Why SMS banking is still a bad idea

Bank customers like the convenience of accessing data via text message, but security experts have concerns about financial textbots.

Bank with Capital One and you can have account information sent to you by text. In March 2017, the bank started piloting Eno, an SMS-based chatbot customers use to check balances, view transactions, and process similar requests. Users love it, spokesperson Shelley Solheim says, sharing that 95 percent recommend the bot and that since launch, "Eno [has] exchanged hundreds of thousands of texts.”

Sounds great from a marketing perspective, but what about security? “Obviously as a highly regulated bank, security and data privacy is a top concern for Capital One,” says vice president of conversational AI products Ken Dodelin. But experts say texting any financial info — no matter how basic — isn’t advisable. In addition to security issues all chatbots face, textbots come with SMS-specific concerns. For starters, text messages get stored on your phone, and depending on device settings, they’re also uploaded to an iCloud or Google Cloud-like service. 

Is texting financial data ever safe?

“The short answer is no,” says Jim Lewis, solutions director for financial technology company SEI, “It's one of the least secure ways of delivering information.” For a while, it was popular for banks to text, especially to verify whether a charge was yours. He says most are moving away from the technology now -- especially after the National Institute of Standards and Technology (NIST) deprecated two-factor text authentication in 2016.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!