 people are test-driving the new system. Some of their feedback already has been taken into account, especially in the way the proposed changes will be communicated to existing customers. Somerset may also tweak the enrollment and verification processes.

When Stern ventures into Somerset's call centers or surveys other customer touchpoints, he senses a great deal of frustration with existing privacy and security measures. He believes that the VoiceVerified technology, when rolled out on a larger scale, will end such problems.

"You have to spend a few minutes in [the call center] to understand just how [dissatisfied people are with ordinary call center technology]," he explained. "You hear people getting really upset. They're saying 'I answered those security questions right: I gave my first dog's name, I gave the high school I attended.' The simplicity of just using your voice has to be better than that."

Somerset doesn't plan to roll out the VoiceVerified system until the pilot program has been completed, but Stern believes the simplicity will prove a quick hit with customers. "What we're asking the customer to do, through VoiceVerified, is nothing more than the things they do every day: dial a number and repeat a series of digits," Stern said.

Assuming no major hiccups, look for a full rollout within a year.





If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Spots Going Fast

With the top minds in the field leading this exceptional program, it's no wonder it's filling quickly. Register now to secure your spot.

Be Part of Something Big: Join the Summit

Registration is open for the Global Privacy Summit 2016. Discounted early bird rates available for a short time, register today!

Data Protection Intensive Returns to London

Registration is now open for the IAPP Europe Data Protection Intensive in London. Check out the program!

P.S.R. Call for Speakers Open!

P.S.R. is THE privacy + cloud security event of the year, and you can take a leading role. Propose a session for this year's program.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»