Voice Biometrics and Voicebots

Advances in Natural Language Understanding are leading to a sea change in the contact center, starting with text chat. Live text chats are making way for automated chats in a chatbot, a form of artificial intelligence ("AI") that enables the customer to experience a natural interaction to get what they want from a machine instead of having to connect with a live person. The same idea is now coming to the world of automated voice in the call center, ushering in a next generation of IVR that is AI-enabled. You may hear of this as "voicebots" or "next generation IVR" or "NLU IVR" or "conversational IVR" or "virtual agents."

Companies have attempted a natural language type dialog since the days of a startup called Wildfire in the mid-1990's, only to suffer from extremely high cost and inability to be open-ended. The latest in AI and machine learning, however, promises to make this generation of voicebots vastly better than previous attempts.

How do you authenticate with Voicebots?

Just as in live agent interactions, security and privacy demand a reliable means to authenticate the person on the other end of the phone. Live agents use knowledge-based authentication ("KBA"), asking questions that presumably are unlikely to be known except by the person who matches the account number in question. And of course, voice biometrics in the form of a Static Passphrase or RandomPIN™ enhances the current live agent authentication in the IVR before transferring to the agent. However, with voicebots, the goal is to fully automate the interaction, hopefully handling more issues through automation, thus saving money and reducing customer wait times. What's the best means to authenticate a fully automated call? Is KBA the right approach? Some forms of KBA that rely on dates and numbers should work fine. Other KBA options won't work well, especially odd spellings of names and locations. And KBA is a single factor and thus less secure. Fortunately, there's a good solution to authenticating voicebot interactions: voice biometrics.

Voice biometrics automates authentication in two ways

One obvious approach to automate authentication is to implement an active voice biometric, such as a Static Passphrase or VBG's RandomPIN™, just like in a traditional IVR in front of a call center. Active voice biometrics adds an extra layer of security. It is faster than a typical agent KBA interrogation. But on the other hand, it requires explicit enrollment and verification by the caller.

Less obvious is a clever application of passive voice biometrics, VBG's NaturalSpeech™ technology, as an example. A voicebot attempts to engage the caller in more of a natural way. If you capture natural, conversational utterances from the caller as the caller interacts with the voicebot, you now have the makings for a NaturalSpeech voiceprint. By using VBG's model update capability, you can add new utterances, whether on the same call or subsequent calls, to your voiceprint until you have created a sufficiently robust voiceprint. Then on a future interaction, you use one or more utterances for verification.

Several critical success factors exist for a real-world deployment:

  1. You must be able to update the voiceprint with additional speech data over time and not rely on a single submission to create or verify a voiceprint
  2. You must keep track of whether you have collected enough speech for a robust voiceprint
  3. You need to know whether you have accumulated enough speech for a reliable verification, as it may take more than one utterance to capture three seconds of speech

VBG's latest API now gives you this information for each user identity as you make enrollment and verification requests. You don't need to keep track on your end, simplifying your development effort. Your application can stay focused on the user dialog. And only when you have a conclusive result do you need to take action.

Benefits of passive authentication

Authenticating using a passive voice biometric offers distinct advantages:

  • No additional work by the caller; no instructions to follow or explicit enrollment
  • No risk to the user experience and the fear that customers will disklike the system because of extra effort or a failure to authenticate
  • Easy implementation within the voicebot that can be phased, first starting with a data collection before acting on the results

These advantages mean that adding passive voice biometrics to a voicebot is a no-risk proposition. If you have a voicebot and verifying your callers is important, there's every reason to begin a passive voice biometric project right away.

Regulatory considerations

An important point to keep in mind is that voice biometrics, like other biometrics, is considered private and is by definition Personally Identifiable Information ("PII"). You have an obligation to inform your callers that you are recording their audio information. And if you follow GDPR, you must acquire opt-in confirmation from the caller after informing the caller you are using this information to create a biometric. On the one hand, that may seem threatening to a valid customer. On the other, that's also a significant deterrent to would-be fraudsters.


Voicebots are a trend that is gaining momentum and will likely become the de facto standard for IVR. At the same time, authenticating callers is more important than ever, and the voicebot needs a reliable authentication method. Voice Biometrics Group offers highly reliable and easy to implement solutions for both active and passive authentication in a voicebot.