The User Identity Challenge on Alexa Just Got Worse

By Jessica Donofrio 4 years ago

On January 22, 2019, Ry Crist of CNET shared that Amazon has enhanced its developer tools by simplifying the process of adding in-skill purchasing right within the Alexa Developer Console.  Previously, developers were required to write their own code to add this important, revenue generating capability into their Alexa Skills.

We applaud Amazon for these improvements as they will increase the availability of in-app purchases across the Alexa ecosystem.

That said, Amazon should anticipate a rise in customer frustration as erroneous charges are made through in-skill purchasing.  Amazon even parodied it themselves with their wildly popular Super Bowl commercial. Is a spoken PIN really enough to secure high value transactions?  Amazon better staff up its customer service department to handle refund requests.

At Privakey, we believe the real problem with Alexa is the lack of strong identity assurance.  Who is really talking to my Alexa?  Is it me?  A family member?  A guest of my home? Any of whom could overhear my spoken PIN and repeat it.

For the Alexa ecosystem to flourish, there has to be a better way for the Account owners of an Alexa skill to confirm high value exchanges.  Purchases are the most likely examples, but others include gaining access to health insurance claims or making changes to my home security system.   Strong identity assurance is needed anytime that high value, high risk information is being exchanged. Enabling these types of interactions would make Alexa a lot more interesting than the basic (and frankly boring) actions people do today like ask for the weather or play a favorite playlist.

Someday, in the distant future, Alexa’s voice recognition capabilities may be good enough to distinguish between my voice and everyone else.  Until then, we believe the right approach is to combine the best natural language interface in Alexa with the most ubiquitous device in our lives – our smartphones.

Our smartphones already have the secure execution elements and biometric sensors needed for very high levels of identity assurance.   With these capabilities, our smartphones—that we carry around with us everywhere—are the perfect solution for confirming sensitive interactions initiated on Alexa.

So what would this look like?The Bank of Tomorrow App showing a Transfer Confirmation powered by Privakey

Use a money transfer example—I would speak to my Alexa banking skill a request like, “Alexa, transfer $500 from my checking to savings account.”  Instead, or in addition to using a PIN, I would receive a push notification through the bank’s mobile app, requiring me to confirm the transfer on my phone and assert my identity with a biometric like FaceID or fingerprint.    In this manner, the only person that can confirm the transfer is me, as no one else can impersonate me in this exchange.

Our questions to the Alexa skill developer market are: What would it mean if you definitively knew the identity of the person interacting with your skill?  What would be possible for you to build in terms of more valuable voice initiated services?

We are passionate believers in voice technology and Alexa.  The time is now to extend what’s possible to do on this emerging platform.  It is our vision that Amazon would build transaction confirmations with strong identity right into its Alexa app on iOS and Android.  Although each developer could do it themselves, like Amazon has done with enabling an easier method of in-skill purchasing, adding approval capabilities to the Alexa app is the fastest and best approach to solving the identity problem.

In full transparency, Privakey offers a secure, multi-channel customer engagement platform that delivers confirmation of high value, high risk exchanges whether they’re initiated on Alexa, the web or any other interface.   Our technology is a catalyst for exciting enhancements to the Amazon Alexa ecosystem in the years to come.

this post was shared 0 times