Text Size:


The Proliferation of Chatbots for Payments And Banking Begins to Raise Security Questions
December 19, 2016

By John Stewart

An offshoot of artificial-intelligence research, chatbots emerged in 2016 as a popular technology for reaching and serving consumers for banking, payments, and shopping. Facebook’s Messenger app, which began supporting the bits of code this spring, was by September already crawling with 30,000 bots holding conversations with consumers to fulfill simple tasks. Companies like MasterCard Inc. and PayPal Holdings Inc. have developed Messenger applications involving payments, as have banks and developers working with other chat platforms.

Miller: As bots continue to emerge, they'll start to draw fraudsters' attention.

But some experts have concerns about chatbot security. They point to the need for encrypted sessions to protect sensitive payments data, for example, and question how that data is secured once it’s collected.

A more serious issue could lie in what some see as the technology’s potential for takeover by bad actors. Mary Ann Miller, senior director and fraud executive advisor at NICE Actimize, a Hoboken, N.J.-based fraud-solutions company, says chatbots can be commandeered by criminals who know what they’re doing, and without the user being any the wiser.

“It wouldn’t be impossible for a sophisticated criminal to get into the middle of a conversation or maybe even take over the bot,” she says.

Hackers have already shown they can hijack bots used to help run objects networked in an Internet of Things configuration, such as thermostats or even garage-door openers, to flood Web sites and disrupt services (For more on this, see “How Fragile?” in the December issue of Digital Transactions).

Chatbots are still a relatively new phenomenon, so Miller doesn’t know of any specific instance of this so far. But as conversational bots continue to emerge as a hot commodity, they’ll start to draw fraudsters’ attention.

Not that it’s a slam dunk to take over a chatbot engineered to complete banking or payments tasks. When Miller says “sophisticated,” she means it. “This isn’t going to be your crook who’s kiting bad checks,” she says.

Share |


Read Digital Transactions Online
read more