Today's highly digital-enabled population has already embraced messaging apps like WhatsApp and messenger as digital banking channels. However, traditional WhatsApp banking deployments lack critical security features.

However, the security and compliance requirements for a continuous scrolling interface like WhatsApp are very different and most WhatsApp banking deployments don't have:

Secure self-service channel onboarding

Explicit login/logout for banking sessions

Multi-Factor authentication

Protection of sensitive information

Fraudulent Scenarios

Traditional WhatsApp banking users are often exposed to several fraudulent scenarios:

•Transactions through lost or unattended devices and unlocked phones using OTP sent to the same device
•Unauthorized access to sensitive financial information in WhatsApp chat history or device
•SIM phishing/SIM swapping resulting in fraudulent transactions
•Illicit access to WhatsApp web to transact/extract sensitive banking information

As fraudsters prepare to exploit the surge in WhatsApp banking usage, banks must go beyond single level OTP-based authentication, to revamp their entire security layer and offer multi-level security which is specially designed for WhatsApp banking.

How BankBuddy Enables Secure WhatsApp Banking

Protection Against Social Engineering Fraud

On BankBuddy, a customer can only register for WhatsApp banking with their bank registered mobile number after a secondary verification from either a digital channel API or verification of personal information with progressive profiling.

Progressive profiling helps banks authenticate first-time channel users with different KYC levels based on transaction and amount limits for risk management and compliance purposes. The limits can be set for individual transactions or aggregate transactions and the time period for cooling off after registration.

BankBuddy also has provision for additional in-branch or mobile agent verification for KYC upgrades for users who cannot be verified digitally.

Preventing Fraud Through SIM SWAP

BankBuddy WhatsApp banking platform enables customers to create a unique Chat banking ID and PIN, which serves as the second factor of authentication for subsequent sessions. This ID is created outside of the WhatsApp chat window to prevent leaving traces in the chat history.

Additionally, all transactions on the BankBuddy platform are secured with multi-factor authentication, so even if there is a SIM swap, the fraudster cannot access WhatsApp banking transactions as the user ID password is known to the account holder only.

Multi-Layer Security

BankBuddy offers multilayer security using advanced technologies such as biometric authentication, voice verification, and face recognition, along with chat banking ID & OTP-based authentication.

Banks can allocate different levels of security depending on the nature of the customer request or transaction through using Intent-based authentication. For example:

Generic queries like ATM location can be done without authentication
Transactional queries like account balance require single level authentication
Transactions like payments require Multi-factor authentication

Protecting Data in Unattended/Unlocked Devices

BankBuddy's platform offers explicit login and logout, prompting the user to login to WhatsApp banking for a secure session.

The users also have the option to explicitly log out after completing the transactions. If not, the inactivity-based timeout automatically ends the secure session for added security.

This ensures that even if the user has left the device unlocked, has lost the device, or has an unattended WhatsApp web session on the desktop, banking transactions cannot be done by anyone else.

Protection from Snooping

On a channel like WhatsApp with a scrolling interface, where chat history is easily available, masking of PII is extremely important. The BankBuddy platform ensures all of the customer's sensitive banking information like account numbers, card details, and personal information is properly masked in the chat history.

Why BankBuddy is the Most Secure WhatsApp Banking Platform