Most financial institutions will let customers add verbal passwords or personal identification numbers (PINs) that are separate from any other PIN or online banking password you might use, although few will advertise this.
Even so, many institutions don’t properly train their customer support staff (or have high turnover in that department). This can allow clever and insistent crooks to coax customer service reps into validating the call with just the SSN and/or date of birth, or requiring the correct answers to so-called knowledge-based authentication (KBA) questions.
Identity thieves can reliably work around KBA because it involves answering questions about things like previous loans, addresses and co-residents — information that can often be gleaned from online services or social media.
Not sure whether your financial institution supports verbal passwords? Ask them. If they agree to set one up for you, take a moment or two over the next few days to call in and see if you can get the customer service folks at that institution to talk about your account without hearing that password.
While a great many people are willing to trade security for more convenience, it’s nice when those of us who are paranoid can opt-in for more security. A great, recent example of this is Google‘s optional “advanced protection” feature, which makes it much harder for password thieves to hack into your Gmail, Drive or other Google properties — even if the attackers already know your password.
Verbal passwords should not be confused with voice biometrics, a technology some financial institutions are now adopting that can help authenticate customers while profiling and blocking fraudsters who repeatedly call in to customer service representatives. Even if your institution offers voice biometrics, adding a verbal password/passphrase is still a good idea.