Guides
Guides
Breadcrumbs

Voice Biometrics - Antifraud FAQ

Overview

This page provides answers to frequently asked questions regarding Omilia's Voice Biometrics (VB) technology.

Frequently Asked Questions

The customer (e.g., a bank) is responsible for ensuring regulatory compliance. This includes implementing appropriate consent mechanisms, such as through an Interactive Voice Response (IVR), when using Omilia’s VB functionality.

How are biometric recordings stored and secured?

Biometric recordings are considered Personally Identifiable Information (PII). Omilia's Storage Service stores these recordings in Amazon Web Services (AWS) S3 buckets. All buckets are encrypted at rest by default using Server-Side Encryption with AWS Key Management Service (SSE-KMS) keys.

What are the regulatory responsibilities for enabling Voice Biometrics?

The customer, acting as the data controller, is responsible for complying with all applicable privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These responsibilities include obtaining end-user consent and conducting any required Data Protection Impact Assessments (DPIAs).

As a data processor, Omilia adheres to the customer's agreed-upon instructions and assists with carrying out any required DPIAs. Omilia is also obligated to inform the controller if an instruction is believed to infringe upon the GDPR.

What is the retention period for biometric data?

The retention period for voice biometric data depends on its purpose. Audio used for Voiceprint creation is stored for approximately two years. This technical requirement allows for the continuous provision and improvement of our models to maintain quality and accuracy. Audio used for verification is stored for 60 days. If a user opts out, all associated data (such as Biokeys, recordings, and voiceprints) is deleted. We recommend that customers incorporate these retention requirements into their data processing instructions to us. Customers should ensure that their legal basis for processing and their data protection notices to data subjects account for these retention periods.

How does the system protect against artificial voice and vishing attacks?

The system incorporates Liveness Detection to protect against artificial voice-based attacks. Its features include:

  • Text-to-Speech (TTS) detection

  • Replay attack detection

  • Out-of-domain vocabulary detection (e.g., detecting off-topic speech during a banking call).

For more info, read the article.

How does the system identify a customer after their initial registration?

After a customer enrolls, the system verifies their identity on subsequent calls through the voice verification process.