Protecting Voice Payments with 3 Little Words in the Amazon Alexa Voice Challenge

Unless you’ve been living under a rock, you know that “Alexa,” “Siri” and “Cortana” are the endearing names given to the various Artificial Intelligence (AI)-powered voice assistants that are making their way into our homes, as well as the enterprise. With their growing popularity, these voice-controlled devices are poised to revolutionize commerce by providing a frictionless way for consumers to make purchases from home. In fact, the use of voice-controlled devices for online shopping is expected to triple this year alone, while nearly 39 million U.S. adults already own a voice-activated speaker.

Contact centers are one area that will experience the greatest impact from the growth of voice-controlled assistants. Voice-command technologies promise to automate processes traditionally handled by agents and customer service representatives (CSRs), such as updating account information, taking payments, coordinating calls and resolving simple problems. However, customer convenience is only one part of the equation. The bigger question is: can voice assistants drive greater data security in the contact center?

AWS Builder Community Hub

Given the alarming uptick in data breaches, along with the fact that fraudsters are increasingly targeting card-not-present (CNP) channels like contact centers, these customer interaction hubs must find new ways to protect customers’ personally identifiable information (PII) including payment card information. Whether a purchase is made by speaking with a live agent or interacting with an AI-powered bot, the transaction frequently requires the customer to read their payment card details aloud.

This common practice potentially exposes the consumer’s sensitive information to a rogue or malicious agent who could jot down the card numbers with the intention of using them later for fraudulent purposes. Or, a hacker could tap into a call recording system and make off with any PII that was read aloud and captured. Further, the contact center may violate compliance with the Payment Card Industry Data Security Standard (PCI DSS) if sensitive authentication data (SAD), like CVVs, are stored on those recordings.

A Better Way to Protect Telephone Payments Using Voice Assistants

At Semafone, we believe there is a better way, and that’s where voice assistants can come into play. A vast majority of consumers already trust tech giants like Amazon and Google to store and secure their PII, and 94 million Americans store their credit card numbers online. So, it seems natural to leverage these companies’ voice assistants to secure CNP transactions – and that’s exactly what we’re doing with the prototype of our new “Phone Concierge” Alexa Skill.

We conceived and designed our Phone Concierge as part of the 2018 “Voice Challenge with Amazon Alexa,” a global competition from that aims to help companies develop and build innovative new solutions that leverage Amazon’s flagship virtual assistant in payments and commerce. And, we’re pleased to announce that our Phone Concierge prototype has been named a finalist in the competition.

Semafone’s Phone Concierge Alexa Skill with Voice Payment and Authenticate (ID&V) capabilities has been designed to strengthen data security during CNP transactions conducted through Alexa. It works by creating a time-based, single-use voice token wrapped up neatly into “Three Little Words (3LW).” The 3LW are securely generated by Semafone’s back-end server to supply across the voice channel, separating it from data channels and establishing a computer-telephony integration (CTI) connection. By asking a merchant to register a payment request, customers can quickly and easily authorize a secure payment by supplying a single-use 3LW voice token to authorizes the transaction, using their registered card. As a result, the payment channel shifts from a phone-based CNP transaction to a lower-risk, e-commerce transaction.

The Value of Voice in the Contact Center

By adopting this payment method, contact centers could quickly reap tangible benefits. With Alexa, for example, handling the payment card data and PII, contact centers can dramatically simplify compliance with the PCI DSS. In addition to the cost savings that stem from easier compliance, contact centers and their customers can rest assured that their most sensitive data is safe and secure. And, because the contact center does not hold the payment card data, they become much less of a target for hackers. By deterring breaches and other fraudulent activity, enterprise contact centers will be able to keep their company’s name out of the headlines and keep their brand reputation intact.

In addition, Phone Concierge offers reciprocal caller authentication using 3LW. It can validate a phone call between two entities, unknown to each other but known to Semafone’s back-end server. For example, when a merchant or bank calls one of their customers, the customer says, “Alexa, ask Phone Concierge who is calling me.” Alexa provides 3LW to the customer, which the merchant submits for authentication through Semafone’s back-end services.

This is an important capability – with increasing numbers of scammers and spoofers posing as banks and merchants to get their hands on sensitive data, consumers are more inclined to ignore inbound calls from a legitimate source. This could mean that the merchant loses a sale, or the customer misses receiving important information. Phone Concierge’s Authenticate (ID&V) function solves this growing industry challenge by allowing both parties to verify one another’s identity and carry out the conversation knowing that their data is safe.

Vote for Semafone

Our Phone Concierge prototype has been named a finalist in the competition, but we need your help to push it over the finish line. Voting is open to the public now through March 30, and winners will be announced on April 3. Please vote for Semafone in the “Most Disruptive” category by visiting

Vote for Semafone as Most Disruptive in the Amazon Alexa Voice Challenge

While we’ve only just begun to scratch the surface of the power of AI-enabled voice assistants in the contact center (and beyond), it is an ideal time for businesses to begin exploring ways to adopt voice technology. Voice automated processes can not only improve customer service, but also simplify compliance and drive greater data security through the safe exchange of voice tokens between consumers and merchants.

With nearly limitless use cases, Semafone’s Phone Concierge prototype demonstrates the value voice assistants like Alexa and others can deliver to both consumers and businesses by not only making our lives easier, but by also ensuring that our most sensitive data is handled safely and securely.

The post Protecting Voice Payments with 3 Little Words in the Amazon Alexa Voice Challenge appeared first on Semafone.

*** This is a Security Bloggers Network syndicated blog from Semafone authored by Aaron Lumnah. Read the original post at: