The demand exists. Consumers want to bank via chat. In fact, 70% of U.S. consumers are likely to use a chat app for banking if offered, and 62% agree it would be convenient to bank via the same chat apps they use with friends and family, recent research indicates.
But security concerns rank high with chat, with 64% of consumers recently surveyed for Clickatell’s Consumer Trends Report saying they’re “not sure” about security and confidentiality of chat apps.
Indeed, millions of messages are exchanged on chat apps today, but few users know how their message content, encryption security and identity are handled in them.
The gold standard is for messaging platforms to offer automatic or optional end-to-end encryption, which means that only users who communicate read the exchanged messages.
Messaging platforms with end-to-end encryption are rapidly rising in popularity, as is encryption across all web traffic. At the start of 2020, 87% of web traffic was encrypted compared to 53% in 2016, states Mary Meeker’s 2019 Internet Trends Report.
But not all messaging platforms are yet at this gold standard level, and banks and consumers need to consider that as they deploy chat to deepen and enhance the consumer experience.
To dig deeper into this topic, we analyzed six popular mobile messaging apps and services and evaluated their security and privacy risks with a focus on A2P (business application to end-user) messaging for financial services.
In short, we found that every channel or application carries a unique risk profile, that some channels are a better fit for particular uses, and that both companies and consumers will contribute to security in chat banking.
Apps, Uses, Security Risks
You can read a full review of the research here, but here’s a summary of the apps assessed:
WhatsApp Messenger. WhatsApp is one of the most secure, free apps available. With end-to-end encryption support and the claim that it cannot access the private key, WhatsApp scored 73/100 in the 2016/17 Amnesty International report. Owned by Facebook, WhatsApp has more than 2 billion users and is most used across Latin America, Europe, Southeast Asia, the Middle East and Africa. Since 2016, WhatsApp has enabled and implemented end-to-end encryption. Security flaws may appear, but cybercriminals couldn’t decrypt conversations even if they breached WhatsApp. WhatsApp Business API requires the business to integrate with their Business Solution Provider (BSP) and other third-party business tools, relying on the security features of the Enterprise solution.
Apple Business Chat. This is also known as iMessage and has an estimated 1.3 billion users. It dominates in North America and Europe. It enables users and businesses to message via the native message’s app on supported iPhone, iPad and MacOS devices. Apple messages are end-to-end encrypted between two devices, but the Business Chat API requires a business to integrate with their Chat Service Provider (CSP) and other third-party business tools, relying on the security features of the Enterprise solution.
SMS. Growing and already used by more than 5 billion people, SMS enables the transmission of messages of up to 160 characters among users on a mobile network. SMS is natively supported on all phones, and the user’s phone number acts as their identify. Banks and financial institutions use SMS messages to provide services and engage with customers globally. SMS is most popular for outbound uses, such as appointment reminders, shipping notifications, flight confirmations, fraud alerts, or marketing campaigns. It is the least secure messaging channel on our list, and consumers must be wary of fraudsters trying to entice them into downloading malware or viruses onto their phone or to reveal personal information like passwords and credit card numbers.
Facebook Messenger. Facebook’s popular chat application has 1.3 billion monthly active users. The absence of end-to-end encryption is arguably the biggest risk on this channel. Facebook Messenger does allow “Secret Conversations” between two users that are end-to-end encrypted, but it is not enabled by default and must be specifically selected by the user.
RCS Messaging (Rich Communication Services). This promises to be the next step in the evolution of SMS. RCS Business Messaging (RBM) is the application-to-person version of RCS. It upgrades the business SMS messaging experience with support for rich messages like video and images, verified branding, interactive suggested actions, and analytics. RBM is only available on select Android devices across RCS-supported carrier networks. Because RCS is a carrier-based service subject to government regulations and interception, it cannot be end-to-end encrypted. However, it is still more secure than SMS.
Google Business Messages. This is a mobile channel that combines entry points on Google Maps, search, and brand websites to create rich, asynchronous messaging experiences. Businesses can drive engagement on chat via their existing Google search results. Google Business Messages requires a Google ID for user identity. End to end encryption is not available. However, messages sent between users and business agents are encrypted between a user’s device and Google servers, and between Google’s servers and business messages agents.
Chat Use Cases
Banks, financial services and other businesses want to meet customers on their preferred channels and enable personalized experiences on these chat and message channels. However, consumers should not have to compromise when it comes to data security and privacy.
Financial institutions must keep sensitive user information secure. The very success of chat banking depends on compelling use cases—such as fraud alerts, payment reminders—that bring about engagement, rich and personalized customer experiences without compromising privacy and security. In the Clickatell Consumer Trends Report, the top three banking services consumers wanted via chat were customer support, check and account balances and bill pay.
As our research shows, depending on security levels and other features, different channels are better for certain uses, such as:
RCS and SMS for time critical notifications. Research claims a 98% open rate for SMS messages.
WhatsApp, Google Business Messages, and Apple Business Chat for good customer care, account management and banking “lobby” experiences, such as scheduling appointments.
Facebook Messenger for immersive user engagement and conversations, like answering customer questions that don’t require sensitive personal information.
Chat capabilities and choices are expanding as is consumer desire to use them to do business, including banking. Banks and other financial institutions need to make security a high priority, understand the risks of each platform and assess what they’re best suited for. Consumers, too, will play a role in chat security by deploying best practices such as, enabling available account security options in the app.