WhatsApp is the number one chat app in the world — with over 1.5 billion users! Hence, Banking and Finance sectors can take advantage of it's wide accessibility, expansive network, and end to end encryption.
Digital transformation has arrived in the finance and banking space. According to Deloitte 2019 Banking Industry Outlook, digital has become a central strategy to the sector, as fintechs continue to grow, PSD2 in Europe has become a reality and retail banking is fast embracing mobile-centric customer experiences. Investments in mobile technologies have increased meaningfully, with banks spending on improvements in every channel, mainly in digital banking. JPMorgan, for instance, has adopted the line “mobile first, digital everything”.
Automating existing processes is not enough. As identified in the Retail Banking Trends 2019, simplifying the customer journey is one of the top three priorities for the year. Clients are increasingly expecting bespoke, value-added, real-time services, self-service, and personalized engagement. Enabling clients to manage their financial lives without hassle is now a true differentiator point.
In this context, the WhatsApp Business solution rises as one of the most desired channels for banks and financial companies. With the WhatsApp Business API, the financial sector can power customer service with real-time account balances, mini statement reports, latest transaction records, real-time alerts, and even payment transfers (usually to existing contacts). As online engagement becomes more conversational, using chat apps to facilitate banking transactions for clients makes perfect sense. This is definitely how banks can simplify customer journeys — especially for younger generations.
However, like most communication channels, there’s always the concern of user security, privacy, and GDPR compliance. Does the use of the WhatsApp Business solution really meet these stringent requirements? Also, what’s tyntec’s role in providing a secure, GDPR-compliant access to the WhatsApp Business API? Let’s find out.
GDPR (General Data Protection Regulation) governs the use and storage of personal data of EU citizens — regardless of the location it was acquired. The way data is collected — text message, web form, or onscreen prompt — must illustrate how it will be used. In addition, companies must provide a way for users to opt-out of communications and process these requests quickly.
The WhatsApp Business solution has been built with the privacy and security features that businesses need. That’s why, the WhatsApp Business API does not allow access to the user’s phone book. In addition, media and messages are only stored for delivery and deleted between 7-30 days respectively.
When connecting to tyntec, banks and finance companies can be assured that GDPR compliance is still met. With an ECB-S grade data center hosted in Dortmund, Germany, we make sure that your data remains in the European Union. At the same time, we run encryption and pseudonymization wherever possible, do not archive messages, and provide a secure data processing framework.
WhatsApp Business solution messages are encrypted from tyntec to the device, and secured over HTTPS (and optional SSL/VPN) from your application to tyntec. This means companies can share and receive sensitive information in business-to-customer communications, such as payment requests, addresses, etc.
Official Business Accounts
To run your customer interactions with the WhatsApp Business API, you need to have a WhatsApp Business Account (also known as WABA). Banks and financial companies should aim to have a verified WhatApp Business Account, meaning that WhatsApp has verified that an official company owns this account. Although it’s not mandatory, this verified profile is ideal for the banking sector — as client conversations are usually sensitive.
An official business account contains the necessary elements to create trust with users: the green badge shows that this is the official company account — where customers can ask questions of any kind. It provides additional contact information, such as your hotline, website, phone number, and other company details. Having a verified profile means that customers can trust this channel and communicate freely with the enterprise.
User Opt-In and Opt-Out
Opting-in plays a crucial role in setting up your service. This is because it’s only via an active opt-in that businesses are allowed to communicate to WhatsApp users. An end user must first consent to receive messages through the WhatsApp Business solution by opting into them via a third party channel. This can be any channel your business uses to communicate with customers — some examples are, your website, app, email, SMS, or retail location.
At any point, the user can easily opt-out — and blocking and reporting mechanisms are available directly on the company profile.
IT Security as a Priority for tyntec
Safeguarding customer data is no longer merely a good business practice — it is mandatory. At tyntec, we guarantee multiple secure transmission options, run regular penetration tests and automated vulnerability scans, and more to ensure security. We continue to strengthen our security controls and standards every day, supporting secure conversations for your WhatsApp Business solution and beyond.
This article is part of the Connections Now newsletter. You can sign up here to receive it every month.