Banks, credit card providers, and other companies and institutions are recording and analyzing your voice to create a permanent voiceprint record of you without your permission. They can also store, trade, or even sell your information as they please, with no benefit to you, and which may result in negative credit and security issues as your voice print is circulated to other banks, credit card issuers, credit agencies, employers, government agencies, and other entities. Use the enclosed form letter to tell your bank or credit card to stop voiceprinting you, and warn them if they do not stop, they will have to pay you each time they do!

When you call many banks (such as Chase), credit card providers (like Citibank), or many other firms' customer service telephone numbers, your voice may be (and often is) converted to a unique digital pattern, or voiceprint, which can then be matched against voiceprint databases to give the bank or called business additional information about yourself which may not be a matter of public record. Your bank or credit card may even proceed to sell your voiceprint to other banks, credit agencies, goverment agencies, and in general, to entities which build and maintain voiceprint databases and literally profit by monetizing your voice, potentially to your detriment. Voiceprints can also be made from recordings of your voice which are stored digitally, such as when you speak (instead of use Touch Tones) to a bank's telephone/IVR (Interactive Voice Response) system, have a recorded conversation with a Customer Service Representative (CSR), or leave voicemail messages for company employees.

While this form of biometric authentication and indentification, formally termed "digital voiceprinting", may be useful for those who don't want to remember PIN codes and passwords, if the voiceprint data is stolen or compromised, any accounts with other banks/companies which employ similar digital voiceprinting technologies (or use a common voiceprinting service) would potentially no longer be secure, since while you can change a PIN or account number, your voice and voiceprint remain the same for life.

What controls do you have over this information once you (unwittingly/unwillingly) "provide" it? How do you know what your bank or other business is doing with it or what it is using it for? How can you stop your voiceprint biometric information from being used?

Have you ever called your bank, credit card provider, financial institution, or other company or corporation, and heard a recorded message like:

Thank you for calling ABC Credit Card Company. This call may be recorded and your voice may be used for indentification or security purposes.

(For example, Chase Bank places a similar announcement/warning when you call their main customer service and Interactive Voice Response (IVR) number of (800) 935-9935.)

By doing so, the called bank or company is providing you, the caller, with notice that they will not only record the call (which prior to the use and retention of voiceprints was fine as recordings could later be used for quality control and to ensure that Customer Service Representatives perform perform their jobs with courtesy and in a tone and manner consistent with their duties), but also that they will now sample your voice and store a "voiceprint" of it which they will maintain in their records (and possibly sell or distribute to others).

While this allows the bank or company to readily identify you and not require a PIN code or password when you call, the use of biometric authentication, including voiceprinting, means that once you are voiceprinted, you can't take it back. While some people may not mind this, it presents problems when:

• You want to call a bank or company on behalf of someone else who has authorized you to do so, such as a parent, relative, or as in the case of corporate accounts, to call on behalf of the primary cardholder, other cardholders at your business, or the (non-person) corporate entity of record.
• As in the case above, you are asked to temporarily manage a given bank, credit card, or other similar account, in cases where the account holder is sick, needs some assistance, is traveling abroad, or for some reason isn't able to manage their account themselves. The account holder thus provides you with password, numeric PIN, or other authentication information on a temporary basis to facilitate your accessing their account. When the account holder recovers from their illness, or returns from traveling, etc., they can call the bank and change the authentication information to deny you further access; you remain anonymous to the bank as you were merely acting as an agent for someone else as a favor. However, with voiceprinting, even though you have nothing to do with the bank, the bank now has your unique and life-long biometric information by way of a voiceprint, and there is little to nothing which you can do to prevent them from storing it or doing whatever they wish with it, including using it to identify you if/when you engage in business with the bank/company at a later time, or creating lists of your associations and interactions with respect to their other customers.
• The biometric voiceprint information, once provided, can never be withdrawn, and you as a caller have very little to no control as to what a bank or company can do with it.
• Should the bank or company have an information breach (as happens way too often it seems), and you authenticate yourself with an account number and password/PIN, then the password or PIN number can easily be changed, securing the account once again. But with a voiceprint, once it is given to the bank (or obtained without proper notice or permission), it can never be withdrawn, and the voiceprint can be used to gain access forever to any other account or service which uses voiceprint authentication. And unlike a password or PIN, which can vary from bank to bank, so that if one bank were compromised your other accounts at other banks would still be secure and unaffected, if your voicepirnt is stolen, every account you have at any bank, credit card, or other company or institution which uses the same voiceprint technology could also be at risk.
• The bank or company can also enrich themselves at your expense, by selling your voiceprint information to other firms, collection agencies, governments, or law enforcement. You earn nothing from "providing" your voiceprint recording, nor from its use and sale, while (as usual) the bank or company (secretly) profits from you without your permission by finding another way to "monetize" you for their own gain at your expense.
• Your voiceprint may be used to blacklist you, deny you credit, or subject you to unwarranted government scruitiny: Many prisons "encourage" inmates to provide voiceprints, and the call recipients are thus voiceprinted as well during the conversation. If you were to call a prisoner, or the given prisoner called you (perhaps by mistake just once), your voiceprint could be matched up with what was sold to the public by a bank or company whom you previously called, and once the association with prisoners was made, your voiceprint would be added to a list of "risky" potential customers, which banks, credit card providers, mortgage brokers, stores, insurance agencies, apartment buildings, and any other firm or company which looks at your credit profile (or other emerging biometric profiles) could resultantly use to deny credit, insurance benefits, residency, and so forth, based on an accidental phone call or otherwise tangential association, merely on your unseen biometric footprint, derived from voiceprints taken by your bank or similar entities.
• Your voice can be emulated or reproduced by increasingly sophisticated computer software, thus allowing criminals, criminal organizations, or anyone with a few hundred dollars and a laptop to "fake" or artifically reproduce your voice. If a given bank, credit card, or company's voiceprint authentication system is fooled as a result, criminals can access and take your funds, set up new accounts and lines of credit, ruin your credit, and generally cause hardship and problems for you, due to the use of digital fingerprinting as a means to authenticate your account.

Other states have also enacted or in the process of enacting similar laws; New York State is modeling a law similar to that of Illinois, where companies may be fined merely for obtaining biometric information without consent, without the customer or account-holder having to show that there was some immediate monetary loss suffered as a result.

We encourage readers to support state and Federal efforts to curtail the use of biometric identification, provide robust consumer protections and controls as to how and when their voiceprints and other biomteric information is used and shared, and to impose significant fines and penalty regimes similar to that of Illinois, which forces banks, credit card companies, and other businesses to obtain permission in writing prior to obtaining voiceprints and other biometric information from account-holders, customers, or other callers.

Additionally, until such time that there is a nationwide set of rules and protections governing the use of voiceprints and biometric recognition technologies, when we find (or suspect) that a given company with whom we deal employs voiceprinting technologies, we send the following letter to not only let them know that we don't wish to have any biometric/voiceprinting technology employed during our calls to them, but to also set up an agreement that if they do employ such methods of biometric identification, that they are agreeing to pay us a fee of $1000 for each time that they do!

In effect, we are setting up a contract where a given company is notified by our letter that if they use/sell any biometrics in the future, they understand that it is primarily for their benefit and not ours, and as such, they agree to (and we intend to have them) pay for the benefit which they receive in exchange for such use.

Would this stand up in court? Well, we're not lawyers and it never has reached that point. What the letter does do is put the executive, legal, and higher corporate offices on notice that they may have some legal exposure and potential liability if they use voiceprinting and/or sell/disseminate voice prints, which quickly gets their attention so that in more cases than not the use, retention, and distribution/sale of your biometric information will stop.

It's a sad state of affairs in this country that the only way to get most companies to pay attention is by the threat or engagement in legal action, but that's what things have apparently and unfortunately degraded to.

A sample letter of one which was sent to American Express is included below:

April 9th, 2021

American Express 
Office of Executive Relations
3 World Trade Financial Center
New York, NY
10281

Re: American Express Card 3000-123456-78901

I have recently been made aware from a phone call to American Express at
(800) 492-3344 via your automated telephone system greeting that my and/or
our Cardmember group's voice(s) would be recorded and/or used for
"security purposes". 

It has become clear to us that banks and other similarly situated
institutions have opted to implement and utilize "voiceprint" and other
similar or related biometric technologies (at times with no notice or
warning to customer/callers), often doing so without offering customers
any method to control access to said biometrics or any means to seek
redress for unauthorized use thereof. While we are unsure if the (vague)
recorded message presented at the outset of the call indicates that
American Express employs such technologies, we explicitly decline to
participate in any such biometric analysis or identification
methodologies. 

Moreover, while we have no general objection to recorded telephone calls,
as said recordings may be later used with the aforementioned biometric
methodologies, we are now forced to also decline having our voice calls
recorded as well. 

While 20 years ago we would never have thought twice about having our
calls recorded, and in fact favor doing so to provide an incentive to
ensure that telephone representatives provide a consistent level of
support services, as we can no longer be sure that such recordings will
not be run (at some indeterminate point in the future) through biometric
voice analysis software/systems, we must decline having our calls
recorded, regardless of whether biometric analysis is currently being
employed by American Express. 

As such, American Express may:

1.  Provide a telephone number which we may call which is not recorded and
does not employ any biometric monitoring, or,

2.  Contact us as needed, without recording the call and without any
biometric monitoring, or,

3.  Provide a writing clearly indicating that American Express does not
employ biometric voice-printing, analysis, or any other form of biometric
monitoring on customer telephone interactions (either when called by
customers or when calling to customers), and warrants that it will not do
so in the future on live calls or with any recorded conversations. 

4.  Communicate with us only in writing via postal mail or other
non-biometric means. 


We hereby explicitly instruct American Express, its affiliates, and agents
to delete and destroy any and all biometric information and/or recordings
of myself and/or any Cardmember associated with our aforementioned
account/Cardmember group, and prohibit the use, retransmission,
dissemination or sale of said recordings and/or biometric information
within American Express or any other outside entity or person. 

Please note that should American Express employ any biometric
voice-printing or similar technologies on future calls or recordings, such
actions will serve to indicate an acceptance of my individual or our
Cardmember group's collective offer(s) to provide my/our voice recordings
and/or voice-prints to American Express for a fee of $1000 per call per
person, and to be invoiced per calendar month when one or more such calls
take place, with a $35 late fee per month if payment is not received
within 30 days of American Express being invoiced for said call(s), and
with the maximum interest rate applied as allowed by the State of
Connecticut until such payment(s) is(are) satisfied. 

Very Truly Yours,

John Doe

Note also that they can still track you via most e-mail (that is, e-mails which support attachments and URLs, which nearly all mailers do; a plain-text mailer offers somewhat more security but less utility and ease of use), SMS/text messaging (if you provide your cellular phone #), mobile phone applications, or web access, but consent is somewhat more implied with these modalities, as compared to them calling you/you calling them and presenting you with a nebulous and vague up-front "privacy/security" message. Additionally, you can get a new phone, delete applications, use more secure browsers, or change your e-mail address or e-mail program as needed, but you can not ever change your voice (or by definition, any other biometric information), so the use of voiceprinting is a more serious privacy concern, as once it's given/taken, it can never be regained.

An interesting post about Citibank Mastercard and how Citibank is, according to the article, also using Biometric/Digital Voice Fingerprinting and the difficulties involved in getting them to stop, can be found here. (Part of the article also deals with Citibank chargeback issues; readers interested only in Citibank's use of biometric voiceprinting can skip to the later part of the post.)

Back to Wireless Notes Main

Copyright 2023 / Wirelessnotes.org