Voiceprints: Banks Go High-Tech to Fight Identity Theft

The Voice Harvesters
Richard Drew/APChase and Wells Fargo, two of America’s biggest retail banks, are quietly taking some callers’ voiceprints to fight fraud, an Associated Press investigation found.

By RAPHAEL SATTER

LONDON — The caller said her home had burned down and her husband had been badly hurt in the blaze. On the telephone with her bank, she pleaded for a replacement credit card at her new address.

“We lost everything,” she said. “Can you send me a card to where we’re staying now?”

The card nearly was sent. But as the woman poured out her story, a computer compared the biometric features of her voice against a database of suspected fraudsters. Not only was the caller not the person she claimed to be, “she” wasn’t even a woman. The program identified the caller as a male impostor trying to steal the woman’s identity.

The conversation, a partial transcript of which was provided to The Associated Press by the anti-fraud company Verint Systems, reflects the growing use of voice biometric technology to screen calls for signs of fraud.

Two major U.S. banks, JPMorgan Chase (JPM) and Wells Fargo (WFC), use voice screening, also known as voice biometric blacklists, according to three people familiar with the arrangements, all of whom spoke on condition of anonymity because the system was meant to remain secret.

Altogether seven major American financial institutions are already using such blacklists or have run pilots, said Shirley Inscoe, an analyst with the Aite Group, a research and advisory firm.

Inscoe declined to identify the institutions, but said they largely saw them as a quiet and effective way of dealing with fraud.

“It’s in the background. It doesn’t affect the call in any way,” said Inscoe. “Nobody even knows it’s happening.”

The blacklists are one of a growing number of everyday uses of speaker recognition, once a high-tech tool used by security agencies.

VOICE_BIOMETRICS

Many governments and businesses use voiceprinting openly.

“A recent AP survey of 10 leading voice biometric vendors found that more than 65 million people worldwide have had their voiceprints taken, and that several banks, including Barclays in Britain and Minneapolis-based U.S. Bancorp (USB), are in the process of introducing their customers to the technology.

Fighting fraud is different.

One person familiar with Verint’s deployment said that the company’s technology has been at work at Chase’s credit card arm since last year, when Verint’s predecessor, Victrio, was helping screen roughly 1 million calls a month.

Two people familiar with how the technology is being used at Wells Fargo said the San Francisco-based bank struck a deal for a similar voice biometric blacklist provided by Israel-based NICE Systems.

NICE and Verint declined to comment on their customers. Chase and Wells Fargo declined to comment in any detail on their fraud prevention strategies.

Chase spokeswoman Patricia Wexler said the company was “exploring many types of biometric authentication,” but did not use voice biometric technology with customers. She declined to say whether the company was using the technology to screen calls for suspected criminals.

At Wells Fargo, spokeswoman Natalie M. Brown said “[S]haring any information about our fraud prevention measures would jeopardize their effectiveness.”

Legal Patchwork

Banks may run into trouble when they deploy voice biometric technology secretly, legal experts say. That’s because some states, such as Illinois and Texas, restrict the collection or sharing of biometric data.

A confidential company memo obtained by the AP provides some insight into companies’ attempts to build legal cover for their work.

The document, dated Aug. 1, 2013, lays out NICE’s plans for the creation of a blacklist shared across a consortium of different companies. It carries advice from NICE to U.S. banks suggesting that they deal with issues of consent by changing the traditional message at the beginning of each call to say: “This call may be monitored, recorded and processed for quality assurance and fraud prevention purposes.”

“Creating a voiceprint from the call falls under ‘processing,'” the memo explains. “Sharing the voiceprints within the consortium is for the purposes of fraud prevention.”

Tech and privacy lawyer David Klein, the managing partner of New York-based Klein Moynihan Turco, said he had doubts about whether playing a canned message to callers counted as getting consent to gather biometric data.

“It’s at best a passive, assumed consent that they’re obtaining from the calling party,” he said.

Questionable Language

It isn’t clear that banks are using the suggested language. A recent call to Chase’s credit card support number was met with a recorded message saying: “This call will be monitored or recorded.” Nearly identical language played during a call to a Wells Fargo’s number.

Neither Wells Fargo nor Chase responded to questions specifically addressing the legality of their voice harvesting.

NICE confirmed that the memo was genuine. It said the purpose was merely to suggest new language for telephone calls and did not constitute legal advice.

Industry observers said that, regardless of the legal issues, few would raise a fuss over the collection of biometric information from suspected criminals.

Banks “truly are trying to protect legitimate customers,” said Inscoe. She said the blacklists had to be seen in the context of organized gangs that call banks repetitively to try to break into accounts.

Winning Converts

The technology is winning converts fast.

Mark Lazar, Verint’s vice president for intelligence systems, said that when combined with other fraud detection techniques, voice biometric blacklists were effectively freezing the bad guys out of banks’ call centers.

“Within a few months we see a 90 percent reduction in the types of calls these fraudsters are making,” he said.

Avivah Litan, an analyst with technology research firm Gartner, estimates that by next year, 25 major U.S. call centers will be using some form of voiceprint technology, a five-fold increase over last year.

Klein, the privacy and tech lawyer, said the growth of voice biometric technology meant it was time for regulators to take a fresh look at the rules.

“There should be regulation on both the state and federal level that that govern practices with respect to the collection, use and sharing of that data,” he said, “so that we don’t go deeper into George Orwell’s world.”

-Associated Press writer Jeff Horwitz in Washington contributed to this report.

  • One reason why Marquis’ gas purchases might have triggered a fraud lockdown? Filling their tank is a common first move for credit card thieves.

    “Some of the things they look at are small-dollar transactions at gas stations, followed by an attempt to make a larger purchase,” explains Adam Levin of Identity Theft 911.

    The idea is that thieves want to confirm that the card actually works before going on a buying spree, so they’ll make a small purchase that wouldn’t catch the attention of the cardholder. Popular methods include buying gas or making a small donation to charity, so banks have started scrutinizing those transactions.

    Test Purchases

  • Of course, it’s not a simple matter of buying gas or giving to charity — if those tasks triggered alerts constantly, no one would do either with a credit card. But Levin points to another possible explanation: Purchases made in a high-crime area are going to be held to a higher standard by the bank.

    “It’s almost a form of redlining,” he says. “If there are certain [neighborhoods] where they’ve experienced an enormous amount of fraud, then anytime they see a transaction in the neighborhood, it sends an alert.”

    (Indeed, Erin tells me that one of the gas purchases that triggered an alert took place in a rough part of Detroit, which she visited specifically for the cheap gas.)

    Buying in the Bad Part of Town

  • People who steal credit cards and credit card numbers usually aren’t doing it so they can outfit their home with electronics and appliances. They don’t want the actual products they’re fraudulently buying; they’re just in it to make money. So banks are always on the lookout for purchases of items that can easily be re-sold.

    “Anytime a product can be turned around quickly for cash value, those are going to be the items that you would probably assume that, if you were a thief, you would want to get to first,” says Karisse Hendrick of the Merchant Risk Council, which helps online merchants cut down on fraud. Levin says electronics are common choices for fraudsters, as are precious metals and jewelry.

    Stuff You Might Sell

  • Many thieves don’t want to go through the rigmarole of buying laptops and jewelry, then selling them online or at pawnshops. They’d much prefer to just turn your stolen card directly into cold, hard cash.

    There are a few ways that they can do that, and all of them will raise red flags at your bank or credit union. Using a credit card to buy a pricey gift card or load a bunch of money on a prepaid debit card is a fast way to attract the suspicions of your credit card issuer. Levin adds that some identity thieves also use stolen or cloned credit cards to buy chips at a casino, which they can then cash out (or, if they’re feeling lucky, gamble away).
     

    Buying Cash

  • When assessing whether a purchase might be fraudulent, banks aren’t just looking at what you bought and where you bought it. They’re also asking if it’s something you usually buy.

    “The issuers know the buying patterns of a cardholder,” says Hendrick. “They know the typical dollar amount of transaction and the type of purchase they put on a credit card.”

    Your bank sees a fairly high percentage of your purchases, so it knows if one is out of character for you. A thrifty individual who suddenly drops $500 on designer clothes should expect to get a call — or have to make one when the bank flags the transaction. If you rarely travel and your card is suddenly used to purchase a flight to Europe, that’s going to raise some red flags.

    Out-of-the-Ordinary Spending Behavior

  • Speaking of Europe, the other big factor in banks’ risk equations is whether you’re making a purchase in a new area. I bought a computer just days after moving from Boston to New York, and had to confirm to the bank that I was indeed trying to make the purchase. Levin likewise says that making purchases in two different cities over a short period of time raises suspicions.

    “I go from New York to California a lot, and invariably someone will call me [from the bank], ” he says. Since one person can’t go shopping in New York and California at the same time, any time a bank sees multiple purchases in multiple locations in a short period, it’s going to be suspicious.

    Location, Location, Location

  • 7 Millionaires Who Lost It All, but Came Back

    What Type of Consumer are You?

    Old-School Money Tricks That Still Work

    More from DailyFinance:

Article source: http://www.dailyfinance.com/2014/10/13/banks-voiceprints-fight-identity-theft/

Technorati Tags: ,

Tags: ,

Leave a Reply