Are you OK with Facebook being a middleman between you and your bank?

Credit to Author: Tim Ayling| Date: Thu, 06 Sep 2018 16:25:04 +0000

Let’s start this post with two questions. First: Do you trust your bank? Second: Do you trust Facebook? If your answers to these questions are different, then it might be interesting and somewhat disturbing for you to hear that Facebook is looking to partner with banks so that Facebook Messenger could become some kind of an interface between the user and the bank.

Facebook as your banker: How’s it gonna look?

When either banks that have agreed to partner with Facebook or Facebook itself comment on it, the idea sounds quite attractive: There will be an AI-infused chat bot in your Facebook Messenger contacts to answer questions such as “What’s my account balance?” or “What are my pending transactions?”, as well as sending fraud alerts and information about transactions. These are the questions that banks answer quite frequently, and having a chat bot answer them instead of a support desk could save time for you and a lot of money for the bank.

For example, American Express already has a chat bot in Facebook Messenger that works in exactly that fashion. And Facebook has been talking with more banks, such as JP Morgan Chase, Wells Fargo, Citigroup, U.S. Bancorp, and others, to make more such partnerships. Perhaps Facebook can go even further and try to make a PayPal-like digital financial service based on some bank’s platform. It has already implemented peer-to-peer money transfers through Messenger in some countries.

In fact, banks are also interested in that move; they’ve been struggling to connect with younger generations that basically live in Messenger, WhatsApp, and their like. Facebook is offering banks an opportunity to catch up, but for the users that opportunity could come at a huge cost: their privacy.

Trust issues

To answer your questions, a chat bot — Facebook — needs access to your financial information. How else could it tell you your account balance?

Even if 2018 isn’t the year Facebook learns to respect and protect users’ privacy, few would argue that the social media giant has managed to bury the issues.

Remember the Cambridge Analytica incident, when the third-party analytics company misused the information of about 50 million Facebook users? Facebook remembers it as well, and says it won’t be sharing your financial information with anyone, but users’ trust in Facebook, already relatively low, sank further after the incident became public. People probably won’t be too eager to give their financial data to Mark Zuckerberg and Co.

If you have a Facebook account, the tech giant probably has more information on you than you would prefer. That might even be true . Adding financial information to that seems like too much.

Is it secure to use Facebook for banking?

But even if you ignore the “can’t trust Facebook with my money” aspect, there are more problems remaining, and the main problem is the increased potential for fraud and other kinds of cybercrime.

With your financial account tied to your Facebook Messenger account, a criminal who got hold of the financial account could immediately transfer all the money to a money-laundering Facebook account and cash in.

Or they could use the stolen account to pretend to be you and ask other people from your contact list for money. Messenger makes it so simple to transfer money, they’d probably get plenty of bites. This type of scam is already quite popular among cybercriminals, but connecting Messenger with financial accounts would probably result in an increase in its popularity. The list of possible scams goes on.

Here’s another one: Cybercriminals can use fake accounts to pretend to be a bank’s customer-support service informing you of a fraud and persuading you to enter your banking data on a phishing site. Or they can send you a deluge of fake fraud alerts so that you get too annoyed to pay attention and miss a real one.

With a bit of imagination, you can invent more fraud schemes involving Messenger’s upcoming ability to be the interface between you and your bank — the above is just the tip of the iceberg.

It’s not that bad — if done right

First of all, no one is forcing you to connect your bank account to Facebook — for now it’s up to you. Second, adding Facebook to the mix surely raises concerns about privacy, but it’s not that bad in terms of security. Have you ever heard of Facebook being hacked and leaking information? No? That’s because Facebook has a very good security team that is really concerned about protecting your account. For example, Facebook allows you to use YubiKey for two-factor authentication, which nowadays is considered the most secure way to implement 2FA.

So, if Facebook keeps its promise not to share your banking data with third parties, you can consider it secure — as long as you set up your account right. We strongly recommend that all Facebook uses read our posts on and its security settings.

https://blog.kaspersky.com/feed/