WhatsApp is a data security and compliance nightmare for banks. I get why so many people use it in business. It’s immediate, conveys a sense of urgency and you see when someone’s read your message (so they feel obliged to respond). None of that is true of
But it’s a real headache. People think it’s secure – and in some ways I can see why they do. WhatsApp introduced encryption that uses Signal Protocol from Open Whisper Systems, which means it can’t be read in transit, or by WhatsApp. But that doesn’t mean
it can’t be read by, say, the National Security Agency (NSA).
That’s probably fine for consumers using it to chat with their friends – what it was designed for originally. But if you’re a bank, you need to know where your data sits, who has access to your encryption keys, and if the NSA decided they wanted to examine
you, could they get access to your data via WhatsApp’s servers?
Deutsche Bank is a German bank, and if its people used WhatsApp – an American company – there would understandably be a bit of tension over where its data resides.
From a compliance point of view, things get even worse. If your data doesn’t sit on your servers, or even in your legal jurisdiction, you can’t show an audit trail of who said what to whom if you’re accused of mis-selling (as
Deutsche Bank was last year, resulting in a fine of $14bn).
There’s no compliance trail if you’re accused of harassment, or fraud. And you can’t show where your message has been downloaded or forwarded to, who it’s been shared with, or what’s happened to it at all. It’s completely out of corporate control, and unregulated.
I’m not surprised that Deutsche Bank is doing everything it can to reduce risk. I would be, too.
But the problem is this. Email isn’t fit for purpose any more. Messaging apps are growing because they’re useful for urgent or instant communication and they show when they’ve been viewed and read. They’re not going away.
But until banks start to implement secure messaging where data sits within their control, they’ll all be following Deutsche Bank’s lead.