Introduction of AI-Connected Financial Accounts
OpenAI has announced a new feature for its ChatGPT platform, allowing users to connect their financial accounts for personalized finance advice. This move has raised concerns among privacy and cybersecurity experts, who warn of potential risks to users' sensitive financial information.
The feature, which is currently available to paid subscribers, uses the financial tech company Plaid to connect users' bank accounts to third-party financial apps. In the future, the platform will also be powered by Intuit, a provider of personal finance, tax prep, and small business accounting software.
Concerns Over Data Privacy
Ridhi Shetty, senior policy counsel at the Center for Democracy and Technology's Privacy & Data Project, has expressed concerns over the potential risks of connecting financial accounts to ChatGPT. "Even if ChatGPT's new feature doesn't access full account numbers or have the ability to make changes to financial accounts, the financial information it does collect can reveal deeply personal details about a person's life, habits, vulnerabilities, and relationships," Shetty said.
Shetty also questioned the reliability of a chatbot's financial guidance and the lack of professional standards offered by a "tool that doesn't abide by the obligations that professional financial advisors have to protect clients' privacy and act in their best interests."
Cybersecurity Risks
Cybersecurity experts also worry that the tool poses significant risks. Diana Kelley, chief information security officer at Noma Security, warned that the "view-only" aspect of the platform is "meaningfully safer than an agent that can move money or change accounts... but view-only does not mean low-risk." Kelley cautioned that users should use multi-factor authentication, log out of other sessions, review memory settings, disable training for sensitive chats, and delete both chats and memories when they no longer need the information stored.
Ram Varadarajan, CEO at Acalvio, also warned that the centralization of financial data inside a single platform creates a high-value target for account takeover attacks. A single security breach could provide hackers with a detailed map of users' net worth and spending habits, Varadarajan said.
Safeguards and Precautions
OpenAI has promised that users will be able to "stay in control" of their data, including the ability to disconnect their accounts whenever they want. Once accounts are disconnected, users' ChatGPT conversation history will remain intact, although users can always delete individual conversations. Users will also be able to erase "financial memories," which store key details about financial goals, investments, and overall positioning.
"Temporary chats" will be offered, allowing users to have conversations with the chatbot that don't allow it to access financial accounts and don't save in users' histories. However, experts warn that these safeguards may not be enough to shield user privacy, and that users should take additional precautions to protect their sensitive financial information.
Conclusion
The introduction of AI-connected financial accounts raises significant concerns over data privacy and cybersecurity. While OpenAI has promised to prioritize user security and privacy, experts warn that the risks associated with connecting financial accounts to chatbots like ChatGPT are real and should not be taken lightly. Users should be cautious when using these features and take additional precautions to protect their sensitive financial information.
Source: The Record