How to Stop Biometric Voice Print Fingerprinting

Stop your Bank, Credit Card, Corporate and other entities' use of Biometric Voice Fingerprinting and your Unique Voice Print

Banks, credit card providers, and other companies and institutions are recording and analyzing your voice to create a permanent voiceprint record of you without your permission. They can also store, trade, or even sell your information as they please, with no benefit to you, and which may result in negative credit and security issues as your voice print is circulated to other banks, credit card issuers, credit agencies, employers, government agencies, and other entities. Use the enclosed form letter to tell your bank or credit card to stop voiceprinting you, and warn them if they do not stop, they will have to pay you each time they do!

When you call many banks (such as Chase), credit card providers (like Citibank), or many other firms' customer service telephone numbers, your voice may be (and often is) converted to a unique digital pattern, or voiceprint, which can then be matched against voiceprint databases to give the bank or called business additional information about yourself which may not be a matter of public record. Your bank or credit card may even proceed to sell your voiceprint to other banks, credit agencies, goverment agencies, and in general, to entities which build and maintain voiceprint databases and literally profit by monetizing your voice, potentially to your detriment. Voiceprints can also be made from recordings of your voice which are stored digitally, such as when you speak (instead of use Touch Tones) to a bank's telephone/IVR (Interactive Voice Response) system, have a recorded conversation with a Customer Service Representative (CSR), or leave voicemail messages for company employees.

While this form of biometric authentication and indentification, formally termed "digital voiceprinting", may be useful for those who don't want to remember PIN codes and passwords, if the voiceprint data is stolen or compromised, any accounts with other banks/companies which employ similar digital voiceprinting technologies (or use a common voiceprinting service) would potentially no longer be secure, since while you can change a PIN or account number, your voice and voiceprint remain the same for life.

What controls do you have over this information once you (unwittingly/unwillingly) "provide" it? How do you know what your bank or other business is doing with it or what it is using it for? How can you stop your voiceprint biometric information from being used?

Voiceprint Authentication and Biometric Fingerprint chart 
differentiating between only recording customer calls and utilizing 
biometric voice fingerprinting to permanently store and utilize a 
caller's voice

Have you ever called your bank, credit card provider, financial institution, or other company or corporation, and heard a recorded message like:

Thank you for calling ABC Credit Card Company. This call may be recorded and your voice may be used for indentification or security purposes.

(For example, Chase Bank places a similar announcement/warning when you call their main customer service and Interactive Voice Response (IVR) number of (800) 935-9935.)

By doing so, the called bank or company is providing you, the caller, with notice that they will not only record the call (which prior to the use and retention of voiceprints was fine as recordings could later be used for quality control and to ensure that Customer Service Representatives perform perform their jobs with courtesy and in a tone and manner consistent with their duties), but also that they will now sample your voice and store a "voiceprint" of it which they will maintain in their records (and possibly sell or distribute to others).

While this allows the bank or company to readily identify you and not require a PIN code or password when you call, the use of biometric authentication, including voiceprinting, means that once you are voiceprinted, you can't take it back. While some people may not mind this, it presents problems when:

Some states, such as Illinois, have enacted reasonable, consumer-oriented biometric data laws, which require companies which obtain, store, use, and/or sell your biometric information to obtain written consent from you before doing so. Failure to do so can result in fines of $1000 per instance, and it is not necessary to show that you have actually lost money as a result, just that a given company has violated the Illinois biometric information/BIGP law.

Other states have also enacted or in the process of enacting similar laws; New York State is modeling a law similar to that of Illinois, where companies may be fined merely for obtaining biometric information without consent, without the customer or account-holder having to show that there was some immediate monetary loss suffered as a result.

We encourage readers to support state and Federal efforts to curtail the use of biometric identification, provide robust consumer protections and controls as to how and when their voiceprints and other biomteric information is used and shared, and to impose significant fines and penalty regimes similar to that of Illinois, which forces banks, credit card companies, and other businesses to obtain permission in writing prior to obtaining voiceprints and other biometric information from account-holders, customers, or other callers.

Additionally, until such time that there is a nationwide set of rules and protections governing the use of voiceprints and biometric recognition technologies, when we find (or suspect) that a given company with whom we deal employs voiceprinting technologies, we send the following letter to not only let them know that we don't wish to have any biometric/voiceprinting technology employed during our calls to them, but to also set up an agreement that if they do employ such methods of biometric identification, that they are agreeing to pay us a fee of $1000 for each time that they do!

In effect, we are setting up a contract where a given company is notified by our letter that if they use/sell any biometrics in the future, they understand that it is primarily for their benefit and not ours, and as such, they agree to (and we intend to have them) pay for the benefit which they receive in exchange for such use.

Would this stand up in court? Well, we're not lawyers and it never has reached that point. What the letter does do is put the executive, legal, and higher corporate offices on notice that they may have some legal exposure and potential liability if they use voiceprinting and/or sell/disseminate voice prints, which quickly gets their attention so that in more cases than not the use, retention, and distribution/sale of your biometric information will stop.

It's a sad state of affairs in this country that the only way to get most companies to pay attention is by the threat or engagement in legal action, but that's what things have apparently and unfortunately degraded to.

A sample letter of one which was sent to American Express is included below:

April 9th, 2021

American Express 
Office of Executive Relations
3 World Trade Financial Center
New York, NY

Re: American Express Card 3000-123456-78901

I have recently been made aware from a phone call to American Express at
(800) 492-3344 via your automated telephone system greeting that my and/or
our Cardmember group's voice(s) would be recorded and/or used for
"security purposes". 

It has become clear to us that banks and other similarly situated
institutions have opted to implement and utilize "voiceprint" and other
similar or related biometric technologies (at times with no notice or
warning to customer/callers), often doing so without offering customers
any method to control access to said biometrics or any means to seek
redress for unauthorized use thereof. While we are unsure if the (vague)
recorded message presented at the outset of the call indicates that
American Express employs such technologies, we explicitly decline to
participate in any such biometric analysis or identification

Moreover, while we have no general objection to recorded telephone calls,
as said recordings may be later used with the aforementioned biometric
methodologies, we are now forced to also decline having our voice calls
recorded as well. 

While 20 years ago we would never have thought twice about having our
calls recorded, and in fact favor doing so to provide an incentive to
ensure that telephone representatives provide a consistent level of
support services, as we can no longer be sure that such recordings will
not be run (at some indeterminate point in the future) through biometric
voice analysis software/systems, we must decline having our calls
recorded, regardless of whether biometric analysis is currently being
employed by American Express. 

As such, American Express may:

1.  Provide a telephone number which we may call which is not recorded and
does not employ any biometric monitoring, or,

2.  Contact us as needed, without recording the call and without any
biometric monitoring, or,

3.  Provide a writing clearly indicating that American Express does not
employ biometric voice-printing, analysis, or any other form of biometric
monitoring on customer telephone interactions (either when called by
customers or when calling to customers), and warrants that it will not do
so in the future on live calls or with any recorded conversations. 

4.  Communicate with us only in writing via postal mail or other
non-biometric means. 

We hereby explicitly instruct American Express, its affiliates, and agents
to delete and destroy any and all biometric information and/or recordings
of myself and/or any Cardmember associated with our aforementioned
account/Cardmember group, and prohibit the use, retransmission,
dissemination or sale of said recordings and/or biometric information
within American Express or any other outside entity or person. 

Please note that should American Express employ any biometric
voice-printing or similar technologies on future calls or recordings, such
actions will serve to indicate an acceptance of my individual or our
Cardmember group's collective offer(s) to provide my/our voice recordings
and/or voice-prints to American Express for a fee of $1000 per call per
person, and to be invoiced per calendar month when one or more such calls
take place, with a $35 late fee per month if payment is not received
within 30 days of American Express being invoiced for said call(s), and
with the maximum interest rate applied as allowed by the State of
Connecticut until such payment(s) is(are) satisfied. 

Very Truly Yours,

John Doe

Note also that they can still track you via most e-mail (that is, e-mails which support attachments and URLs, which nearly all mailers do; a plain-text mailer offers somewhat more security but less utility and ease of use), SMS/text messaging (if you provide your cellular phone #), mobile phone applications, or web access, but consent is somewhat more implied with these modalities, as compared to them calling you/you calling them and presenting you with a nebulous and vague up-front "privacy/security" message. Additionally, you can get a new phone, delete applications, use more secure browsers, or change your e-mail address or e-mail program as needed, but you can not ever change your voice (or by definition, any other biometric information), so the use of voiceprinting is a more serious privacy concern, as once it's given/taken, it can never be regained.

An interesting post about Citibank Mastercard and how Citibank is, according to the article, also using Biometric/Digital Voice Fingerprinting and the difficulties involved in getting them to stop, can be found here. (Part of the article also deals with Citibank chargeback issues; readers interested only in Citibank's use of biometric voiceprinting can skip to the later part of the post.)

Back to Wireless Notes Main

Copyright 2023 /