Should Retail Be Using Voices Instead Of PINs At Checkout?

A company that makes speech recognition software for PCs is pushing the idea of using voice recognition instead of PINs and passwords for mobile commerce security. But a much better place to use it might be at in-store checkout, where conventional security is increasingly under pressure.

The software vendor, Nuance, makes the Dragon Naturally Speaking dictation software, used in Apple's (NASDAQ:AAPL) Siri and Google's (NASDAQ:GOOG) Android voice dictation function. But the technology is also being used by some banks and mobile operators as a form of biometric authentication. Nuance claims it now has 99.6 percent accuracy in matching spoken passphrases and did 100 million voice verifications last year, VentureBeat reported.

For mobile, that's a convenience. But in-store, where checkout privacy is nonexistent and transactions increasingly depend on relatively insecure PINs, voice identification could be a much more secure replacement.

Four-digit PINs are simply too easy for thieves to capture by shoulder-surfing another customer, rendering both PIN debit and chip-and-PIN payment cards too easily subject to fraud. Customers are also notorious for failing to secure their PINs. The fact that fraud isn't the retailer's fault won't register with customers; if card fraud comes after the card was used at just one store, the customer will assume the store was breached.

But voice recognition doesn't depend on a secret PIN—anyone can know the passphrase. It's the actual voice that provides the security. That cuts out shoulder-surfing PIN theft, avoids the problems of other biometric security (fingerprint scanners are especially vulnerable) and would allow chains to have standard passphrases in case the customer forgets her personal phrase.

The problem is that most retailers have limited use for more secure in-store customer authentication right now. Unless Visa and MasterCard show a preference for it, it won't be acceptable for payment-card security, and no security is needed for most loyalty-card functions. (A stranger wants to use a customer's account to score points for the customer? Hard to see the customer complaining.)

The one place where there's a security need is when loyalty points are redeemed, and that's not likely to justify the cost of adding a microphone to every checkout stand, plus back-end software to do the authentication.

For more:

- See this VentureBeat story

Related stories:

Retailers Say It's PIN, Not Chip, That Cuts Card Fraud
Will MasterCard's New NFC Trial Give M-Commerce Transactions Chip-And-PIN Rates?
Visa's Chip-And-No-PIN Plans For The U.S. Making Some Nervous