The new conversational world changed not only the way users interact with businesses, but also the way businesses deploy and secure applications. The shift from a direct interaction using a browser or a mobile app, to a mediated interaction using a third-party device or a platform such as Amazon Alexa, Google Home, Facebook Messenger, or Siri, creates new challenges for business, especially in highly regulated sectors like financial services or health.
Security, compliance, and privacy are the basis for any digital strategy. Without them, we lose our customers’ trust and might even create a liability breach. The rise of conversational platforms adds another player in the chain of communication between the end user and the business. Every chain is as strong as its weakest link. The good news is that all major providers take security, compliance, and privacy seriously. We still need to make sure we tweak our applications in the right way to keep them safe, however.
ADJUST THE USER EXPERIENCE OF YOUR SECURITY MEASURES TO THE USER EXPERIENCE OF CONVERSATIONAL APPS
The major change from traditional web and mobile apps to conversational apps is the transition from Graphic User Interface (GUI) to Conversational User Interface (CUI). It is no surprise that user experience is the main concern when we deal with security. Traditional security controls, such as user name, passwords, and even biometrics, like fingerprint and face recognition, are all built for desktop, web, and mobile apps. Conversational applications require a different approach that will be natural to the new medium. For example, instead of a password, we can use a more natural question and answer flow, or simply use a short PIN code. For biometrics, instead of a fingerprint, we can use voice authentication. Naturally, it is recommended to use different authentication methods for different access requests. For example, a PIN code can be used to access account data, but a customer can be asked to answer a security question before transferring money to a third party.
At Conversation.one, we have enabled a transparent second-factor authentication using a user-defined four-digit PIN code. PIN codes work fluently with the current voice recognition and semantic capabilities, as well as part of any conversation. For example, if a user asks for sensitive information by saying: “Alexa, please ask Chase what my balance is”, the system will respond with a challenge: “To continue, please provide your PIN code”. This is a natural conversation and does not break the user experience.
DON’T FORGET THE “CLASSIC” SECURITY REQUIREMENTS
The core of any conversational app is a backend service. Make sure you place a firewall and a Web Application Firewall (WAF) and use best of class encryption (SSL) for all your communications. If possible, limit access only to authorized endpoints such as Amazon or Google servers.
At Conversation.one, we use Incapsula Web Application Firewall Solution to protect all our endpoints, and RSA 2048 bits SSL certificate for our HTTPS communications (of course, all communication is encrypted).
Most conversational services offer an account linking feature (including Amazon Alexa and Google Home). This feature is extremely helpful as it simplifies the process of authorizing the user to access private data using the conversational app. While building your app, however, you must make sure to implement the authorization protocols (usually OAuth) in the most secure way.
A major security challenge introduced by the account linking process is the fact that the authorization process is done only once. This means that anyone with physical access to the device can get access to the service. This once lead to a real-life incident where a minor used her parents’ Echo device to purchase a dollhouse from Amazon.
To provide the highest security level and the most simplified UX for the end-user, the Conversation.one platform includes built-in support for OAuth Auth-Code-Grant flow. In addition, to prevent cases of unauthorized access to the conversational app, the Conversation.one platform provides a second-factor authentication layer in the form of a four-digit PIN code. The code is selected by the end user as part of the account linking process, and is required whenever there is an attempt to access personal information.
PRIVACY, PRIVACY, PRIVACY
By enabling conversational services, we route the communication between the end user and business through a third party channel (Amazon, Google, Facebook, etc.). You must make sure that the third party service does not store the data or, at best, limit the access to the data in a protected way. Since not all channels are created equal, you must carefully examine each channel and decide which functionalities can be enabled. For example, for some channels, you can limit the usage to public data only, and in others, you can enable actions that transfer private information. I’ve included a summary of the privacy measures of each service below:
- Amazon Alexa & Google Home – Both services record the users’ interactions and transfer the response from the business. In both cases, however, the data is fully managed by the user, and the providers give no one else access to the data. You can find more information on Amazon Alexa hereand on Google Home here.
- Facebook Messenger – Facebook Messenger bots are implemented using a chat between the end user and a Facebook business page. Like Amazon Alexa and Google Home, Facebook collects all interactions between the end user and the business. The difference here is that the full transcript of the communication (textual in this case) is also exposed to any Facebook page administrator. Traditionally, Facebook pages are managed by social marketers, which are in many cases, an external agency. Currently, it is recommended to create a separate Facebook page dedicated for the chatbot,and to limit the access to specific dedicated users managed by the IT team. In addition, for highly regulated sectors (finance, health care), it is recommended to provide only publicly available data within this channel.
- Siri – Unlike other conversational solutions, Siri handles the entire conversation internally and will invoke your application with the required intent and parameters. After your app is invoked, you have full control of the privacy – as much as you have in any mobile app.
At Conversation.one, we take your customers’ privacy seriously. We never store or share any private information with anyone else. All access tokens are stored encrypted, using the end user PIN code, to make sure no one (including us!) has access to any user’s data.
FINALLY – COMPLIANCE
Any application that you provide to your users should be compliant with your organizational needs. Whether it is a PCI, SOC or HIPAA, you must make sure that any link in the communication chain is compliant as well. This includes your part of the implementation, as well any service such as Amazon Alexa and Google Home. Make sure your solution is secured end-to-end, both at the network level and the application level. Make your service redundant, and be prepared for any situation in case something breaks (have a backup system, service restore plan, etc.). Monitor your service constantly, and establish policies to handle any kind of service degradation.
At Conversation.one, we use Incapsula for network security, Comodo for SSL certificates, Amazon AWS for delivery, Dyn DNS for DNS service, and both Pingdom and Zabbix for monitoring. The service is fully redundant, and all our data and our customers’ data is constantly backed up.