Howard Berg, Senior VP, UK & Ireland at Gemalto
2016 will go down in history as the year that the Internet of Things (IoT) hit the mainstream, with our daily personal and work lives aided and enhanced by an increasing number of connected digital devices such as wearables, smartphones, cars, appliances and computing devices – all of which can communicate 24×7 with each other as well as with external entities.
Gartner predicts 25 billion such connected devices worldwide by 2020, which would cause a fundamental shift in our economy, society and culture. However, where IoT could have a bigger impact than any earlier digital revolution (such as the introduction of the web or mobile) is in business, banking and financial services.
Fuelled by the availability of an unprecedented level of data, these industries can generate data-driven customer insight, correlate information and act on it, in a way not possible before. It’s a new level of customer intimacy which has the power to bring enormous new benefits to both institutions and consumers across personal, business and industrial banking.
Protecting customer security in the IoT era
Demands from today’s connected customers are fuelling IoT innovation in business, banking and financial services. The use of IoT-enabled technology allows banks to provide a far more rewarding and convenient customer experience, which is the driving force behind the latest developments in always-on access and new payment technologies.
However, alongside such developments and improvements in customer service, there are simultaneous concerns that the immense amount of data associated with IoT will raise issues around privacy, identity verification and authentication and security, particularly around data management and data security.
Many users are already using technologies such as Apple Pay via an iPhone or Apple Watch, while other players such as Google, Samsung and various OEMs are pretty active in deploying proximity and secure online payment strategies and embedding payment functionalities in wearables. So far adoption has been patchy, but the foundations have already been put in place for this to grow with much improved diverse security methods baked into these new technologies and devices.
Apple Pay, for example, uses tokenization, which replaces the user’s credit card number with a special number for making payments. This is not a completely new concept, but Apple’s implementation of tokenization is leading the way in terms of how smart and wearable technologies can bring additional security to digital payment processes – minimising the exposure of any sensitive personal data and credentials to accidental unauthorised access. Banks and retailers using real time geo-location technologies to identify where and when they might be able to offer incentives to their customers should also be considered. Each development now requires specific security and user authentication to ensure customers are happy with their information being used in this way.
A secure future for banking in the IoT
Biometric data – from fingerprints, finger vein and iris scans, voice-recognition and facial-recognition software, to name but a few – is offering banks new ways to authenticate customers.
Handing over this type of data requires a level of trust from users. Without this, IoT won’t reach its full potential and users won’t feel comfortable connecting devices with bank accounts.
In addition to our personal and financial data, banks will increasingly collect and store a huge amount of information on the daily habits and movements of their customers. Which makes it increasingly vital for the bank to protect the location-based data it receives from your smartphone, wearable or connected device by incorporating the latest data security technology at every step in the chain and node in the network.
Whether that data is ‘resting’ on a device or moving around nodes in an IoT ecosystem (such as, between your bank and your connected object) it always needs to be fully secured. Encrypting all sensitive data in transit around these new IoT networks, together with securely managing encryption keys and having a strong authentication process in place becomes absolutely vital.
So how can banks ensure that security isn’t a barrier to IoT-related innovations?
In order to grow and retain trust amongst their customer base, it is essential that any IoT-driven banking ecosystem is secured at all levels, from the device and its connections in the network through to any financial data held by banks in the cloud.
If managed correctly, IoT has the potential to become a key differentiator for financial services organisations. They can provide intuitive services to customers, across the devices and locations that best suit. Providing they are able to step up to the security challenge and build customer trust, while implementing improvements in overall network infrastructure, big data, analytics, cloud infrastructure and accessibility.