Chatbots in consumer finance – Consumer Financial Protection Bureau

Working with customers to resolve a problem or answer a question is an essential function for financial institutions – and the basis of relationship banking.1 Customers turn to their financial institutions for assistance with financial products and services and rightfully expect to receive timely, straightforward answers, regardless of the processes or technologies used.
The following research conducted by the Consumer Financial Protection Bureau (CFPB) explores how the introduction of advanced technologies, often marketed as “artificial intelligence,” in financial markets may impact the customer service experience. The purpose of this report is to explain how chatbot technologies are being used by financial institutions and the associated challenges endured by their customers. The CFPB’s analysis suggests that:
Financial institutions have long used a variety of channels to interact with prospective and existing customers. Bank branches were created to give customers a place near their homes to conduct banking business and receive customer service and support.4 The ability to ask questions and interact face-to-face with a financial institution has long been a core tenet of relationship banking.
Over time, financial institutions have added contact centers (formerly called call centers), so that customers may more easily interact with their financial institution. As these institutions grew, many contact center functions shifted to interactive voice response technology to route calls to the appropriate personnel and to reduce costs. As new technology became available, financial institutions deployed online interfaces for customer support, such as mobile applications5 and the ability to send and receive messages or through “live chat.” The introduction of chat in consumer finance enabled customers to have real-time, back-and-forth interactions over a chat platform with customer service agents.
Chatbots, which simulate human-like responses using computer programming, were introduced in large part to reduce the costs of human customer service agents. Recently, financial institutions have begun experimenting with generative machine learning and other underlying technologies such as neural networks and natural language processing to automatically create chat responses using text and voices.6 Below we describe the use of chatbots for customer support purposes.
Chatbots are computer programs that mimic elements of human conversation. Though they can vary substantially in terms of sophistication, automation, and features, they all ingest a user’s input and use programming to produce an output.7
Rule-based chatbots use either decision tree logic or a database of keywords to trigger preset, limited responses. These chatbots may present the user with a set menu of options to select from or navigate the user between options based on a set of keywords and generate replies using predetermined rules. The user is typically limited to predefined possible inputs.8 For example, a bank chatbot may list a set number of options for the consumer to choose from, such as checking their account balance or making a payment.
More complex chatbots use additional technologies to generate responses. Specifically, these chatbots may be designed to use machine learning or technology often marketed as “artificial intelligence” to simulate natural dialogue.9 Other complex chatbots use LLMs to analyze the patterns between words in large datasets and predict what text should follow in response to a person’s question.10
Domain-specific chatbots are intended to help users accomplish specific tasks and their functionality is limited to a topic area such as healthcare, education, or banking.11 Our analysis is focused on chatbots in the financial industry.
Chatbots are featured prominently across the financial industry, including on the websites, mobile applications, and social media accounts of banks, mortgage servicers, debt collectors, and other financial companies. In 2022, over 98 million users (approximately 37% of the U.S. population) engaged with a bank’s chatbot. This number is projected to grow to 110.9 million users by 2026.12
Notably, among the top 10 commercial banks in the country, all use chatbots of varying complexity to engage with customers. These chatbots sometimes have human names, use popup features to encourage engagement, and can even exchange direct messages on social media accounts. The adoption of chatbots by financial institutions to provide customer service may be explained by certain features, such as their 24/7 availability and immediate responses.13 Adoption may also be driven by cost savings for these institutions. For example, reports show that when compared to the use of human agent customer service models, chatbots deliver $8 billion per annum in cost savings, approximately $0.70 saved per customer interaction.14
Chatbots have been part of the financial marketplace for almost a decade and their popularity has grown steadily over the years.15 Today, much of the industry at least uses simple rule-based chatbots with either decision tree logic or databases of keywords or emojis that trigger preset, limited responses. Often, these chatbots are powered by proprietary third-party technology companies. For example, Kasisto provides conversational, financially focused chatbots for JPMorgan Chase and TD Bank,16 while Interactions supports Citibank.17
As adoption of chatbots has grown, some institutions, such as Capital One, have built their own chatbot technologies by training algorithms on real customer conversations and chat logs.18 Capital One launched Eno, an SMS, or text messaging, chatbot, in March 2017.19 Much like other banking chatbots, Capitol One claims that Eno can check account balances, review recent transactions and available credit, know when payments are due, pay a bill, activate a card, lock or replace a card, update personal information, find account numbers, and add authorized users.20 Similarly, Bank of America announced its own chatbot, Erica, in 2018. By October 2022, Erica had been used by nearly 32 million customers in over 1 billion interactions.21
More recently, the banking industry has begun to adopt advanced technology such as generative chatbots and others marketed as “artificial intelligence.” For example, in April 2023, Goldman Sachs’s Chief Information Officer suggested that the bank’s engineering staff start creating its own “ChatGS” or LLM chatbot to help the bank’s employees store knowledge and answer key customer questions on-demand.22
As the industry’s use of chatbot technology has advanced, it has done so in some instances by relying on the largest technology companies for datasets or platforms. For example, in September 2022, Truist announced its digital assistant built on top of Amazon Lex, an Amazon Web Services (AWS) product.23 Wells Fargo announced in October 2022 the launch of Fargo, a new chatbot virtual assistant using Alphabet’s Google Cloud platform to utilize LLMs to process customer’s input and provide tailored responses.24 Additionally, Morgan Stanley announced that it is testing a new chatbot, powered by Microsoft-backed OpenAI’s GPT 4 technologies to feed scripts to financial advisors.25
Chatbot functionality isn’t limited to just text exchanges. For example, U.S. Bank launched Smart Assistant through a mobile app in June 2020. Smart Assistant responds primarily to voice prompts and allows for text inquiries as a secondary alternative.26 Like other banking chatbots, Smart Assistant follows simple rule-based functionality designed to do everyday banking tasks, including finding users’ credit score, transferring money between accounts, disputing transactions, and facilitating payments to other users through Zelle.27
Many financial companies have also expanded their use of rule-based chatbots to those powered by social media platforms. Among the top 10 banks in the country, most enable direct messages and business chat on either Twitter, or Meta’s Facebook and Instagram. Facebook and Instagram’s Business Chat produces automated responses, among other features.28
In the same way that customer support shifted from in-person to remote call centers decades ago, sectors across the economy are now moving from human support to algorithmic support.
The CFPB collects complaints from the public on consumer financial products and services. With the growing use of chatbots by financial institutions, complaints from the public increasingly describe issues people experienced when interacting with chatbots. In some cases, these issues raise questions about compliance with existing law. Below we describe some of the challenges experienced by customers, as detailed in complaints submitted to the CFPB. We also examine issues across the industry posed by the use of chatbots.
The term artificial intelligence, or “AI,” is used to suggest that a customer is engaging with a system that is highly sophisticated and that the answers it provides are indeed intelligent and accurate. But “AI” and automated technologies come in a variety of forms. People may in fact be dealing with a very rudimentary system with little capacity to help beyond retrieving basic information and parroting it back or directing customers to policies or FAQs. In circumstances where “AI” fails to understand the person’s request or the message from the person contradicts the system’s programming, it is not suitable for chatbots to be the primary customer service vehicle.
People rely on financial institutions to acknowledge, investigate, and resolve disputes in an accurate and timely manner. Embedded in these customer expectations and legal requirements is that entities accurately identify when a customer is raising a concern or dispute. Chatbots and highly scripted representatives can introduce a level of inflexibility, whereby only specific words or syntax may trigger the recognition of a dispute and begin the process of dispute resolution. As a result, the ability for chatbots and scripts to recognize a dispute may be limited.
Even when chatbots can identify that a dispute is being made by the customer, there may be technical limitations to their ability to research and resolve that dispute. In some cases, customers are disputing transactions or information that is incorrect. Chatbots that are limited to simply regurgitating the same system information that the customer is attempting to dispute back to them are insufficient. Such parroting back does not meaningfully handle disputes or inquiries.
One person noted, for example:29
Moreover, rule-based chatbots tend to be one-way streets, as they are designed to accept or process account information from users and cannot respond to requests outside the scope of their data inputs. A chatbot with a limited syntax can feel like a command-line interface where customers need to know the correct phrase to retrieve the information they are seeking.30 This limitation can be particularly problematic for people with limited English proficiency, where the technology trained on a limited number of dialects makes it difficult for consumers with diverse dialect needs to use chatbots to receive help from their financial institution. Although billed as more convenient, going through the motions of a simulated conversation can be tedious and opaque compared to browsing information with clear and logical navigation. For example, a person recently complained:31
As detailed further below, chatbots sometimes get the answer wrong.32 When a person’s financial life is at risk, the consequences of being wrong can be grave. In instances where financial institutions are relying on chatbots to provide people with certain information that is legally required to be accurate, being wrong may violate those legal obligations.
Specifically, complex chatbots that use LLMs sometimes have trouble providing accurate and reliable information. For conversational, generative chatbots trained on LLMs, the underlying statistical methods are not well-positioned to distinguish between factually correct and incorrect data. As a result, these chatbots may rely on datasets that include instances of misinformation or disinformation that are then repeated in the content they generate.
Recent studies have suggested that chatbots can provide inaccurate information. For example, a comparative study of Microsoft-backed OpenAI’s ChatGPT, Meta’s BlenderBot, and Alphabet’s LaMDA showed that these chatbots often generate incorrect outputs that are undetectable by some users.33 Recent tests of Alphabet’s Bard chatbot found that it also generated fictional outputs.34 Additionally, a recent study demonstrated that Microsoft-backed OpenAI’s ChatGPT can exacerbate biases in addition to generating incorrect outputs.35 Educators have described chatbots as “not well-suited for tasks that require logic, specialized knowledge, or up-to-date information”36 making the use of conversational chatbots trained on LLMs in banking an unreliable source for responding to customers.
Despite the fact that chatbots can be wrong, users are requesting financial advice from generative chatbots.37 For example, one survey reported that people were using LLM chatbots to request recommendations and advice on credit cards, debit cards, checking and savings accounts, mortgage lenders, and personal loans.38
The use of chatbots in banking is intended to provide customers with immediate, timely help with their issues. When a chatbot is backed by unreliable technology, inaccurate data, or is little more than a gateway into the company’s public policies or FAQs, customers may be left without recourse. Providing reliable and accurate responses to people with regard to their financial lives is a critical function for financial institutions.
Automated responses by a chatbot may fail to resolve a customer’s issue and instead lead them in continuous loops of repetitive, unhelpful jargon or legalese without an offramp to a human customer service representative. These “doom loops” are often caused when a customer’s issue falls outside the chatbot’s limited capabilities, making it impossible for customers to engage in a robust, and perhaps necessary, conversation with their financial institution. As noted above, some chatbots rely on LLMs to generate responses to common customer inquiries. While some people may be able to get an answer to a specific inquiry using a chatbot, the ability to obtain a clear and reliable response can be complicated by the same technology.
Financial institutions may assert that automated systems are more effective or efficient, for example because a person may get an answer immediately. But automated responses can be highly scripted and simply direct customers to lengthy policy statements or FAQs, which may contain very little helpful information, if any. These systems may simply be offloading the burden of a human having to explain such policies or the responsibility of knowledgeable customer service agents to a cheaper automated process. As a result, several customers have filed complaints with the CFPB about getting stuck in “doom loops” with chatbots. For example:39
And another customer complained:40
Chatbots are programmed to resolve specific tasks or retrieve information and sometimes cannot meaningfully tailor services for a distressed customer. When customers are seeking assistance with financial matters, they may feel anxious, stressed, confused, or frustrated. Research has shown that when people experience anxiety their perspectives on risk and decisions shift.41 A chatbot’s limitations may leave the customer unable to access their basic financial information and increase their frustration. For example, one survey found that 80% of consumers who interacted with a chatbot left feeling more frustrated and 78% needed to connect with a human after the chatbot failed to serve their needs.42 For example, a consumer noted:43
Consumers may also find offramps to human customer service support further blocked through unreasonable waits. These obstacles not only leave consumers stuck and without help but seriously impact their ability to manage their finances. Consumers have complained to the CFPB about these issues:44
Moreover, the limited nature of these chatbots and lack of access to a human customer service representative may not be apparent to customers when they are initially signing up for a relationship with a specific financial institution. It’s not evident until customers experience an issue and must invest time and effort to resolve it, wasting their time, reducing consumer choice, and undercutting financial institutions that are trying to compete by investing in meaningful and effective customer support.
Deploying advanced technologies instead of humans may also be an intentional choice by entities seeking to grow revenue or minimize write offs. Indeed, advanced technologies may be less likely to waive fees, or to be open to negotiation on price.45
At a high level, the reliability of automated systems is partially dependent on how an entity has decided to prioritize features and allocate development resources. For example, to increase revenue it may be a higher priority to improve the ability of automated systems to promote relevant financial products to a specific customer based on their data. This investment may happen at the expense of features that do not lead to revenue growth. Thus, even if an automated system can handle certain customer functions well, it may be poor at handling others. To put it simply, investment decisions may lead to an underinvestment in the reliability of a chatbot. One person complained that:46
Additionally, chatbots can crash, like any other technology. If a broken chatbot is a customer’s only option to receive time sensitive help from their financial institution, it may leave people stranded with little to no customer service. Consumer complaints show us some of the technical limitations of chatbots, for example:47
Whether it’s a programming or software issue, a frustrated customer only sees a non-functional chatbot.
Due to their automated nature, chatbots are often used by bad actors to build fake, impersonation chatbots to conduct phishing attacks at scale. Conversational agents often present as “human-like,” possibly leading users to overestimate their capabilities and share more information than they would in a simple web-form. It is then quite dangerous when users share personal information with these impersonation chatbots. In recent years, there has been an increase in scams targeting users of common messenger platforms to get their personal or payment information to then trick them into paying false fees through money transfer apps.48
In addition to using impersonation chatbots to harm consumers, chatbots can also be programmed to phish for information from another chatbot. In these situations, chatbots may be programmed to follow certain privacy and security protocols but are not necessarily programmed to detect suspicious patterns of behavior or impersonation attempts and may not be able to recognize and respond to attempts by scammers to phish for personal information or to steal peoples’ identities.
For example, in May 2022 scammers impersonated DHL – a package delivery and express mail service company – through an email directing victims to a chatbot to request additional shipping costs to receive packages. The chatbot conversation seemed trustworthy because it included a captcha form, email, and password prompts, and even a photo of a damaged package.49
Financial institutions have an obligation to keep personally identifiable information safe, regardless of the technology used.50 Security researchers have highlighted a variety of potential vulnerabilities in chatbots, from entities using insecure and outdated web transfer protocols to desperate and frustrated consumers entering personal information into chat platforms because they need help.51
For example, to validate themselves as the owner of a specific account, customers are typically required to provide personal information. When customers provide personal and financial information to a company, they expect it will be handled with care and kept confidential. Therefore, when customers are entering personal information into chat logs, those logs should be considered sensitive consumer information and kept secure from a breach or intrusion. Chat logs introduce another venue for privacy attacks, making it more difficult to fully protect the privacy and security of consumers’ personal and financial information. In 2018, Ticketmaster UK employed Inbenta Technologies for various services, including a “conversational AI” on its payments page. Hackers targeted Inbenta servers, inserting malicious code that recorded information inputted into the chatbot to process payments by platform users, resulting in a cyberattack that affected 9.4 million data subjects, including 60,000 individual payment card details.52
Additionally, LLM-trained chatbots rely on training datasets that contain information about people that may have been illegally obtained.53 Breaches of privacy may occur when training data includes personal information that is then directly disclosed by the model through no fault of the affected individual.54 Some of these risks appear to be recognized by financial institutions, at least as it covers their internal information, as several large banks have restricted use of Microsoft-backed OpenAI’s ChatGPT by their employees.55
The scope of security testing needed for AI systems like chatbots is extensive and requires both rigorous testing and thorough auditing of any third-party service providers involved in operations. There are simply too many vulnerabilities for these systems to be entrusted with sensitive customer data without appropriate guardrails.
The consumer complaints that the CFPB has received about chatbots raise concerns about whether the use of chatbots hinders institutions’ ability to protect the security of consumers’ data.56
As financial institutions continue to invest in technologies such as chatbots to handle customer support while simultaneously reducing costs, they should consider the limitations of the technology such as those detailed in this report. Using chatbot technology as the primary mode of interacting with people can pose several risks for individual financial institutions including the following:
Congress passed federal consumer financial laws that place a variety of relevant obligations on financial institutions. These obligations help ensure that financial institutions deal fairly with customers by, amongst other things, providing them with straight answers.
Financial institutions run the risk that when chatbots ingest customer communications and provide responses, the information chatbots provide may not be accurate, the technology may fail to recognize that a consumer is invoking their federal rights, or it may fail to protect their privacy and data.
When consumers need help from their financial institution, the circumstances could be dire and urgent. If they get stuck in loops of repetitive, unhelpful jargon, unable to trigger the right rules to get the response they need, and they don’t have access to a human customer service representative, their confidence and trust in their financial institution will diminish.
Given the structure of the markets for many consumer financial products and services, people may have limited bargaining power to push for better service when a provider is selected for them. For example, there is little to no consumer choice in the case of selecting a mortgage servicer or credit reporting company. Moreover, even in markets where consumers have more choice, financial institutions may not vigorously compete on certain features, like customer service, as customers are only exposed to those features after they have selected the provider and are, therefore, somewhat locked into them. In such contexts, the opportunity for substantial cost savings might strongly incentivize institutions to route customer support through chatbots or other automated systems even if that diminishes the customer experience to some extent. Importantly, in such markets where competition is lacking or weakened, the extent of cost savings being passed onto consumers in the form of better products and services is diminished.
Financial institutions may go further and reduce or eliminate access to customized human support. However, this reduction likely comes at the expense of service quality and trust. This tradeoff is especially true for customer segments where chatbot interactions have higher rates of failed resolution, such as groups with limited technical availability or limited English proficiency.
When chatbots fail in the markets for consumer financial products and services, they not only break customer trust, but they also have the potential to cause widespread harm. The stakes for being wrong when a person’s financial stability is at risk are high. Being able to recognize and handle disputes from customers is an essential function; dispute handling is sometimes the only meaningful way to promptly correct an error before it spirals to worse outcomes. Providing inaccurate information regarding a consumer financial product or service, for example, could be catastrophic. It could lead to the assessment of inappropriate fees, which in turn could lead to worse outcomes such as default, resulting in the customer selecting an inferior option or consumer financial product, or other harms.
Failing to recognize or resolve a dispute, therefore, can be disastrous for a person. It may erode their trust in the institution and deter them from seeking help with issues in the future, cause frustration and waste time, and leave resolvable issues unsolved, leading to worsening negative outcomes.
The deployment of deficient chatbots by financial institutions risks upsetting their customers and causing them substantial harm, for which they may be held responsible.
This report highlights some of the challenges associated with the deployment of chatbots in consumer financial services. As sectors across the economy continue to integrate “artificial intelligence” solutions into customer service operations, there will likely be a number of strong financial incentives to substitute away from support offered in-person, over the phone, and through live chat.
Deficient chatbots that prevent access to live, human support can lead to law violations, diminished service, and other harms. The shift away from relationship banking and toward algorithmic banking will have a number of long-term implications that the CFPB will continue to monitor closely.
The CFPB is actively monitoring the market, and expects institutions using chatbots to do so in a manner consistent with the customer and legal obligations. The CFPB also encourages people who are experiencing issues getting answers to their questions due to a lack of human interaction, to submit a consumer complaint with the CFPB.
Consumers can submit complaints about financial products and services by visiting the CFPB’s website or by calling (855) 411-CFPB (2372).
Employees of companies who believe their company has violated federal consumer financial laws are encouraged to send information about what they know to
The CFPB is monitoring the use of tech often marketed as “Artificial Intelligence” to ensure it does not violate the rights of consumers.