Voice recognition security at Fidelity? Go for it or not?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Post Reply
protagonist
Posts: 4912
Joined: Sun Dec 26, 2010 12:47 pm

Voice recognition security at Fidelity? Go for it or not?

Post by protagonist » Sat Oct 28, 2017 6:01 pm

A Fidelity rep. tried to convince me to set up voice recognition security, which could be used when I call Fidelity in lieu of an alphanumeric password, claiming that it is much more secure.

I am skeptical, because of potential issues such as somebody using a recording of my voice (which he told me would be detected as bogus by their software), or just errors that could either lock me out or get somebody else in.

How safe and reliable is this security measure? Is it really superior to alphanumeric passwords or just a marketing gimmick?

Should I go for it?

Thanks.

mhalley
Posts: 5135
Joined: Tue Nov 20, 2007 6:02 am

Re: Voice recognition security at Fidelity? Go for it or not?

Post by mhalley » Sat Oct 28, 2017 6:04 pm

Very good question, I have been considering setting this up for all my accounts that offer it. I never do stuff over the phone, but hopefully might decrease the likelihood of fraud. OTOH, for someone to target you for identity theft, then record your voice, then use that recording to hijack your account seems pretty low. This article doesn’t think the protocol is that good yet.
http://resources.infosecinstitute.com/s ... hnologies/
. A voice impersonation attack refers to an unauthorized activation and use of a device or software based on voice recognition technology by bypassing security mechanisms with cloned recorded or synthesized speech commands. A group of researchers from the University of Alabama at Birmingham have recently demonstrated that any automated user authentication system that uses voice recognition technologies is vulnerable to voice impersonation attacks. The researchers managed to penetrate automated and human verification systems by taking a sample of user’s voice and using it to gain an unauthorized access to a device.

According to the researchers, a sample of user’s voice can be collected in various ways, including (1) making a spam call, (2) recording person’s voice from a physical proximity of the speaker, (3) mining for audiovisual clips online, and (4) compromising cloud servers that store audio information. Nitesh Saxena, Ph.D., the leader of this research warns that:

“Just a few minutes’ worth of audio in a victim’s voice would lead to the cloning of the victim’s voice itself. The consequences of such a clone can be grave. Because voice is a characteristic unique to each person, it forms the basis of the authentication of the person, giving the attacker the keys to that person’s privacy.”

DippityDoo
Posts: 61
Joined: Mon May 29, 2017 6:06 pm

Re: Voice recognition security at Fidelity? Go for it or not?

Post by DippityDoo » Sat Oct 28, 2017 7:57 pm

According to the MyVoice FAQ, a "voice print combines both the physical and behavioral characteristics of your voice, which are not available within a recording." Of course I have no way of knowing whether that's true, but still I set it up for my accounts.

I had a problem with ID theft several years ago and was further compromised by the Equifax hack. I didn't want someone with my DOB and SSN to gain access to my account by phone. In talking it over with Fidelity, they reminded me of their guarantee to cover losses due to fraud. I had forgotten about that. Still, I rather not have a fraudulent transaction in the first place. I don't do phone transactions so am not familiar with that manner of account access. I had the impression though that other things such as 2 factor authentication and security questions are not necessarily bypassed and a fraudster would not have sufficient means with a recording alone to hack an account.

I feel like I've now done everything possible (strong passwords, unusual answers to security questions, voice recognition) to protect my account. But I'm always open to suggestions on increasing security if anyone has any.

truenorth418
Posts: 309
Joined: Wed Dec 19, 2012 7:38 am

Re: Voice recognition security at Fidelity? Go for it or not?

Post by truenorth418 » Sat Oct 28, 2017 8:06 pm

I think it's a good idea and I have set this up on my financial accounts that offer it.

It can help prevent the strategy you hear about from time to time where the identity thief tries to change some of your online security attributes by doing an end run over the phone.

So this is one more layer of security. What's not to like?

azurekep
Posts: 944
Joined: Tue Jun 16, 2015 7:16 pm

Re: Voice recognition security at Fidelity? Go for it or not?

Post by azurekep » Sat Oct 28, 2017 8:58 pm

Here's what I was told:

1. Fidelity's voice recognition uses 100 different measures to develop a voice signature

2. This signature can't be used anywhere else and other voice recognition signatures elsewhere cannot be used with Fidelity's system

3. It will generally work if you have a cold or allergies

4. If for some reason, it doesn't work, they will ask questions which they claim will not be Equifax-type questions. These questions are different than the gibberish-type security questions associated with our online logins *

I was told repeatedly that VV was more secure than the regular phone logins and that their customer protection agreement will cover fraud as long as you follow the rules.

Everyone has to make their own decision on this.

* I personally like the gibberish security questions and am not sure why they don't use them as the VV back-up

protagonist
Posts: 4912
Joined: Sun Dec 26, 2010 12:47 pm

Re: Voice recognition security at Fidelity? Go for it or not?

Post by protagonist » Mon Oct 30, 2017 10:12 am

azurekep wrote:
Sat Oct 28, 2017 8:58 pm
Here's what I was told:

1. Fidelity's voice recognition uses 100 different measures to develop a voice signature

2. This signature can't be used anywhere else and other voice recognition signatures elsewhere cannot be used with Fidelity's system

This sounds good, but was this what you were told by a Fidelity rep or by an independent source?
Because a Fidelity rep told me the same thing, but it seems to contradict the article that mhalley posted above.

I'm not suggesting that the Fidelity reps are lying, but rather that they may have a false impression of the security of their system.

That said, if it is used in combination with (rather than as an alternative to) their usual security questions, I suppose it would be an improvement. I was under the impression that it would be a substitute for security questions, not an additional layer, but I could be wrong.

I ask all this because an ex-wife (divorced 10 years ago and with whom I have not lived for 10 years) managed to get my address on file at Fidelity (that is, the address my statements are sent to from Fidelity) changed to her address, and it really freaked me out. It was just way too easy.

rantk81
Posts: 34
Joined: Tue Apr 18, 2017 8:12 am

Re: Voice recognition security at Fidelity? Go for it or not?

Post by rantk81 » Mon Oct 30, 2017 10:49 am

Fidelity is not high on my list of companies with "adequate security"

Case in point: How they handle passwords.

Take your password, and convert every letter of it to whatever number that maps to on a touch-tone phone. Do it with one of the letters of your password, two of the letters, or all of the letters... Doesn't matter. That modified password will also let you log into their web page. (At least for me it does.)

For example, if my password was "password", all of the following would allow me to successfully log into their web page:

password
7assword
72ssword
p2ssword
pass9ord
72779673

Shockingly insecure if you ask me. I think all of their passwords can be boiled down to just a numeric combination (I think so that they can be used for authentication over the phone?)

Ron Scott
Posts: 341
Joined: Tue Apr 05, 2016 5:38 am

Re: Voice recognition security at Fidelity? Go for it or not?

Post by Ron Scott » Mon Oct 30, 2017 10:58 am

It just sounds to me like more personal info that will eventually get hacked...

azurekep
Posts: 944
Joined: Tue Jun 16, 2015 7:16 pm

Re: Voice recognition security at Fidelity? Go for it or not?

Post by azurekep » Mon Oct 30, 2017 12:10 pm

deleted - I felt a bit uneasy outlining the process

I recommend everyone call Fidelity and ask questions and express any concerns you may have..
Last edited by azurekep on Tue Oct 31, 2017 7:52 pm, edited 1 time in total.

abner kravitz
Posts: 208
Joined: Tue May 05, 2015 7:42 am
Location: Beaufort County, SC

Re: Voice recognition security at Fidelity? Go for it or not?

Post by abner kravitz » Mon Oct 30, 2017 12:39 pm

rantk81 wrote:
Mon Oct 30, 2017 10:49 am
Fidelity is not high on my list of companies with "adequate security"

Case in point: How they handle passwords.

Take your password, and convert every letter of it to whatever number that maps to on a touch-tone phone. Do it with one of the letters of your password, two of the letters, or all of the letters... Doesn't matter. That modified password will also let you log into their web page. (At least for me it does.)

For example, if my password was "password", all of the following would allow me to successfully log into their web page:

password
7assword
72ssword
p2ssword
pass9ord
72779673

Shockingly insecure if you ask me. I think all of their passwords can be boiled down to just a numeric combination (I think so that they can be used for authentication over the phone?)
I was curious about this, so I tried. It did not work on the website with my password.

Post Reply