After a few years of testing this new security feature, Vanguard has begun rolling out voice pattern recognition technology for security. According to the representative I spoke to today, this feature will be available for Flagship customers first, and all customers will eventually follow. Voice recognition adds another layer of security to your financial accounts, and I’m impressed with it so far.
When you call a Vanguard representative to discuss your account, they ask a security question to verify your identity. They may ask your pet’s name, your high school mascot, or some other piece of information a stranger might not know. This isn’t very secure; a friend or family member could easily know the answers to many of the questions typically used for security verification. It is much more difficult to fool voice pattern recognition. Even a digital recording of your voice will not have the same acoustic properties that can be detected over the phone.
The biggest benefit of this level of security is that it eliminates the need for Medallion signature guarantees for most financial transactions for which they were previously required. Signature guarantees can be a hassle; for a financial institution that conducts is business mostly online and over the phone, you might need to visit a local bank or credit union with identification in order to secure a signature guarantee, and then it will take some time to send the signature guarantee to Vanguard.
To enable voice recognition today, call a Vanguard representative today. You’ll be asked to repeat a passphrase several times: “At Vanguard, my voice is my password.” The security system will analyze your voice, which will act as a secure key. After confirming that you’re ready to begin using voice recognition as a security check, the new technology will be activated for you with your next call to Vanguard.
After entering your Social Security number via your phone’s keypad as usual, will be prompted to speak the passphrase. It sounds like this technology could be easily fooled through recording, or to be ineffective depending on the quality of your phone line, but it’s much more secure and accurate than the existing system.
If your security check through voice recognition fails when you call, you will be asked to answer a security question. This fallback can solve any issues if you’re in a noisy room, for example, but that reduces the level of security.
Would you use voice pattern recognition to verify your identity for financial transactions?
Photo: altemark
Published or updated March 7, 2012.
{ 6 comments… read them below or add one }
Conceptually, I like the idea of additional security, but I have my doubts about using my voice. It reminds me of the crime shows when they compare voice prints. Supposedly, everyone is different.
no, I don’t like the idea of voice recognition being used as a primary means of identification especially at a financial company like vanguard.
As long as the old, insecure method is available, this feature provides zero additional security.
If I did sign up for it, I would say “my voice is my passport” instead. I wonder if they use any kind of voice recognition to make sure you’re saying the prescribed phrase. If not, that could provide an additional layer of security – you’d not only have to have your own voice, you’d have to know the correct passphrase as well.
I have a cold…..wouldn’t that change my voice?
Maybe it’s just me, but I think this sounds really cool. I would use it if available.
I have a some concerns about this. For one, any sufficiently strong technology is going to have some false negatives, legitimate people not being able to pass through. The existence of false negatives should be reassuring to people that validation is strong. But I suspect those people failing validation are going to be complaining and unhappy on the phone with Vanguard, putting pressure on them to loosen the algorithms, creating false positives (bad guys trying to hack in). Vanguard’s assurances to us “not to worry, it will still work as you get older, have a cold, on a so-so phone connection”, etc., etc., to me, seems like they are saying “voice validation is rather loose, so you can expect a lot of false positives.” They’re trying to reassure those concerned about false negatives, but for those, like me, more concerned about false positives than false negatives, it has the opposite effect.
Secondly, as implemented by Vanguard, voice verification allows a lot more things to be done on the phone without a Medallion guarantee, Vanguard has given wires for real estate closings and sending checkbooks to addresses outside of those on official record as examples. In comparing security questions vs. voice validation as an authentication method, we have to take into account that Vanguard allows a lot more functionality to occur with the latter. A method that allows you to do 10 times more things, especially things you don’t plan on doing, vs. a method that is much more sharply constrained in the exposure it provides, the latter is frequently safer in guarding against bad guys even if it is not as secure.
This blog article treats Medallion guarantees as a Bad Thing but they are excellent in combating fraud and for the vast majority who virtually never have a need for those things, I would say it’s better to go down to the bank once every five years to get the MG than leave your funds vulnerable 24/7 to any phone hacker who can pass your voice validation (or worse, just answer a security question, as I mention next).
Finally, as it states here, even if you fail voice verification you can still provide a security question to pass through. However, that voice verification failure should shut off your ability to perform extra capabilities without a Medallion signature guarantee — in fairness to Vanguard, it probably does and will. Nonetheless, it is conceivable that an improperly trained operator on the phone, incorrectly just checking to see if the person signed up for voice verification (and not, whether validation for the particular phone call occurred via voiceprint or security question answering) could conceivably grant the full range of services to just a security question answerer.