How we made a bot for the bank "Opening"
Recently, Otkritie Bank and I launched a banking bot with payment functions for individuals in Facebook Messenger . Now the customers of Otkrytiya can pay for mobile communication, using the bot you can find the nearest ATM or bank office, find out the exchange rate, find out how to order a card, call the bank and sign up for payment from the Deposit Insurance Agency. In this article we will talk about the work on the project.
Getting started, we thought about situations where it would be more convenient for the user to interact with the bot, and not with the main mobile application. The list of benefits of the bot turned out to be this:
But naturally, in comparison with the application, the bot has a number of serious limitations:
After analyzing the situations of bot interaction with the user, we have compiled a list of potential functionality:
Informational functionality
Operations
Other
NLP (Natural language processing) for processing requests
')
Of course, all this could not fit in the first release, and in the end we stopped at the next MVP:
Informational functionality
Operations + balance
Other
However, we immediately decided that the payment functions would be implemented in a “universal” manner in order to subsequently connect other counterparties.
Alexander Nesterov, Discovery Digital, product owner
“Of course, the bot will not replace our support service, mobile application or Internet bank, but some simple questions and regular tasks are easier and more convenient to solve in the usual interface of the messenger. Therefore, a bot is another additional channel for servicing our customers, which makes communication with the bank even more convenient and affordable. ”
Initially, we planned to make a bot with NLP, but eventually abandoned this idea. The linguistic processing platforms we experimented with - WIT.AI (owned by Facebook) and API.AI (a Russian startup in Silicon Valley, which Google bought just a month ago) - are coping with the Russian language frankly bad. Live users ask the bot are not the questions that he expects to hear, so in more than 50% of cases the system does not give relevant answers, and users are frustrated.
Artur Sakharov, Technical Director, Redmadrobot
“While the definition of synonyms and machine learning are almost not working in these systems. There are no problems with those specific phrases for which the engine has been trained. But a step to the side - and your bot does not understand at all what it wants. And API.AI is insanely expensive for the functionality that is there, and we did not plan to develop our own NLP system for the first launch. Despite the fact that in the end we still made a choice in favor of a “push-button” bot, two fully functioning prototypes with our backend and linguistic processing were filed in both Telegram and Facebook Messenger. ”
These are the prototypes:
Telegram has a number of banking bots, but all of them are limited in capabilities due to the security features of this messenger. When choosing a platform to launch the bank of Otkritie Bank, we evaluated both the security and the popularity of instant messengers. Among messengers that support the creation of full bots, the first place in popularity in Russia is occupied by Facebook Messenger. According to TNS Russia , it is five times more popular than Telegram.
In Messenger, there are many important elements for security that are missing in Telegram: administrator access control, two-factor authentication of accounts, user authorization with sending confirmation to our server via the second channel. At the time of the creation of the system, there was not even a reliable way to determine who sends messages to your backend: telegrams or an attacker's http-client. Unlike Telegram, the security of accounts, administration and messages for bots were immediately incorporated into the Facebook platform. In Telegram there are a number of bank bots, but none of them have authorization and payments. Everywhere it is only informational functionality such as ATMs and shares: AlfaBank, Raiffeisen, Sberbank, Promsvyazbank, AK Bars, Rosbank. Rocketbank (@rocketbank_bot) had its own payment bot, but it was rather quickly closed, and the Tinkoff bot (@MoneyTalkBot) no longer works and sends the user to a separate application.
On Facebook, there are several ways to securely authorize. We used this: when a user wants to log in, the bot asks him to enter a code that must be obtained through a mobile application.
It is appropriate to note that for authorization in a bot you need a bank application, and this may seem strange: usually, authorization is done via the Internet bank. However, this is strange only for those banks where the web version is used by many more clients than by the application. Now the audience of messengers lives mainly in the mobile, so the authorization via the mobile application is logical.
The user can request through the bot information about their accounts. But there is also a mobile application that accesses the Otkritie Bank API for the same data. In order to do without improvements on the “Discovery” side, we simply used the ready-made API and sent there a request from our backend - the same as it would have been from a mobile application.
In fact, the system is the same as with bills: when a user wants to put money on the phone, a request for an API specification for a mobile application arrives behind the scenes in “Opening”. The bot's backend itself transforms the software interface of the supplier payment schemes into an interactive user interface.
The CRM-system “Discovery” stores information on payments from the Deposit Insurance Agency - when and in which banks there are free slots for recording for payment. When a client says through Facebook that he needs to write, the backend could theoretically get into the bank’s network, but for security reasons, the system is implemented in a different way.
The task is solved using the queue in which we put the requests. For example, “I need to get free time to write for such an office”. The internal system itself checks the queue every few seconds and takes the data, preliminarily validating and checking them, processes requests and puts the data back into the queue from which our back already takes them. Thus, we distribute these systems and can do without direct connections to local databases.
I must say, the service is popular among users - in the first days of payments, several hundred people make a record.
At the moment, the system works like this. In the future, we plan to expand the capabilities of the bot - to improve the authorization mechanism and introduce payment by templates.
What is the bot under the hood?
Getting started, we thought about situations where it would be more convenient for the user to interact with the bot, and not with the main mobile application. The list of benefits of the bot turned out to be this:
- Available to all customers and non-bank customers
- No need to install anything
- Easy to log in
- Can be embedded on the website and in the self-service terminal
- Cross platform
But naturally, in comparison with the application, the bot has a number of serious limitations:
- Third-party environment
- Limited visual quality
- Non-realtime system and less responsiveness, for example, when choosing a financial product
- Unable to work with complex data
- Cannot see all available options.
After analyzing the situations of bot interaction with the user, we have compiled a list of potential functionality:
Informational functionality
- Exchange rates
- ATMs and offices
- Details and about the bank
Operations
- Authorization
- Templates
- Recharge phone
- Translations
- Autopayments
Other
- Card order
- DIA (these are payments to customers of other banks through the Deposit Insurance Agency)
- Push notifications about transactions and other events
- Switching to live operators
- Queuing in offices
- news
- Feedback
NLP (Natural language processing) for processing requests
')
Of course, all this could not fit in the first release, and in the end we stopped at the next MVP:
Informational functionality
- Exchange rates
- ATMs and offices
- Details and about the bank
Operations + balance
- Authorization
- Recharge phone
Other
- Card order
- DIA
However, we immediately decided that the payment functions would be implemented in a “universal” manner in order to subsequently connect other counterparties.
Alexander Nesterov, Discovery Digital, product owner“Of course, the bot will not replace our support service, mobile application or Internet bank, but some simple questions and regular tasks are easier and more convenient to solve in the usual interface of the messenger. Therefore, a bot is another additional channel for servicing our customers, which makes communication with the bank even more convenient and affordable. ”
Natural language processing vs. buttons
Initially, we planned to make a bot with NLP, but eventually abandoned this idea. The linguistic processing platforms we experimented with - WIT.AI (owned by Facebook) and API.AI (a Russian startup in Silicon Valley, which Google bought just a month ago) - are coping with the Russian language frankly bad. Live users ask the bot are not the questions that he expects to hear, so in more than 50% of cases the system does not give relevant answers, and users are frustrated.
Artur Sakharov, Technical Director, Redmadrobot“While the definition of synonyms and machine learning are almost not working in these systems. There are no problems with those specific phrases for which the engine has been trained. But a step to the side - and your bot does not understand at all what it wants. And API.AI is insanely expensive for the functionality that is there, and we did not plan to develop our own NLP system for the first launch. Despite the fact that in the end we still made a choice in favor of a “push-button” bot, two fully functioning prototypes with our backend and linguistic processing were filed in both Telegram and Facebook Messenger. ”
These are the prototypes:
Why Facebook Messenger
Telegram has a number of banking bots, but all of them are limited in capabilities due to the security features of this messenger. When choosing a platform to launch the bank of Otkritie Bank, we evaluated both the security and the popularity of instant messengers. Among messengers that support the creation of full bots, the first place in popularity in Russia is occupied by Facebook Messenger. According to TNS Russia , it is five times more popular than Telegram.
In Messenger, there are many important elements for security that are missing in Telegram: administrator access control, two-factor authentication of accounts, user authorization with sending confirmation to our server via the second channel. At the time of the creation of the system, there was not even a reliable way to determine who sends messages to your backend: telegrams or an attacker's http-client. Unlike Telegram, the security of accounts, administration and messages for bots were immediately incorporated into the Facebook platform. In Telegram there are a number of bank bots, but none of them have authorization and payments. Everywhere it is only informational functionality such as ATMs and shares: AlfaBank, Raiffeisen, Sberbank, Promsvyazbank, AK Bars, Rosbank. Rocketbank (@rocketbank_bot) had its own payment bot, but it was rather quickly closed, and the Tinkoff bot (@MoneyTalkBot) no longer works and sends the user to a separate application.
Authorization and integration with banking infrastructure
On Facebook, there are several ways to securely authorize. We used this: when a user wants to log in, the bot asks him to enter a code that must be obtained through a mobile application.
It is appropriate to note that for authorization in a bot you need a bank application, and this may seem strange: usually, authorization is done via the Internet bank. However, this is strange only for those banks where the web version is used by many more clients than by the application. Now the audience of messengers lives mainly in the mobile, so the authorization via the mobile application is logical.
Receiving invoice data
The user can request through the bot information about their accounts. But there is also a mobile application that accesses the Otkritie Bank API for the same data. In order to do without improvements on the “Discovery” side, we simply used the ready-made API and sent there a request from our backend - the same as it would have been from a mobile application.
Payment for services
In fact, the system is the same as with bills: when a user wants to put money on the phone, a request for an API specification for a mobile application arrives behind the scenes in “Opening”. The bot's backend itself transforms the software interface of the supplier payment schemes into an interactive user interface.
Record on payment from DIA
The CRM-system “Discovery” stores information on payments from the Deposit Insurance Agency - when and in which banks there are free slots for recording for payment. When a client says through Facebook that he needs to write, the backend could theoretically get into the bank’s network, but for security reasons, the system is implemented in a different way.
The task is solved using the queue in which we put the requests. For example, “I need to get free time to write for such an office”. The internal system itself checks the queue every few seconds and takes the data, preliminarily validating and checking them, processes requests and puts the data back into the queue from which our back already takes them. Thus, we distribute these systems and can do without direct connections to local databases.
I must say, the service is popular among users - in the first days of payments, several hundred people make a record.
What is the result
At the moment, the system works like this. In the future, we plan to expand the capabilities of the bot - to improve the authorization mechanism and introduce payment by templates.
Source: https://habr.com/ru/post/315968/
All Articles