The fundamental principle of a risk based authentication model is to provide a number of different biometric challenges to customers depending on the level of risk of each transaction.
For a low-level risk transaction a single biometric such as face or voice biometrics is sufficient. However where the level of risk is such that it is necessary to provide the maximum level of confidence that the customer is in fact who they say they are, then a combination of face and voice recognition will be required which includes liveness detection.
Low level risk is generally considered for goods and services that are of a low monetary value. When this type of transaction occurs the speed of access for the customer is the priority. Thus fingerprint recognition on the device or face recognition on the device can be used, even though this is just a confirmation of an individual to a specific phone.
If a customer then chooses to make a payment that is of a higher monetary value then the biometric recognition will take place not on the device but on the banks server. In this case a single biometric such as face or voice recognition can still be utilised.
Where the transaction is considered to be a high risk then a combination of face and voice recognition is the best solution.
By asking the customer to look into the camera on the device and conduct face recognition the software quickly checks that the face is one that it is looking for and once it has found the face it then ask the customer to speak out loud five randomly generated numbers. Only when the customer has spoken those exact numbers and the software has matched it will the customer be allowed access to their account.
By utilising two biometrics plus sophisticated liveness detection it is not possible for fraudsters to replicate the biometrics or utilise replay attacks which makes this solution extremely secure.