Rise of the chatbot: security concerns


Propelled by recent advances in artificial intelligence and machine learning, businesses are embracing chatbots as an efficient way to engage customers, as well as save time and money by automating certain functions. In a business world in which customer service, especially timely and relevant communication, is the most important factor to success, chatbots can be instrumental in getting ahead of the game.

Essentially an extension of other Human Interface Mediums (your phone, the internet), chatbots enable customers to interact with their service providers via a robot messenger. Moving beyond the simple ‘question and reply’ format of the original chatbots, today’s bots have become so advanced that they can order your shopping, tell you the weather, order you a taxi or even give you personal advice.

Chatbots use software that harnesses artificial intelligence (AI) to process language from interactions between humans and virtual assistants. The reason for the attraction is simple: people find the messaging medium to be more intuitive, more natural and comfortable. So, for businesses dependent on customer service, building a chatbot is an easy way to provide customers with an improved customer experience that streamlines interactions, providing desired information faster and more efficiently than a human customer service agent. In fact, Gartner predicts that only one-third of customer service interactions will require human interaction by the end of this year.

>See also: 5 things marketers need to know about chatbots

As chatbots become increasingly intelligent, they are being equipped with additional capabilities, including the ability to process financial transactions. If you are comfortable using Facebook Messenger or WhatsApp to chat with your friends, then using it to make payments or check your account balance by just a matter of writing a message, versus having to open a new internet banking app, makes sense. This type of transaction through chatbots is already being seen in the US where Uber is integrated into Facebook Messenger, which added a payments solution for businesses in late 2016, meaning users can order and pay for their Uber through a simple message.

Chatbots are a new, exciting frontier for businesses but, as with any new medium, in particular those involving financial transactions, consumers and businesses are right to be wary of security concerns. However, as long as the fundamental principles of security – process, people and technology – are properly applied, chatbots can be an integral part of an organisation’s customer-centric strategy.


Process and regulation concerning data handling and storage is particularly pertinent to chatbots. By their nature, chatbots collect and store information from users and, through machine learning, use this data to train themselves to respond to questions more accurately. Where this information is stored, what it’s used for and who can access it are questions that must be addressed. Organisations must establish rules and processes regarding data storage before implementing a chatbot, and transparency around this is essential for customers who will be using the bot.


Any new medium takes time for the population to learn and adopt, which potentially exposes new risks, such as new methods of social engineering attacks. As chatbots become better at imitating humans, the technology will be used by hackers in phishing scams and other social engineering attacks. For example, if a cybercriminal gains access to a chatbot programme they can imitate the bot and use social engineering tactics to establish a rapport with users in order to entice them to click on a malicious link or hand over sensitive information. This is frequently the first stage of a cyberattack, allowing a cybercriminal to penetrate perimeter defences and set up a base of operation inside the network.

End-user education is central to reducing the potential risks of social engineering attacks via the new channel. Due to the connected nature of chatbots, it’s significantly easier to educate users and reduce these risks with technology, as compared to the first introduction of Internet banking. However, if a cybercriminal does manage to use chatbots to trick employees and break their way into the network, protecting privileged credentials will prevent an attack from advancing.

>See also: A CIO’s guide to chatbots: Everything you need to know


Chatbots can be secured using many of the same security methods used for other mobile technologies; 2FA, behavior analytics, biometrics and AI are just some of the newer technologies that address the issues of authentication and encryption that are central to chatbot security.

Take user identity authentication, where a user’s identity is verified with secure login credentials, such as a username and password, that are then are exchanged for a secure authenticated token that is used to continually verify the identity of the user. With chatbots, there are new mechanisms for user identification. For instance, once you successfully register your Facebook ID to your bank account (for example via a 2FA authentication), your Facebook account can be your userID.

Additional security measures such as two-factor authentication, where a user is required to verify their identity through two separate channels, or biometric authentication that requires a user to verify their identity using a unique physical marker such as a fingerprint or retina scan, can offer an extra layer of security for user authentication.

For maximum security, chatbot communication should also be encrypted. This is especially important in highly regulated industries such as healthcare and finance that handle very sensitive information.

Chatbots represent an exciting new technology that offer businesses huge potential for sales, marketing, and customer service. When deploying a chatbot, organisations should address any security risks by applying the same security principles as with existing mediums, in the same three areas of process, people and technology. By ensuring best practice across these three areas, businesses can fully embrace chatbots’ vast potential.


Sourced from David Higgins, director of strategic accounts, CyberArk

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics