General Regulation No. 538 (NCG 538), issued by Chile’s Financial Market Commission (CMF), marks a turning point in cybersecurity and consumer protection in financial services.
Download the document: Voice Biometric Authentication
The new rules of the game: what NCG 538 requires
NCG 538 seeks to strengthen end-user confidence through a set of measures designed to prevent fraud and protect digital transactions. It will apply to all entities supervised by the CMF, including banks, card issuers, savings and credit cooperatives, and financial service providers.
Among the main changes is the mandatory implementation of Strong Customer Authentication (SCA) for certain critical transactions, which will come into effect on July 1, 2026. From then on, ARC will require at least two independent authentication factors, such as knowledge (password), possession (token), and inherence (biometrics).
The regulation specifies the situations where ARC is mandatory, including:
- Electronic funds transfers.
- Digital onboarding of new customers.
- Changes to passwords or personal data.
- Enrollment or replacement of trusted devices.
This means that simply using a password or a coordinate card will no longer be sufficient. Entities must adopt mechanisms that integrate at least two categorical authentication factors, i.e., different ones.
This new approach to security has technical, operational, and user experience implications. On the one hand, it forces institutions to modernize their digital channels; on the other, it poses a challenge: balancing regulatory compliance with a simple, frictionless experience.
This is where voice biometrics comes in as a powerful tool to facilitate compliance with NCG 538 without affecting the customer experience.
Voice biometrics: Inherent, secure, and frictionless authentication
Voice biometrics uses unique characteristics of the human voice to verify a person’s identity. Each voice has a unique “biometric pattern” composed of physical and behavioral elements.
The most advanced voice biometrics solutions have the ability to not only authenticate customers and users, but also detect fraud attempts. In addition, they can be integrated into different channels (telephone, app, or website).
Discover more about how elevate your fraud defense with Voice Biometrics
Advantages of voice biometrics over other methods
- High usability: no need to remember passwords or use one-time codes. All you have to do is speak.
- Robust security: resistant to brute force attacks, deepfakes, and traditional fraud.
- No specialized hardware required: voice can be captured with a standard microphone, whereas other methods require specific sensors.
- Greater accessibility and coverage: works on any device with a microphone, even on telephone or remote channels. Ideal for customers who do not have smartphones or devices compatible with fingerprint or facial sensors.
- Seamless and natural experience: voice is used intuitively and can even be validated passively during a conversation.
- Implementation in non-visual channels: enables authentication in call centers and voice interactions, where other biometrics do not work.
- Seamless experience: generates less resistance, is perceived as a more natural process, and improves customer satisfaction by reducing steps and errors in the authentication process.
A well-implemented voice biometrics solution not only enables compliance with NCG 538, but can also reduce operating costs, accelerate digital onboarding flows, and increase customer loyalty.
Specific applications of biometrics under NCG 538
The practical application of voice biometrics allows for the effective resolution of several of the cases covered by the standard.
1. Digital onboarding of new customers
The digital onboarding process is one of the most critical in terms of security and compliance. By integrating voice biometrics as part of the enrollment process, institutions can verify identity in real time using a pre-established phrase or passive validation during the interaction. This method significantly reduces cases of identity theft, preventing fraud from the first contact with the customer.
2. Authentication for transfers and sensitive transactions
In critical transactions such as wire transfers or large payments, the combination of voice biometrics and an additional factor (such as a push message or digital token) allows for strong authentication requirements to be met without adding complexity.
This is particularly useful in channels such as telephone banking or financial apps, where friction must be kept to a minimum.
3. Account recovery and personal information changes
When a user forgets their password or needs to modify sensitive information (email, phone number, etc.), it is essential to validate their identity with maximum certainty. In this context, voice biometrics provides an additional layer of security that goes beyond the use of secret questions or SMS, which are vulnerable to attacks.
4. Device enrollment or replacement
Device switching can be exploited by attackers to gain control of accounts. Voice biometrics allows users to be authenticated naturally and reliably in these scenarios, reducing the attack surface without affecting the user experience.
While complying with NCG 538 is a regulatory obligation, it also represents an opportunity for financial institutions to evolve toward a new security- and user-centric reality, and voice biometrics can be a great ally.
Learn more about voice biometrics by clicking here.