Can AI-powered mobile assistants bypass the identity verification step required by bank apps?
—Netizen "DianDian"
On December 1st, Doubao, in collaboration with ZTE, began small-batch sales of the nubia M153 engineering prototype. When the Doubao AI assistant responded to voice commands and quickly and accurately reported the balances of multiple bank cards held by the user, a demonstration video showcasing this technological innovation sparked widespread public discussion about financial security. Many netizens left messages for this newspaper questioning, "Can an AI assistant bypass the identity verification step of a bank app?" Behind this question lies both netizens' confusion about the application logic of new technologies and public anxiety about the security of AI technology crossing over into financial scenarios.
To unravel the mystery of identity verification, we must first understand the core logic of its operation. In reality, the AI assistant doesn't "bypass" the bank's security verification; rather, it acts like a "clerk" with high-level permissions, having already received your approval at each level, acting on your behalf with a "temporary pass." This is similar to asking a friend to handle business at the bank on your behalf; you must first inform the bank staff that you "agree to this friend's actions" and present your ID card for verification—the authorization of the AI assistant follows the same principle.
As a collaborative product at the operating system level, Doubao Mobile Assistant's ability to access data across applications relies on a "dual authorization mechanism." This means users must first explicitly grant third-party access within the bank's app, and then complete the operation confirmation through the phone's biometric authentication (fingerprint, face, etc.), forming a double layer of protection: "user authorization + device authentication." Simply put, the first layer of authorization requires you to personally open the bank's app and agree to Doubao accessing your balance information in the settings. This step is equivalent to telling the bank, "I allow this AI assistant to check my balance." The second layer of authorization means that each time the AI assistant performs a balance check, you still need to unlock your phone with your fingerprint or face for confirmation, essentially a "second check."
Based on the core principles of the AI Agent security protection system, this type of system will assign "digital certificates" and "temporary access tokens" to the AI assistant. The tokens are usually valid for only 1 hour and are automatically refreshed, which can avoid the risk of long-term abuse from the source.
From the perspective of data flow, Doubao Mobile Assistant uses end-to-end encrypted transmission technology. User account information is encrypted and protected throughout the transmission between the AI assistant, the mobile system, and the bank server. The AI itself cannot store or read the original sensitive data, but can only obtain the desensitized results.
While current AI assistants' ability to check bank card balances has not posed a substantial financial security risk, for a financial system that processes thousands of transactions per second and safeguards the funds of hundreds of millions of users, any unverified external intervention could become a vulnerability. The Doubao AI assistant's ability to access cross-application data through operating system-level permissions does indeed touch a nerve in traditional financial risk control. In recent years, cases of black market actors using AI proxies to register accounts in bulk and frequently cash out have been numerous, reminding banks to establish the most cautious "firewalls."
Currently, Doubao Mobile Assistant has significantly reduced its automation support for core scenarios such as finance, and many bank mobile banking applications have also adopted defensive measures, requiring users to disable the AI assistant before continuing operations. This highlights the multiple challenges facing financial institutions' AI risk control, including blurred boundaries in cross-platform data sharing, insufficient technical defenses against AI attacks, and balancing user privacy protection with service experience. In response to the operational scenario innovations brought about by AI tools, the banking industry needs to establish a comprehensive risk control network encompassing "prevention, monitoring, and post-event traceability" to create a more advanced risk control system.
However, security concerns should not be an excuse for rejecting innovation. Users' expectations for AI-powered financial scenarios are essentially a pursuit of more efficient and convenient services. Traditional risk control systems should not react to "new variables" like AI agents with a "one-size-fits-all" approach. Banks should quickly establish a balanced mechanism of tiered management, precise identification, and collaborative linkage to both safeguard financial security and ensure a convenient user experience. For example, banks can classify the financial operations of AI mobile assistants into different risk levels and match them with different protection standards according to the principle of "matching risk level to protection strength," achieving "differentiated risk control" and avoiding a blanket ban. Banks can also sign data security and operational boundary agreements with mobile AI assistant manufacturers, clearly defining the scope of banking services that AI tools can access and the data transmission standards. Simultaneously, bank apps can add an AI tool authorization management entry point, allowing users to independently turn "AI-assisted operation permissions" on and off, and customize the types of authorized business and operation limits.
In reality, users' security concerns about AI-powered balance checking functions are a normal phenomenon in the development of fintech. The boundaries of financial innovation must never cross the line of security. The discussion sparked by Doubao AI mobile assistant provides the industry with an important opportunity for reflection: the application of AI technology in the financial field requires both continuous technological iteration to build a robust "digital fortress" of security, and industry-wide consensus to clarify the "code of conduct" for compliant development.
For ordinary users, while enjoying the convenience brought by AI technology, it is also necessary to improve their own security awareness. They should be cautious in granting financial permissions to third-party tools, regularly check account authorization records, and remain vigilant about functions such as "one-click operation" and "password-free inquiry." After all, the ultimate line of defense for financial security is always the user's own risk awareness.
