Designing Secure Voice Banking Experiences
Deploying secure voice banking experiences are a new frontier that must balance security, consumer convenience, and situational context. Depending on the desired capabilities of your voice banking skill, you will need to meet a variety of security protocols.
We’ve previously discussed banking chatbot security.
Here are best practices to consider when striking a balance between convenience and security and user experience.
Deploying secure #voice #banking experiences are a new frontier that must balance security, consumer convenience, and situational context. Click To TweetEstablish a Voice PIN
Before a person can make simple requests such as “what transactions are pending” they must authenticate themselves through Amazon’s account linking process, which provides a secure way for Alexa to connect with third-party systems, such as your online or mobile banking provider.
Once a person has authorized access to their transactional account data, the vulnerability of someone (who is not the authorized person) asking “how much is in my checking account” exists. You can easily mitigate this concern by implementing a voice PIN that is established during the account linking process. Once the voice PIN is set up, Alexa can request this PIN after a period of inactivity, usually after 5 minutes. It’s important to remember that there will be times when using your voice is more convenient in a private home or office environment. That said, a person should never reveal their voice PIN if they suspect someone or something is listening.
Enable Multi-factor Authentication
If you’re considering capabilities that allow people to do things like move money between their internal accounts or even send money to external accounts, an additional layer of security called multi-factor authentication is absolutely recommended to assuage any concerns.
For instance, if a person has somehow determined your voice PIN and wants to send themselves $50, we can eliminate this vulnerability with the use of a one-time PIN that’s sent to another device (like a smartphone) controlled by the person associated with the Alexa device. This one-time PIN would be required for a transaction to execute and quickly prevents any malicious attempts from occurring.
These two methods significantly mitigate any security vulnerabilities which may hinder early adoption of voice banking. If you would like to learn more, please click here to schedule a time to speak with a member of our team.