Usability Evaluation of Dialogue Designs for Voiceprint Authentication in Automated Telephone Banking

Usability Evaluation of Dialogue Designs for Voiceprint Authentication in Automated Telephone Banking

Nancie Gunson (The University of Edinburgh, UK), Diarmid Marshall (The University of Edinburgh, UK), Fergus McInnes (The University of Edinburgh, UK), Hazel Morton (The University of Edinburgh, UK) and Mervyn A. Jack (The University of Edinburgh, UK)
Copyright: © 2018 |Pages: 20
DOI: 10.4018/978-1-5225-2589-9.ch008
OnDemand PDF Download:


This paper describes an empirical investigation of the usability of different dialogue designs for voiceprint authentication in automated telephone banking. Three strategies for voice authentication were evaluated in an experiment with 120 telephone banking end-users: 1-Factor (voiceprint authentication based on customers' utterances of their account number and sort code); 1-Factor with Challenge (1-Factor plus a randomly generated digit string); and 2-Factor (1-Factor plus secret information known only to the caller). The research suggests the 2-Factor approach is the most effective strategy in this context: results from a Likert questionnaire show it to be highly usable and it is rated highest in terms of both security and overall quality. Participants welcome the option to use voiceprint technology but the majority would prefer it to augment rather than replace existing security methods.
Chapter Preview

2. Background

Although Internet banking is increasingly popular, with one survey reporting 47% of respondents used it in the previous month (Gartner, 2009), automated telephone banking continues to be an important service delivery channel for banking organisations around the world. The U.K. service on which the application in this research is based, for instance, has 4 million registered users, and receives 5.5 million calls per month. Its development is the subject of continued interest at the Bank.

The customer authentication process in the existing service is knowledge-based (“what you know”). Users must recall two digits selected at random from their Secret Number or ‘PIN’. The service is not alone in this method - the use of a PIN or alphanumeric password (or some combination of the two) is the current de facto standard for customer verification in U.K. telephone banking.

When they are used correctly, such passwords and PINs play an important part in the security of automated services (O'Gorman, 2003). However, the ubiquity of their use across different applications means that users are typically required to have many, making it difficult to remember them all.

A common response to this problem is to write some of them down or to use the same one across a number of different services, both of which have inherent security risks (Adams & Sasse, 2005; Dhamija & Perrig, 2000; Gaw & Felten, 2006). In one study (Dhamija & Perrig, 2000), for example, it was found that participants had ranging from ten to fifty situations where passwords were required, but in practice used one to seven repeatedly. Users have also been shown to choose passwords and PINs that are easy to remember, and are therefore high risk (Adams & Sasse, 2005; Bishop, 2005; Yan, Blackwell, Anderson, & Grant, 2004).

Complete Chapter List

Search this Book: