2 andrew barnett risk (4 3)

New Frauds & New

Technologies -Voice Biometrics & Corporate Online Banking

October 2015

Contents

• Driving force for implementation

• What is it?

• Implementation journey

• The thresholds

Voice Biometrics

Corporate Online Banking

• History

• Fraud attack vectors

• Our Response

• Future Implementations - Prevent v Detect

Why Implement Voice Biometrics

Voice of the Client – 2010 Survey

“Maybe they could ask me my name next

time”

“Impossible to get through your phone

security”

“Substantially reduce redundant security

checks it’s liudicrous”“stop the tortuous verification Q&A”

“if Barclays calls me to offer advice please

go ahead and do so without going

through the security rig marole”

“Long period taken for security verification

costing me international call charges”

Business Case -

• Improve Client Advocacy & Satisfaction

• A colleague journey that will provide our people to personalise every call and help Improve our Employee Engagement scores

• Reduce the Average Call Time

• Improve our risk profile

Fraud Risk not a major driver

Voice Biometrics - A Quick Guide

InconclusivePassVerifyEnrolConsent

What is it?

• A ‘template’ that uses the unique characteristics of a voice print

(more unique than a fingerprint) that is language and accent

independent and excludes all background noise.

How does it work?

• Once a client proves their identity, they are enrolled on to the

service and a voice print is stored against a unique ID.

• Each time they call thereafter, the live client audio is matched

against the stored print, and a result is presented to the Advisor;

PASS or INCONCLUSIVE

The Process

Eligible

Implementation Approach across our Businesses

Build & TestFriends and

Family

Service Centres International

(50% of client base)

Service CentresInternational

(remaining client base)

Build & TestService Centres

Intermediaries

Service CentresWM UK (20% of

client base)

I&I (RMD & RMS) Glasgow &

IoM

Client Relations

I & I

Service Centres

(WM UK & PCS)

Client Relations (WM

UK)

I&I (RMS London)

Wealth Asia(design)

2012

2013

2014

Build & TestOther businesses

Corporate Banking Servicing

Personal Banking (SkyBranch)2015

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

70.00%

80.00%

90.00%

100.00%

-72

-67

-62

-57

-52

-47

-42

-37

-32

-27

-22

-17

-12 -7 -2 3 8

13

18

23

28

33

38

43

48

53

58

63

68

73

78

83

88

93

98

Cumulative % of Clients’ Scores (period of 1 week)

Scoring for the voice biometrics system ranges from -100 to 100

Barclays Voice Biometrics Evaluation

ModelFirst Pass

False Accept Rate 6.23%

False Reject Rate 4.97%

Equal Error Rate 5.56%

Calibration Audio Files 460

Voice Biometric Scores Thresholds

0

10

20

30

40

50

60

70

80

-72-68-64-60-56-52-48-44-40-36-32-28-24-20-16-12 -8 -4 0 4 8 12 16 20 24 28 32 36 40 44 48 52 56 60 64 68 72 76 80 84 88 92 96

Vo

lum

e o

f C

lien

ts a

t each

sco

re

Scores received for clients over the period of a week

Selecting The Threshold

Voice Biometrics

Any Questions

Corporate Online Banking

The 2 factor, smartcard authentication device had

served us well for over 8 years, however during H2

2012 and H1 2013 the threat was seen as increasing

with larger number of Corporate clients infected with

banking malware.

First Fraud October 2013!

Corporate Online Cases

Total Cases to date 125

Successful Cases 64

First Attack Vector – Man in the Machine 1 – October 2013

Fraudster Client EnvironmentBanks’

Environments

Systems

Client

machin

e Idle

Smartcard

left in reader

Internet

Payments Out

Second Attack Vector – Man in the Machine 2 – June 2014

What was our response?

Communicate / Communicate / Communicate

Improve our front line security

Whilst continuing on our journey to implement our layered security

approach for detection.

Now / Future Implementations – Prevent v

Detect1. Prevent – Biometric Finger

Vein Readers for

authentication

3. Detect – Biometric user

profiles

2. Detect – Real Time

Payment Profiling

BioCatch - The Videos

Fraudsters

Session

User’s

Session

Cool or Creepy??