How biometrics are reshaping authentication [Q&A]

The death of the password has been predicted for a very long time, though other methods are now gaining significant traction.

Perhaps the most successful of these is the use of biometrics. We talked to David Stauffer, director of sales North America at Veridas, about how biometrics is transforming authentication across financial services and telcos, and how voice-based verification enhances security against fraud, user experience and operational efficiency.

BN: Biometrics have been evolving rapidly. How are they helping reshape authentication in financial services, especially for institutions like credit unions?

DS: Credit unions face a dual challenge: fraud is becoming more sophisticated, while members expect faster and easier digital interactions. Unlike passwords or security questions, voice biometrics allows people to be recognized by who they are, not by what they remember. That makes it particularly well-suited to high-trust environments such as credit unions, where personal connection remains a defining value.

Modern systems can authenticate members in just a few seconds of natural speech, without the need for scripted passphrases or lengthy security checks. This reduces friction for members, shortens call handling times for agents, and helps institutions deliver a more natural and secure service experience.

Equally important is resilience against new fraud techniques. Voice-based technologies now include detection layers that can identify synthetic or replayed audio before it reaches the agent, offering protection against emerging threats such as AI-generated deepfakes.

For credit unions, which often operate with leaner IT resources than large banks, deployment speed and ease of integration are critical. Cloud-native and API-first solutions allow going live in weeks rather than months, without heavy infrastructure investments.

BN: Voice biometrics is gaining traction as a secure method of authentication. What makes it particularly effective in combating fraud compared to traditional approaches like passwords or security questions?

DS: Traditional authentication methods, such as passwords or security questions, were built for a different era. They verify knowledge (something a person knows), but that information can be stolen, shared, or replicated. In today’s environment of large-scale data breaches, social engineering, and AI-driven identity fraud, these approaches no longer provide sufficient protection.

Voice biometrics takes a different path by verifying who a person is through their unique vocal characteristics. Advanced systems are designed not only to authenticate genuine users, but also to detect synthetic audio, deepfakes, or replay attempts in real time. This dual role, confirming the user while rejecting fraudulent inputs, provides a stronger defense than static credentials ever could.

Another advantage is the user experience. Authentication can happen in just a few seconds of natural speech, without requiring passphrases, PINs, or additional steps. It can also continue passively during a conversation, ensuring ongoing verification without disrupting the interaction.

By combining security, ease of use, and resilience against AI-driven fraud, voice biometrics represents a shift in how institutions approach identity. It is not just about replacing passwords, but about creating authentication that is both more human and more difficult to compromise.

BN: As digital services expand, there's increasing pressure to balance strong security with frictionless user experiences. How do you see the industry navigating that trade-off, especially in high-touch environments like call centers or mobile banking?

DS: For a long time, security and convenience were treated as opposing forces: stronger defenses meant more friction, while smoother experiences often came at the expense of protection. That trade-off is starting to fade. The industry increasingly recognizes that the most effective solutions are those that strengthen both at once.

This shift is especially visible in environments such as call centers and mobile banking. Customers expect fast, intuitive, and trustworthy interactions. At the same time, organizations must deal with fraudsters who use increasingly sophisticated methods, including deepfakes and AI-generated attacks.

Biometric technologies like voice authentication illustrate how these goals can converge. Authentication can take place in the background of a natural conversation, eliminating the need for passwords, PINs, or scripted security questions. Done properly, this not only speeds up service but also reduces vulnerabilities associated with static credentials.

It is not enough to create a smooth front-end experience; systems must also include detection layers that can identify synthetic or replayed audio in real time. Equally important are safeguards around privacy, compliance with regulations, and transparent communication about how personal data is used.

BN: How do you address privacy and compliance concerns, especially in markets like the United States where biometric data is highly regulated?

DS: Privacy is no longer a secondary consideration; it is the foundation of trust in any digital identity system. In the United States, this is especially important because biometric data is subject to fragmented state-level laws and evolving federal oversight.

The most prominent example is Illinois’ Biometric Information Privacy Act (BIPA), which requires informed consent, limits retention, and gives individuals a private right of action. Other states, including Texas, Washington, and California, have introduced their own frameworks, and the Federal Trade Commission has stepped up scrutiny of biometric and AI practices.

To address this complex landscape, organizations are taking three main steps:

• Data minimization: Modern biometrics uses Renewable Biometric References (RBRs), irreversible, non-linkable representations of a person’s biometric traits that can be replaced if compromised. Unlike traditional templates, which are permanent once exposed, RBRs provide a privacy-preserving alternative.
• Consent and transparency: Ensuring that users are clearly informed about how their biometric data will be used, and that participation is voluntary. This builds trust and reduces legal risk.
• Independent oversight: Submitting systems to external audits and aligning with global standards such as GDPR and the EU AI Act. These checks provide assurance that compliance is not just claimed, but verified.

Ultimately, compliance is the starting point, not the finish line. The real challenge is building systems that are resilient under regulation, but also transparent enough that individuals feel their data is not only protected, but respected.

BN: Credit unions in the US often emphasize trust and personal relationships with their members. Why do voice and biometric technologies resonate in that context, and what challenges still exist?

DS: Credit unions have always differentiated themselves through human connection, prioritizing personal service, community values, and long-term relationships over transactional efficiency. That’s precisely why voice and biometric technologies, when implemented thoughtfully, resonate so strongly in this environment.

Voice biometrics, in particular, offers a unique blend of security and intimacy. Unlike passwords or PINs, which are impersonal and easily compromised, a person’s voice is inherently individual and emotionally connected. Being able to authenticate members through natural speech enhances security and preserves the warmth and familiarity of a human conversation, something credit unions value deeply.

From an operational standpoint, biometric authentication also helps reduce friction. Members don’t need to remember complex credentials, and call center agents can serve them faster without relying on scripted security questions. This leads to shorter calls, higher satisfaction, and fewer vulnerabilities to fraud, all without disrupting the member experience.

Ultimately, voice and biometrics are not meant to replace the personal relationships that credit unions are built on; they’re tools to help protect and strengthen them. When aligned with ethical safeguards and member-first design, they can enhance what makes credit unions uniquely trusted institutions.

BN: Looking ahead, what role do you see biometrics playing in the next generation of digital identity and customer verification systems?

DS: Biometrics will be at the heart of digital identity, not just as a security feature, but as the core mechanism through which we prove who we are in a digital-first world.

The technology is moving from being a supporting security feature to becoming the backbone of digital identity itself. As passwords, tokens, and even physical documents lose reliability, identity systems are shifting toward models that are continuous, contextual, and inherently tied to the individual. Voice, face, and other biometric signals make it possible to confirm both presence and intent across digital and physical environments without placing additional effort on the user.

The future of identity is also likely to be less centralized and more privacy-centric. Instead of static credentials controlled by institutions, individuals will increasingly manage their identities through secure digital wallets. Within this model, biometrics will act as the bridge: enabling people to access, control, and prove their credentials seamlessly.

Several developments point in this direction:

• Decentralized identity models are aligned with initiatives like Europe’s eIDAS 2.0.
• Passive, continuous verification, particularly in high-risk sectors such as healthcare and banking.
• Advanced fraud detection, capable of identifying deepfakes, injected audio, or manipulated documents in real time.
• Stricter regulatory alignment, with global standards such as GDPR, the EU AI Act, and emerging US data privacy laws.

Ultimately, biometrics' role in the future won’t be limited to unlocking devices or verifying access; it will be central to how people prove who they are, control their data, and interact with the digital world securely and seamlessly. The challenge ahead lies in ensuring that this power is deployed responsibly and in ways that reinforce trust rather than erode it.

Image credit: jamesteohart/depositphotos.com