Chatbots have become a common feature in online customer service, but would you trust one with your investment portfolio?
You might have interacted with a chatbot through Twitter or Facebook as part of an organisations customer services via their private messages.
Now there a couple of companies preparing to offer financial and investment management using a chatbot.
Ondrej Kubovič, ESET Security Awareness Specialist, discusses the security of chatbots and their limitations.
“While chat bots are certainly very convenient for the user as well as for the financial institutions who would like to use them to communicate with clients, if not properly secured they could pose a security risk on multiple levels.
“By proper security we mean not only that user should authenticate themselves by username and password during the communication, but also with other means – mostly two/multi-factor authentication (time-limited code, biometrics, etc.).
“If a chat bot doesn’t offer such basic protective measures but works with sensitive financial data, user is risking that their account might get compromised and funds stolen.
Another concern could be that chatbots are using a third-party platform for very sensitive communication.
“As such, the user, and maybe even the financial organization itself, don’t necessarily know all the details about how the transferred data is protected, handled, stored or processed by the platform’s owner.
“There is also no assurance that there won’t be a security flaw or breach uncovered in the future, including the large and popular chatting services.
“Important thing to note: security risks always depend on the type and amount of sensitive data that is being shared via similar services.
“If the user is only requesting information about products and doesn’t provide personal information, then the potential damage is low.
“However, if the user is performing financial operations or making decisions based on the information received from the chatbot, it could lead to potentially far-reaching consequences.”
Would you use a chatbot for financial services? Let us know on Twitter @ESETUK.