Paul Magee, Auraya: passwords are not a secure method to keep information safe
As attacks get more sophisticated, a layered approach to authentication is no longer a recommendation but a necessity.
While some might think of multifactor authentication as an inconvenience, the benefits of this additional security measure are indisputable, especially since one’s login information can easily be forgotten or accessed by threat actors. As the use of biometrics and stronger authentication methods are becoming commonplace, relying solely on passwords will soon be a thing of the past.
Today we invited a specialist in the field of voice biometrics, Paul Magee to talk about all things authentication. Paul is the Director and President of Auraya, a company creating the next generation of biometric identity verification methods.
Auraya has been in business for more than a decade. Can you tell us more about your journey?
The founders of Auraya have had decades of experience using voice recognition technology to deliver large and complex voice biometric solutions to organizations around the world. A little over a decade ago, the team decided that a completely new, cloud-centric approach was required to enable the benefits of fast, secure, convenient, easily deployed, and easy-to-use voice biometric solutions. Auraya was founded and attracted a global team of voice biometric experts to build a revolutionary voice biometric technology underpinned by six families of patents demonstrating the innovative processes and methodologies employed in the technology.
Can you tell us what you do? How is AI incorporated into your products?
Auraya is a voice intelligence company with the mission of empowering people and organizations to interact and engage with convenience and security in all channels and any language. Auraya focuses its efforts on developing advanced voice biometric AI to provide secure and frictionless speaker recognition and fraud detection capabilities for organizations.
Powered by Auraya’s ArmorVox core AI engine, EVA Voice Biometric solutions provide the capability of capturing, enrolling, and encrypting voiceprints. The EVA solutions use AI and machine learning algorithms within ArmorVox to crossmatch the user voiceprint against either a one-to-one or one-to-many voiceprints in the organization’s database and then produce a score of likelihood that triggers subsequent events.
Auraya’s EVA Voice Biometrics suite can be integrated into the client organization's secure cloud or on-premises infrastructure. Today, organizations can implement EVA Voice Biometrics into their contact center platforms, online web portals, chatbots, as part of a multifactor authentication process to gain access to secure services. EVA can listen to any conversation and alert when a known or suspected fraudster is spotted.
In your opinion, which industries should be especially concerned with implementing voice biometric solutions?
Auraya believes that every organization that wants to protect their employees' and customers' privacy and personal data should invest in voice biometrics. Voice biometrics compliments other security strategies such as using trusted devices to allow access to services. In multifactor security, process voice can confirm that the authorized person is using the trusted device, and the voice confirmation saying a one-time transaction code can make secure online access to services both more convenient and more secure.
The most active industries being targeted by Auraya include the financial services industry, government agencies, health services providers, retail and telecommunications industries. These industries are the most likely targets of fraud due to the large amounts of data and money that industries handle.
What techniques have you noticed threat actors use to bypass various identity verification methods?
The most important aspect of protecting systems from malicious actors is to ensure a layered approach requiring multiple factors. For example, if a person wants to access a service from an unknown device there may be additional steps in the verification process. Threat actors attempt to bypass and breakthrough voice biometric processes via mimicked voice attacks, synthetic voice attacks, and recorded playback attacks. Fortunately, Auraya’s voice biometric AI technologies boast patented features that mitigate the risks of these types of attacks.
Mimicked voice attacks can easily be thwarted as the AI engine can distinguish the difference between the voices, even if the common human ear cannot. Synthetic voice attacks can be thwarted as well as synthesizers usually have artifacts that expose it as a synthetically generated voice. Both mimicked and synthetically generated voices will provide a different likelihood score, allowing the system to flag these attempts as potential fraud.
Recorded playback attacks can be thwarted by issuing random phrase challenges. For example, instead of just asking the user to repeat their phone number to verify their identity, the system can ask the user to repeat a random phrase as a follow-up. This ensures that while the threat actor may have recorded playback audio of the victim saying their phone number, they would not have recorded playback audio of a random phrase that was just created.
What cybersecurity measures would you consider a must for organizations nowadays?
Auraya considers voice biometrics and multi-factor authentication a must for organizations today. Multi-factor authentication ensures a check on multiple different factors such as if the user knows the correct phrase for the account, has the right device, and is speaking using the right voice. With multiple factors, it becomes increasingly difficult for threat actors to break into an organization’s system.
Voice biometrics also provides the best security outcomes compared to other biometric solutions as fingerprints and iris/face prints are usually stored within the device itself. This means that if a threat actor manages to access their victim’s device, they are able to already compromise two factors of authentication. Voiceprints on the other hand are stored behind the organization’s firewall or a secure location of their choosing.
As for personal use, what actions can average individuals take to protect their identity online?
People need to understand that passwords are not a secure method to keep their information safe. Passwords that have been provided to organizations have been stolen and are available for sale to bad actors on the dark web. People habitually add a symbol or a number to a previous password and this makes it easy for motivated hackers to simply run through the normal password options to crack into a person's accounts. Passwords are not to be trusted.
In your opinion, where can we expect to see voice biometric solutions be used more often in the near future?
Auraya believes that accessing any service on any device be it a smartphone, tablet, PC, kiosk, car, television, voice bot, etc will use a combination of device recognition, facial or fingerprint recognition, and biometric voice recognition to allow access and confirm risk transactions. Voice provides a non-repudiable digital signature confirming both your identity and confirming intent to access the service or authorize the transaction.
What do you think the future of identity verification methods is going to be like? Do you think the use of biometrics is going to catch on?
The megatrends driving the adoption of all biometrics but especially voice biometrics are:
- Consumers desire more convenience. We want to be able to get what we want when we want, using our preferred method of transacting, be that a smartphone app, a voice bot, chat, instant messaging, calling an expert in a call center, or physically going to a store.
- Consumers desire more privacy and security. We want our privacy protected and we want to know that the organization we are trusting with our data is not going to compromise our sense of security by allowing hackers to steal our health records or financial data.
- Governments desire more regulations. There is an ever-increasing requirement from regulators to enforce more regulations such as GDPR, HIPPA, covering aspects of protecting personal information and AML/KYC ensuring the integrity of financial transaction records, and stopping bad actors from laundering money or contributing funds to terrorist organizations.
- The sophistication of bad actors. Bad actors are increasingly becoming more sophisticated and using advanced technology to threaten organizations, individuals, and whole societies. Rampant organized crime, nation-sponsored attacks, and motivated individuals’ access to worldwide resources on the dark web mean that there is always a new threat to protect against.
These megatrends will continue to drive the adoption of voice biometrics in tandem with other biometric and non-biometric security measures.
Would you like to share what’s next for Auraya?
Identity verification is the main driver of voice biometrics today. The voice biometric system answers the question “am I really who I claim to be?” Fraud prevention is also a big driver of demand where an unknown voice is scanned against a list of bad actors to determine if this conversation is coming from someone that shouldn’t be trusted.
The emerging uses of voice biometrics concentrate on detecting the different vocal traits that can be an indicator of other important aspects of our identity such as age, cognitive load, emotion, the language of origin, height. All these indicators can be added to the existing information that is being collected, such as the reason for the conversation and the words used by a person. This lake of information is available to organizations to help them better match the products and services to meet their customers and potential customer needs.