Voice, messaging and artificial intelligence are helping transform customer engagement, particularly in financial services. But just how secure is the voice channel and how safe is the information passing through it?
Tech companies and financial institutions are working carefully to implement artificial intelligence and interactive voice banking technologies to change both the personal involvement and proficiency of banking. With Amazon’s Alexa, Apple’s Siri, and Google Assistant, it is simple to seek their assistance for any number of tasks.
Incorporating Voice-Enabled Technology in Banking
Many financial organizations worldwide are incorporating voice-activated virtual assistants to access accounts and make payments. In 2017, U.K.-based bank Barclays started letting customers ask Siri to make a payment and then validate it with Apple’s Touch ID. OCBC Bank in Singapore has offered voice banking through Google Assistant on a smartphone or Google Home device since April 2018. U.S. Bank became the first bank to offer all three services—Alexa, Siri and Assistant—when it launched them in March 2018.
Other financial service companies such as credit card companies, Capital One and American Express, have set up virtual assistant features and allow customers to use Alexa to check balances and pay bills and a number of credit unions and banks, who use voice-enabled or voice-assisted banking.
In addition, several bigger financial institutions implemented their own voice-enabled tech to improve their customer experience such as Bank of America’s virtual assistant, Erica, released in May 2019, which gained over six million users in the first six months and reportedly completed over 50 million requests over the first year.
Voice at a Crossroads
The banking industry is at a moment of truth where trust is the key to unlocking the full potential of voice-enabled technologies. Though, banking through mobile devices comes with potential vulnerabilities.
For instance, mobile banking is susceptible to malware intrusion, which could allow hackers to listen in on the details of a voice banking transaction. The FBI even released a Public Service Announcement in 2018 warning of actors with malicious intent actively using vulnerable IoT (Internet of Things) devices to route malicious traffic for cyber-attacks and computer network exploitation.
Aside from possible fraud, there are also privacy concerns with Amazon Echo, Apple Siri and Google Home all receiving criticism for eavesdropping and recording conversations they hear.
Consumers Voice Their Concerns
Microsoft in its “Voice Report 2019” engaged with 5,000 U.S. consumers to gain a better understanding of the usage and adoption of the technology. Among the lingering issues: Can tech builders overcome trust issues from suspicious consumers?
Over 70% of survey respondents reported using voice search through a digital assistant, and over half used voice skills or actions with their smart voice search through a smart home speaker. Over 35% of respondents used voice commands through IoT connected devices such as TVs, as well as connected cars. In addition to home management, respondents on average selected five main types of so-called “productivity” tasks from their digital assistants: playing music, looking for directions, getting the news and weather, and searching for a quick fact.
Nevertheless, 11% in the Microsoft study said they accessed banking or personal financial information and 10% retrieved credit card records. The potential to do such sensitive tasks through a smart speaker raises security concerns. Virtual assistants and smart speakers are still relatively new technologies, and potentially susceptible to cybercriminal exploitation.
Consumer Top Concern with IoT
The report also noted user struggles with the tech’s reliance on personal information. Top concerns are data security at 52% and passive listening at 41%. Misinterpreted commands, accidental purchases and an always-listening device comprise additional common worries.
Building trust is key for 41% of users who specified concerns around digital assistants and voice enabled technology. What concerns them the most?
- 52%- felt personal information is not secure
- 41%- the device is actively listening and/or recording them
- 36%- do not want their personal information used
- 31%- the information the device gathers are not private
- 24%- do not know the personal data use particulars
- 14%- users do not trust the companies behind the voice assistant
Another 14% of respondents displayed their distrust by literally handwriting they did not trust the voice assistant company.
Trust and Secure = Information Governance’s Privacy + Security frameworks
The burden on tech developers and financial institutions that use voice technology is to incorporate feedback and assemble an underpinning of trust.
Voice banking provides less privacy than other types of interactions, according to a blog by Colin Murphy of financial services technology firm Fiserv. He noted skills developed for voice assistants can focus on inquiry-based transactions, such as account balances or bill due dates, which add value and help drive adoption and engagement while avoiding the exchange of more sensitive information such as account numbers or passwords.
Creating complementary experiences with the appropriate levels of security is vital to success when interactions become more complex or there is a need for additional privacy or security. According to Fiserv’s “Expectations & Experiences” consumer trends survey, 51% of American consumers see a voice banking benefit, although only 34% knew it was possible to use voice activation to perform banking functions. This points to a significant opportunity for growing consumer awareness and understanding.
Information governance ensures capable and effective usage of technology, enabling an organization to achieve its goals. Financial institutions can improve voice banking and security intelligence by:
- Implementing information governance tools such as maturity assessments, risk assessments and technology prevention solutions
- Setup guidelines to help mold compliance into a disciplined, pragmatic and strategic structure
- Communicate risk culture awareness to establish an organization’s legitimate and ethical security and data protection
- Apply continuous cyber event, privacy and security training with engagement metrics and personnel education benefits
Under the information governance program, the privacy and
security frameworks complement an organization’s regulatory requirements and
support best practice operations. The recommended activities above can help an
organization develop a sound and safe security operation and encourage an
information governance culture.