Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Cybersecurity and the Internet of Things: Time for Biometrics?

By David Orme, SVP of IDEX Biometrics

The Internet of Things (IoT) is growing at a rapid pace, with connected devices and white goods entering our domestic and working environments faster than ever before.

Now, thanks to the advent of Wi-Fi, what we once deemed to be white goods are increasingly becoming connected and ‘smart’. It’s now possible to order a pizza, replenish the fridge and download a film to watch, all within ten minutes and without leaving the comfort of your armchair using IoT technology – what bliss!

IoT is, undoubtedly, making life much more straightforward. Gone is the need to trawl shops, to battle for that last space in the supermarket car park or struggle through the high street with bags full of shopping. IoT lets us delegate important every day, but mundane, tasks to connected goods, leaving us free to focus on the more complex and fun things in life. If your fridge can order the milk for you automatically (and if it doesn’t already, chances are you will in due course own a fridge that can), that’s one less thing to think about on the way home from work in a busy modern life.

Yet like most good news, IoT comes with a few caveats. Chief among these is the issue of cybersecurity.

Who’s charging to your account?

For a connected device to take actions on your behalf, be that a payment when your intelligent fridge re-orders the milk, or a smart TV granting or refusing permission for a child to download or view particular media, there has to be a process of authentication. In other words, the device or provider has to be sure that the right person is making the request, just as they do when you use a payment card conventionally. Your connected fridge has to be sure that it’s you who just ordered champagne and caviar, and asked for the charge to be placed on your account/card, rather than it being your teenager, or the cleaner, or someone who’s hacked into your fridge and made fraudulent transactions. Let’s also not forget that your manufacturer or service provider has to make sure that it is a real fridge and that it belongs to you, so that it knows it is talking to the right appliance.  After all, manufacturers need to be able to authenticate that it is the right fridge receiving requests from the right person, as well as authenticating the payment.

As a society we are used to authenticating our transactions, it happens daily. Usually the process involves a PIN or a password — when we use our card in store or check our bank balance, for instance. The problem is, we know that these methods of authentication are no longer fit for purpose. For example, it may be  easy for criminals to guess or uncover a PIN correctly, while passwords are also often compromised .

Indeed, the constantly-repeated advice that passwords must be unique, complex, but never recorded, provides a perfect example of why this authentication method has had its day. If forecasts are correct, there will be more than 20 billion devices connected to the IoT by 2020 and a good proportion will be directly connected to payments.  Providing cyber criminals with up to 20 billion more opportunities, particularly if those devices rely on outdated authentication protocols.

The answer’s at your fingertips

To secure the things that we treasure, a higher level of authentication is required, one that is entirely personal to us and impossible to replicate. Biometrics are the answer for the burgeoning IoT. Manufacturers of smart goods must look to include fingerprint sensors into connected devices themselves, so that authentication can take place on site, without information being sent into cyberspace. Locally stored biometric data for authentication is virtually impossible for criminals to hack or intercept, and impossible for anybody to replicate in person. The only person who can authenticate an action, permission or transaction, where biometrics are involved is the person whose fingerprint is held as a record on the device.

Biometric authentication will end the concerns people currently have about the implications of devices being lost or stolen, and even sold on. Using biometrics to authenticate gives users a truly personalised and secure IoT experience.

After all, if the time comes for somebody to order several magnums of champagne and kilos of caviar from a smart fridge in your home, don’t you want to be absolutely sure that person is you?