The Security and Compliance Risks of WhatsApp for Business and Customer Onboarding

Bespoke KYC and AML Compliance Solutions!

Schedule a demo today!

In light of the €15.9m fine issued by the European Commission to International Flavors & Fragrances Inc and International Flavors & Fragrances France SAS (IFF), it is worth examining the extent to which WhatsApp is used in business today and the risks involved. 

Taking a step back to 2020 and the onset of the Covid-19 Pandemic, the lines between employee’s work and private lives certainly became blurred. The use of personal devices and consumer tools like WhatsApp at work became commonplace – and, in many cases, necessary. In addition, tools that are widely used by consumers often find their way over to the business arena – be it by stealth or by design – and such is the ubiquity of WhatsApp that there is an element of inevitability that employees would replicate their personal use of WhatsApp in a work situation. That is not to say however that the use of WhatsApp for business does not come with significant risks. 

Using WhatsApp for Internal communications is one danger area, but the area we want to focus on today is the use of WhatsApp to communicate with customers and the dangers it poses. Before we look at the risks involved, it should be pointed out that WhatsApp does come with a number of benefits and we will examine them below.

Advantages of WhatsApp for Customer Communication

  • Convenience – WhatsApp is convenient for business and customers alike. It is a messaging tool that everyone can use and, in 99% of cases, everyone is familiar with. There is no need to download any new software or undergo any training and, on the face of it, customer communications and onboarding can be conducted in a seamless manner. 
  • WhatsApp Business Additional Features – WhatsApp Business was launched in 2018 and comes with a number of features which can help companies manage the risk involved. Features include:
    • Automated responses
    • Message templates
    • Labels  
  • WhatsApp Security Credentials – WhatsApp does boast end-to-end encryption and is built in a GDPR compliant manner.
  • WhatsApp API – The availability of the WhatsApp API for WhatsApp business customers enables businesses to integrate WhatsApp with their existing systems providing added convenience and flexibility around enterprise workflows.

Risks of WhatsApp for Customer Communication and Onboarding

  • Security Risks – In spite of WhatsApp’s impressive encryption capabilities, there are still some risks associated with the use of WhatsApp in a business situation that you should consider. With close to 3 billion estimated users, WhatsApp is a very large playground for hackers, scammers, and bad actors. Nefarious tactics such as social engineering, forwarding calls, web hacking, and spyware are all regularly deployed, increasing the potential risk involved in WhatsApp business usage.  
  • Compliance – According to their website, WhatsApp for Business is GDPR-compliant based on its intended purpose. There are however many ways companies can still fall foul of GDPR regulations by using or misusing WhatsApp for Business to communicate with customers. For instance, storing and archiving customer conversations which contain personal data and sensitive items can be challenging. There are no auto-purge features to ensure data isn’t stored beyond its intended date, nor are there audit logs or archiving which are essential to meeting GDPR compliance obligations. 
  • Scalability – Scalability is another issue that can lead to potential compliance risks. If your company is using WhatsApp to collect documents and sensitive personal data during the customer onboarding phase, you need to consider how this process will scale. If you’re not careful the end result will be a situation where customer data is stored all over the place in a maze of customer WhatsApp communications. At this point, how will your company go about auditing customer data, or even locate this data in the case of a Data Subject Access Request.

Protect Your Company

Having weighed up the pros and the cons of using WhatsApp for customer communications, it is clear that very real security and compliance risks exist. The size of potential fines for regulatory failures is enormous, while security breaches can be extremely costly both in terms of company reputation and the loss of revenue.

pv-popover

PlanetVerify provides an alternative channel for customer communications that is highly secure, GDPR compliant, and provides companies with a way to communicate with customers in an on-brand manner. Our platform is highly flexible and our API-driven approach helps companies to implement bespoke customer onboarding and KYC workflows needed to meet the needs of the modern customer. 

If you are putting your company at risk by using WhatsApp for business communication, please reach out to PlanetVerify today to secure your customer onboarding process.

Stay up to date on PlanetVerify news, product updates, and more

PlanetVerify will only use the information you provide to share blog updates. You can unsubscribe any time. For more details, check out our privacy policy.

Related Articles

kyc automated onboarding

10 Benefits of Automating Your KYC Process

Automating KYC processes not only reduces the manual cost but also quickly identifies whether your customer is genuine or not. This technological leap streamlines the verification process and allows your business to accurately identify legitimate customers and avoid fraud. Let’s understand the basics of KYC Automation solutions and how to select the right one for your organization.

Read More ...

Tired of manual KYC onboarding processes?

Schedule a quick consultation with our solutions experts to explore ways PlanetVerify can help you optimize your KYC and AML Compliance process. Simply leave your details below, and we’ll do the rest!