Need help? Virtual 'officers' will reply

Ask Jamie, which was developed jointly by the Infocomm Development Authority and the Ministry of Finance, is found on government websites such as those of the Ministry of Education and the Singapore Land Authority.
Ask Jamie, which was developed jointly by the Infocomm Development Authority and the Ministry of Finance, is found on government websites such as those of the Ministry of Education and the Singapore Land Authority.PHOTO: MINISTRY OF EDUCATION

More firms, govt agencies using chatbots for customer service, but experts warn of security risks

Companies, including banks and airlines, and the Government are trotting out more intelligent chatbots - computer programs that mimic natural human conversations - to interact with customers and citizens.

Users type a question or a statement into a chat window, and the chatbot will answer or rephrase the intention of the user to get to the answer - using keywords and preset responses from a database.

OCBC Bank was the latest to join the chatbot race, with the bank announcing earlier this month that it closed more than $10 million worth of home loan applications in three months after its chatbot, Emma, fielded initial home loan queries.

However, a human mortgage specialist is still needed to close a sale. The bank is looking to expand Emma's functions, but it would not elaborate.

DBS Bank was the first bank here to launch its POSB digibank Virtual Assistant chatbot, available on Facebook Messenger, in January.

 

It handles basic queries such as branch locations and foreign exchange rates.

RISK OF PHISHING

Chatbots can be hijacked by hackers to start conversations with unwitting users to draw out sensitive personal and financial data through social engineering.

MR ANTHONY LIM, principal consultant at cyber-security hardware maker Fortinet in Asia-Pacific.

By June, the five million DBS and POSB account holders will also be able to ask for their account balances, transfer funds and make card payments by chatting with the chatbot.

Even the Singapore Government has rolled out chatbots such as Ask Jamie and Gov.sg to help citizens find information across government agencies' websites in normal conversation style.

"We believe natural language (is) more personable," said Ms Gladys Tay, deputy director of citizen products at the Government Technology Agency of Singapore.

While organisations say such a feature is more user-friendly and improves productivity, security experts warn about the inherent risks of such a system.

One risk is phishing, a process by which hackers trick people into divulging sensitive personal information. "Chatbots can be hijacked by hackers to start conversations with unwitting users to draw out sensitive personal and financial data through social engineering," said Mr Anthony Lim, principal consultant at cyber-security hardware maker Fortinet in Asia-Pacific.

Also, users cannot tell if the websites or messaging platforms, such as Facebook Messenger or WhatsApp, on which the chatbot resides are already compromised, said Mr Tony Jarvis, Check Point Software Technologies chief strategist.

Mr Alexander Gostev, chief security expert at Kaspersky Lab, said organisations also have little control over these third-party messaging platforms.

This makes chatbots less secure than traditional call centres for processing transactions.

"If I call a phone number listed as the official number of a bank, the call is very unlikely to be routed anywhere else," said Mr Jarvis.

But trailblazers in the chatbot space said they have made security a priority in their designs.

Budget carrier Jetstar, which launched its Ask Jess virtual assistant here in November 2013, said it limits its chatbot's access to its reservation systems.

For instance, customers can only request to view their booking and payment status and ask for their itinerary to be sent. "Our daily monitoring and analytics review ensures that any anomalies are detected and blocked quickly," said spokesman Robin Goh.

The airline is looking to develop more advanced features such as letting Ask Jess direct customers to promotions and take bookings.

Banks like OCBC and DBS also said their systems are well protected, but would not elaborate.

A version of this article appeared in the print edition of The Straits Times on April 24, 2017, with the headline 'Neep help? Virtual 'officers' will reply'. Print Edition | Subscribe