What Is A Chatbot And The Risks That Are Associated With Them

June 3, 2019 in Cyber Attacks, Data Breach

What is a chatbot? Put in simple words, a chatbot is a software solution that uses machine learning to have a conversation (or chat as it is called) with another user online. You’ve likely seen these when you visit a website for a bank, or credit card company, a car sales website, or even a software business.

A few seconds after you land on the page, or sometimes upon arrival, a pop-up will appear that says something like “Hi, how can I help you?” or “Is there something you’re looking for?” If you answer the prompt, your chat with the bot will begin. Based on your responses additional prompts may be provided, or you might be redirected to a live representative for more help.

Chatbots are all the rage these days. This is because they can answer your customers’ online inquiries 24 hours a day, 7 days a week, even if you or your employees are offline. Several companies have created their own chatbots, including Microsoft, Facebook, Google, Amazon, IBM, Apple, and Samsung. In fact, more than 100,000 bots are being used on FB Messenger alone now per Chatbots Magazine. As many as 80% of companies plan to have some form of a chatbot by 2020.

As Chatbots Magazine puts it, the reason businesses are so anxious to use chatbots, is because they know that consumers want answers quickly. When a potential customer messages a company, they expect a swift response. If customers don’t get answers quickly, they will often move on, which can result in missed sales opportunities. However, chatbots can answer fast on your behalf to help keep consumers happy and engaged.

If you’ve been considering using chatbots in your business, it’s important to know about their security risks, and best practices for using them. Luckily for you, we’ve got all that and more covered in this post.

Chatbot Security Risks

According to DZone, chatbot security risks come down to two categories – threats and vulnerabilities. Threats that a chatbot could pose include spoofing/impersonating someone else, tampering of data, and data theft. Vulnerabilities on the other hand, according to DZone, “are defined as ways that a system can be compromised that are not properly mitigated. A system can become vulnerable and open to attacks when it is not well maintained, has poor coding, lacks protection, or due to human errors.”

Threats are often one-off events such as malware attacks or distributed denial of service (DDoS) attacks. Vulnerabilities are long term issues that need to be addressed regularly.

Are Chatbots Secure?

Whether or not a chatbot is secure is a complicated question because there’s no definitive answer. Even the most robust and secure systems could have potential vulnerabilities, and be at risk for threats.

However, there are security protocols you can put in place to increase chatbot security should you decide to use them. The process is similar to any other system that involves introducing sensitive data in that respect. What you do on the offense can determine the level of security of your chatbot.

Best Practices for Chatbot Security

The two main security processes for chatbots are authentication and authorization. The former refers to user identity verification, while the latter refers to granting permission for a specific user to perform certain tasks and functions or access a portal.

Here are some of the best practices you can use to ensure chatbot security:

Two-factor Authentication: This time tested method of security requires users to identify themselves in two different ways. For example, using a username and password, and then also answering a prompt with a unique response that has been sent to the user via email or phone.

Use a Web Application Firewall (WAF): A WAF protects websites from malicious traffic and harmful requests. Therefore, a WAF could help prevent bad bots from injecting malicious code into your chatbot’s iframe.

User IDs and Passwords: Instead of allowing anyone to use your chatbot, require they become a registered user. Criminals like easy targets. Therefore, just an additional step like registering with a website could deter a would be cybercriminal.

End-to-End Encryption: This can prevent anyone other than the receiver and sender from seeing any part of the message or transaction.

Biometric Authentication: Instead of user ids and passwords, you would use things like iris scans and fingerprinting to grant access.

Authentication Timeouts: This security practice places a time limit on how long an authenticated user can stay “logged in.” You’ve likely seen this with your bank’s website.

A pop up asks you to log back in, asks you to confirm you are still active, or simply tells you time has expired. This can prevent a cybercriminal from having enough time to guess their way into someone’s secured account.

Messages That Self-Destruct: This isn’t a Mission Impossible joke, it’s actually a security measure you can use to make your chatbots more secure. Just like it sounds, after the messaging on a chatbot concludes, or after a certain lapse of time, the messages and any sensitive data are erased forever.


While there is no doubt that chatbots are an innovative and exciting development as far as digital interaction between customers and companies is concerned, they do give hackers one more opportunity to find a way into your website to gain access to private and confidential information. Chatbot security, therefore, like all aspects of security when it comes to your website, is in your hands. The more layers of website security you implement, the harder it will be for cybercriminals to prey on your site, and your visitors.

Latest Articles
Follow SiteLock