How TD Ameritrade tackles security in Facebook Messenger chatbot

A common refrain in financial services these days is that companies need to go where customers are, not wait for people to come to a banking app or brokerage website.

TD Ameritrade is following that advice with a Facebook Messenger chatbot that will give customers instant updates on their portfolios and trades. The bot, unveiled Tuesday, will require the unit of Toronto-Dominion Bank to work through the privacy and security issues financial firms face whenever they communicate with customers via third-party platforms such as Messenger and Amazon’s Alexa.

“We know more and more consumers are using Facebook Messenger to connect with family and friends and even with brands,” said Sunayna Tuteja, director of emerging technologies and innovation at TD Ameritrade. “For us this has become another access point through which we can keep consumers connected to the market and their own portfolios just as they stay connected seamlessly with their friends and family.” About 200,000 TD Ameritrade customers use Facebook, she said.

tuteja_sunayna _td_ameritrade.jpg

The notion of going where the consumers are is part of the brokerage’s larger “conversational commerce” strategy, she said. It started testing Alexa about a year ago.

In part, the chatbot and the Alexa Skill (the talking virtual assistant’s equivalent of an app) are addressing the shorter attention spans and general impatience in an always connected society.

“People want more control, they want to be empowered, they want that on-demand experience,” Tuteja said. “I don’t want to call someone and wait on the call for them to get back to me, I want to be able to message them and then go about doing whatever I’m doing and they can get back to me.

A handful of financial companies, including TD Bank (the brokerage’s corporate cousin), Wells Fargo, Mastercard and American Express, have developed Facebook Messenger chatbots.

"Customers are not spending much time on their banking apps,” Brett Pitts, executive vice president and head of digital at Wells Fargo, said in June. “Ninety-seven percent of their digital time is spent elsewhere," for instance on Facebook, Instagram, Facebook Messenger and Gmail.

Most of these chatbots so far seem basic — if you ask a question in just the right way, it summons an answer from a repository of FAQs, and there tends to be a long time lag.

Dan Miller, lead analyst and founder of Opus Research, calls this generation of bots “the chaotic presence.”

“The convention with a Facebook Messenger presence is that when you sign onto it, it says expect 15 minutes or so before we respond, which is a step backwards when it comes to customer expectation,” Miller said.

Financial firms will need to follow TD Ameritrade’s example and get to a more immediate response.

“Right now people’s expectations are, anything I do over my mobile app I ought to be able to do over Messenger,” Miller said. “I should be indifferent to whether I’m using a bot or in contact with a live agent. In the next three years, you won’t know the difference.”

The security hang-up

One morning, I tried to ask TD Bank’s Facebook Messenger bot my account balance. I received this message: “Hi Penny. Please check out this link: https://go.td.com/2fRxpP2 on the ways you can check your balance. Please know that Facebook is not considered a secure forum and we do not have access your account information as a result. — Denise.”

That warning underscores the question with which many banks, including Bank of America and U.S. Bank, are grappling: Can they provide customer information securely through Facebook Messenger, Amazon Alexa and other popular communication channels?

TD Ameritrade is working through this.

“From the early days when this was still just an idea we wanted to explore, we brought in experts from legal, security, compliance, privacy,” Tuteja said. “We connected them to experts on the Facebook side because we wanted to make sure that as a firm we were comfortable that what we were going to be offering consumers on Facebook Messenger had the same level of privacy and security you would get when you’re using our website or mobile app.”

The TD Ameritrade team is meeting with their counterparts at TD Bank to explain to the retail bankers how the brokerage side has solved these security and privacy issues so far.

Authentication is one key. TD Ameritrade uses three-legged OAuth to allow clients to log into their own accounts on Facebook Messenger. If a customer taps “Account,” she’s presented with a login screen that asks for her user name and password. Behind the scenes, TD Ameritrade is also using device ID to verify her identity. The customer can then view her portfolio, order status, balances and positions on TD Ameritrade's mobile website.

Tuteja also pointed out that apps like WhatsApp Messenger and Facebook Messenger have gotten better at encryption.

“Often their encryption is stronger than some of the traditional channels,” she said. And client data is always maintained at TD Ameritrade; nothing is shared with Facebook.

Miller predicts that within a matter of months, a generally accepted mechanism for establishing secure links within Messenger will be defined.

“We know from surveys that customers want access to this information to be frictionless, but they also want to know it’s a secure link,” Miller said. “So there’s a lively debate whether having them stop in their tracks, click on another link, authenticate themselves and then carry out the activities they want to do over a secure link, has an editorial value: ‘Hey, we’re making sure you are you and you should feel secure about that.’ ”

Another option might be to accept that because someone logged into Facebook and was authenticated there, they are who they say they are.

Another aspect of working with a chatbot in Facebook Messenger that makes bankers nervous is allowing Facebook itself to see customer data.

“Facebook is going to have to articulate to the banks how they’re not seeing this and not using it,” Miller said. “There may have to be some retooling of the protocols before a bank would say, ‘sure, I will give my customers permission to give things like their account numbers and Social Security numbers via Messenger.’”

What’s in 1.0

TD Ameritrade’s Facebook Messenger chatbot lets customers look up market news, stock quotes, and events. For instance, if you type AAPL into the search box (or speak the word “Apple”), you’ll get the current price of Apple stock; one-day, one-month and one-year price movements; and any upcoming events affecting Apple shares, like earnings calls and product announcements.

“One of the personas that inspired this was our active trader segment; this segment wants to stay on top of breaking news and have real-time quotes at their fingerprints so they can make quick, intelligent investing decisions,” Tuteja said.

The bot provides educational videos on topics like 401(k)s and Roth IRAs. TD Ameritrade calls this “snackable content.”

“The digital native, young millennial is starting to think about what is a 401(k) or a Roth IRA, but no one has the time to read a 20-page document,” Tuteja said. “We’ve embedded these rich videos that you can watch while you’re in Facebook Messenger and while you’re on the go.”

Users can obtain information about their own recent trades and portfolio activity.

“I like to use the example of my own parents who are baby boomers, small-business owners always short on time, but as they get closer to retirement, they’re getting a little more in tune with wanting to stay on top of their portfolio and make regular investing decisions,” Tuteja said. “They spend a great deal of time on Facebook Messenger chasing down my brother and me and staying connected to friends and family. And now within that same access point, they can also get a quick checkpoint on how their portfolio is doing, how the market is doing.”

Navigation buttons that say things like “My accounts,” “My symbols list,” “Quote,” “Market update” and “Education,” help users get what they need.

“From user feedback, we found out that people wanted these guided buttons. They don’t want to spend time typing things out,” Tuteja said.

The stocks a customer typically checks every day can be gathered in a symbol list, so they can see them all at a glance.

A social media response team of 15 people watches all the interactions and jumps in where they feel human intervention might be called for. Tuteja called this a “co-bot” experience.

“The human is always there to answer any complex questions,” she said. The chatbot also has an algorithm that observes when a customer has asked the same question multiple times, suggesting the person is not getting the information they want, and a human can quickly jump in.

“Or say somebody is using salty language — we’ve built intelligence into the algorithm that helps the chatbot recognize ‘this person’s in a mood.’ Maybe they’re angry, maybe they’re in a rush, and it automatically escalates to a human,” Tuteja said. The social response team member receives a log of everything that’s been said within the bot before picking up the thread.

In an employee pilot of the chatbot, questions have been around general market information — what did the Dow close at today? And more specific: “I want to open an account, what should I do?”

The TD Ameritrade chatbot is designed to answer faster than a human could.

“As great as my team is, it still takes them 15 to 20 minutes to get back to you,” Tuteja said. “Whereas a chatbot can do it within minutes.”

An internal agile development team built the chatbot with help from two tech partners: the software development company BlueMetal and the chat user experience provider Inthechat.

Inthechat is a digital customer engagement platform that uses natural language processing and artificial intelligence to host conversations over digital channels including SMS, chat, messaging and email. It can leverage the same contact center processes companies use for phone-based customer service, such as interactive voice response decision trees and the ability to route messages to the agents who can be most helpful.

It facilitates messages from humans to bots and back and forth between bot, customer and customer service rep.

“It was important to TD Ameritrade that their digital experience provided clients the option to self-serve through a bot or to connect with a person,” said John Huehn, CEO of Inthechat. “Technology can offer information at a speed people can’t, but the human element is just as important because it provides a relationship and context that people often need. So they offer a way to connect with that bot or speak to a human.” (In the bot, customers can tap “Help” to speak to a person.)

“If a customer starts a conversation with a bot and chooses to transfer to speaking to a TD Ameritrade employee, Inthechat brings all that together for a seamless experience,” Huehn said.

To help guide the work of the internal developers and tech partners, TD Ameritrade hosted a 24-hour employee hackathon.

“We gave them a problem statement,” Tuteja said. “You want to have a purpose so you’re not all over the place. We said, ‘We believe AI and a chatbot experience can fundamentally evolve the way we meet and engage with clients. What use cases would you as our employees recommend that we start with?’ A lot of these employees are the ones that are closest to the clients. They’re the ones talking to the clients, processing things our clients are asking for. Why not tap into their expertise?” TD Ameritrade’s CEO, Tim Hockey, and other executives came to hear some of the presentations.

More than half of the employees’ ideas were incorporated in the chatbot released Tuesday. (For instance, a staff member came up with the idea of providing information about market sectors.) The rest will be put into action in coming months, Tuteja said.

Before launch, employees were invited to try out the beta version of the bot and give feedback.

“Part of that has been giving us ideas on how to make the chatbot smarter,” Tuteja said. “I like to joke that this is still a baby’s brain, it has to continually learn and that feedback from employees has been helpful.”

The basic knowledge base behind the bot is the same as that behind the website and mobile app. It includes frequently asked questions on the website and the knowledge of Ted, a digital agent TD Ameritrade has run on its website for several years.

TD Ameritrade’s goal in coming months is to let people buy and sell stocks within the bot. And the underlying engine can ultimately be applied to smart TVs and “smart speakers” like Google Home and Amazon Echo.

“All these new end points, whether they’re text based or voice based, like Alexa and Google Home, are coming at us fast and furious so we’re assessing each one and carefully understanding what use cases we might be able to deliver,” Tuteja said. “If consumers are using it, we want to be able to deliver the experience to them.”

Editor at Large Penny Crosman welcomes feedback at penny.crosman@sourcemedia.com.

For reprint and licensing requests for this article, click here.
Artificial intelligence Authentication Bank technology TD Ameritrade TD Bank BankAI Conference
MORE FROM AMERICAN BANKER