Securing internet and other remote access services has never been more difficult or important. Passwords can be easily stolen and provide only a low level of security. Digital certificates only verify the actual computer accessing your service, not necessarily the person at the keyboard.

VoiceVault’s Web Authentication delivers the ultra high levels of web site access security and identity protection required to protect confidential information and transactions.

It is easy to use and more convenient for end users than constantly carrying smart cards or tokens – which can be easily lost or stolen. Instead all that is required is access to a phone (mobile or landline) and a short phone call which can last less than 30 seconds.

Key Features of VoiceVault’s Web Authentication system

• Can be used to secure web site access or individual transactions.
• Fast, easy and intuitive. No end user training required.
• Highly secure password free solution.
• Verifies the physical presence of the individual accessing the web site.
• Identity protection – User ID’s and passwords cannot be captured from the User’s computer as they are never entered.
• One time passcodes can be digitally signed as issued to a specific person.
• Eliminates the need for expensive and inconvenient tokens or smart cards.
• Unlimited scalability.
• Defeats ‘phishing’.
• Eliminates costs associated with re-issuing lost or forgotten passwords.
• Reduces instances of user ‘lock-out’ associated with a failure to remember or key in correct multiple answers to security questions.

Web Authentication is highly complementary to VoiceVault’s Caller Authentication, enabling customers to adopt a standard identity verification process across call centres, IVR systems and web sites.

How it works

The User accesses the web site login page. The web site automatically generates a unique session code which is displayed on the Users screen, together with a phone number.

The User telephones the VoiceVault system and is asked to speak their ID and session code. The Users identity is voice verified. VoiceVault sends the session code and verified User ID to the web site server. The web site server generates a ‘use once’ passcode which is sent back to VoiceVault. VoiceVault’s text to speech engine converts the passcode into words spoken back to the User.

The User enters the ‘use once’ passcode into the web site login page to complete the process.

Any of VoiceVault’s extensive enrolment and verification options (including two factor authentication) can be applied to VoiceVault Web Secure.

Key security benefits of the VoiceVault Web Authentication:

• Verifies the actual person accessing your web service.
• At no stage does the User need to enter a User ID or a password into the browser, preventing theft by, for example, key stroke recording.
• Both the session and passcode are generated for ‘one off’ use and therefore of no value if copied or stolen.
• A passcode can only be issued for a valid session code generated by the Customer’s web site. If the User has been ‘phished’ and directed to a third party site the session code displayed cannot be used to obtain a passcode from the Customers system.
• VoiceVault’s sophisticated identity verification processes defeats impostors.
• A User’s spoken words can digitally sign the passcode, thereby legally associating it with the User.
• Unlike traditional passwords, a passcode can time out if not used within a short period of time (for example 1 minute).