‘We’re not there yet’: USAA’s Darrius Jones on security concerns in the next big channel — voice

People could soon be doing their banking over voice-activated channels. But there are major issues around security and privacy to iron out first.

On Wednesday, USAA began piloting an Alexa skill for Amazon home assistant devices that lets customers check balances, review spending history and get other account insights based on their transactions. USAA is keen on letting Alexa read back customers’ financial data, but it’s not ready to let Alexa make payments, said Darrius Jones, assistant vp at USAA Labs, a division of USAA.

Many industries, not just financial services, are getting concerned about Amazon inserting itself between them and their customers. Banks and fintech startups are interested in using voice platforms to reach customers, but data and identity security and privacy concerns loom.

Tearsheet caught up with Jones about the pilot, its relationship with Amazon and staying ahead of customers’ security needs. Answers have been edited for length and clarity.

What are some of the security challenges of this pilot?
Understanding Amazon’s role in security versus our role. Privacy is another. When you have one of these devices and you plug it in, it has to listen. That’s part of the challenge and what makes them work. It’s what you’re allowed to do with the things you hear that people are now kind of going back and forth on.

How do you mean?
You don’t want your information spewed out into the ether when anyone can be in your house and ask a question.

Or move money around.
We have not put any money movement capabilities on the platform at this point. [It] is not something our skill will accommodate because we’re not comfortable with the state of security for money movement on the platform. How do you do this seamlessly and securely? We’re just not there yet.

Is Amazon a competitor or a partner?
In this conversation we’re definitely in a partnership. We’ve had to asked them to help us better understand the technology platform, we’ve had to help them better understand our regulatory requirements.

Does Amazon keep USAA customers’ data?
Amazon only has access to what the member provides during the interaction with Alexa while using the USAA skill. We use OAuth 2.0 to provide the member with the ability to see what permissions Amazon will be granted and give them the power to decide whether to grant that permission, which they can also revoke at any time. Amazon knows the question that the member asks Alexa and the response that is provided, but not the raw data used to formulate the response. All the transaction data is USAA-owned data.

Customers often care less about privacy than they think and more about speed and convenience.
We’ve enabled secure key, a six-digit key enabled with the Alexa skill that has needs to be uttered upon invoking the USAA skill. Only once you do that will you be able to get personalized spending information and balances. It was something Amazon asked for, but even the way we implement it — having it directly on the Amazon platform, where you have to set it up to determine whether to keep it on or off — is another useful usage pattern we focus on.